Stack Overflow
Stack Overflow

Questions tagged [ca]

A Certification Authority(CA) is a trusted third party which asserts the identity of a remote website.

References

696 questions
5
votes
1 answer

How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?

I run across this topic once in a while, trying to remember how this was done then find all the incomplete answers again (with config files, oneliners,ignoring that we really want to use a custom CA to create a full certificate chain etc.). And many…
Patrick
  • 902
  • 1
  • 5
  • 18
5
votes
1 answer

In what circumstances would you set `unique_subject` to yes for an openssl ca?

By default unique_subject is set to yes, which prevents you from signing multiple certificates with the same distinguished name. Attempting to sign such a certificate will result in the following error message. failed to update database TXT_DB error…
MiniMe
  • 181
  • 2
  • 8
5
votes
1 answer

Can't install R package in docker image

Since couple of days I've been encountering problems with installing R packages during docker image build: > install.packages("devtools", repos = "https://mran.microsoft.com/snapshot/2018-10-25") Installing package into…
Taz
  • 5,755
  • 6
  • 26
  • 63
5
votes
2 answers

Docker : Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority

I am getting an error when I am trying to pull docker image. We have set up the proxy, and in our organization we have explicit proxy, so to access external server we cannot do without setting it. [root@DX2821 city]# docker pull hellow-world Using…
Sadique Manzar
  • 61
  • 1
  • 2
  • 5
5
votes
1 answer

CAs,Enrollment,Registration for HyperLedger Fabric

I was studying Hyperledger Fabric and running sample codes . I am still trying to get the correct picture of how things work ,especially in the user/admin registration and enrollment using certificates and crypt materials. I want to know how the…
Skadoosh
  • 699
  • 2
  • 11
  • 27
5
votes
0 answers

Android app don't trust SSL certifcate but Chrome do

We have an internal CA server. We have an Android app that should communicate via https with our webserver, and have generated the required certificates. When we connect to the server through our app, it fails with the current stacktrace: Caused…
imisssnake
  • 51
  • 3
5
votes
1 answer

What's the Leaf Certificate and Sub Certificate used for and how to use them?

I have a problem when do business with AppleWallet. They offer me three certificates: Leaf Certificate in String format; Sub Certificate in String format; Apple Root CA - G3 Cert file, ends with ".cer" My problem: how do I verify and encode the…
Victor
  • 98
  • 1
  • 1
  • 9
5
votes
1 answer

How to revoke signed certificate in Kubernetes cluster?

kube-apiserver does not seem to provide an option to use a certification revocation list (CRL). Is there a way to revoke a client certificate if it's lost or not used anymore?
Yang
  • 759
  • 2
  • 9
  • 30
5
votes
4 answers

Mosquitto certificate SSL23_GET_CLIENT_HELLO:unknown protocol

I'm been desperately trying to get my MQTT clients to connect to a MQTT broker which is set up with a certificate from a CA. (Letsencrypt: https://pypi.python.org/pypi/letsencrypt/0.4.1) I'm using the same certificate for my https site, and that…
user5740843
  • 1,540
  • 5
  • 22
  • 42
5
votes
1 answer

Server with ECDHE key and cert not working

I use the below server.c source, i generated sinful-host-cert.pem sinful-host.key as described here: Elliptic Curve CA Guide When running the program get the following errors: 140722397161136:error:10071065:elliptic curve…
CutiePie666
  • 69
  • 2
  • 5
5
votes
1 answer

Personal CA signed certificate for IIS giving "This Certificate is not valid for the selected purpose" error

I created a CA using OpenSSL and used it to sign a certificate for my localhost, and also a secondary DNS entry on my localhost, preview-localhost. I have installed the CA cert into the Trusted Root Certificate on my machine, and added my localhost…
Boomtown
  • 105
  • 1
  • 11
5
votes
0 answers

How to check if ssl certificate (X509 V1) is CA certificate that does not have certificate extension field?

I have a X509Certificate (version 1) instance in Java and I need to identify if it is a CA certificate or user certificate. I tried this How to check if X509Certificate is CA certificate?, but with the solutions provided there i could differentiate…
technaren
  • 120
  • 1
  • 12
5
votes
2 answers

Questions regarding HTTP Public-Key-Pinning (HPKP)

1. Question: Does HTTP Public-Key-Pinning (HPKP) really improve security? A MITM (e.g. NSA) could intercept the first request to a server and respond with a "faked" certificate, signed by a compromised CA. So HPKP only improves security if the…
Florian Schneider
  • 320
  • 2
  • 15
5
votes
1 answer

Node.js not allowing CA cert from an api?

I keep getting UNABLE_TO_VERIFY_LEAF_SIGNATURE When I set rejectUnauthorized: false, it connects and makes the request. Then it sends back the correct data. I am using Node's https request function. My CA is set up like so in side my options…
Josh Birdwell
  • 745
  • 4
  • 21
4
votes
2 answers

How can I update my root certificates in an Ubuntu 14.04 Dockerfile?

Recently, my legacy Docker image stopped building because certain files refuse to download while building the image even though they download fine on my host system (and worked fine in the build before). This Dockerfile reproduces the problem: FROM…
Ben
  • 1,272
  • 13
  • 28
1 2 3
46 47