Questions tagged [ssl-certificate]
SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.
3,255
questions
0
votes
1
answer
33
views
How to convert a CER file to PFX using certutil
I have an SSL certificate from GoDaddy in the following formats
CRT
PEM
P7B
I also downloaded the CSR and private key as text files.
However I need to convert these to PFX format in order to install ...
- 101
0
votes
1
answer
33
views
Attributes Windows CA templates
Windows Enterprise CA.
I have been requested that in the certificates appear the following attributes: OU, C (country) and O (organization).
I have seen that in the certificate template in the "...
- 29
0
votes
1
answer
39
views
SSL Wildcard Certification that covers more than one layer of subdomains?
I'm working on a site that provides bespoke websites to franchisees of a large organization. Each franchisee is managed as a separate sub-domain and everything is handled by one set of servers, which ...
0
votes
1
answer
20
views
ssl_issuer_unknown when connecting only to a certain <VirtualHost> with apache
I've this problem with my site configuration and ssl certificates. I've got two websites on the same machine running two different domains. Their respective ssl certificate is issued by Cloudflare and ...
2
votes
7
answers
6k
views
HTTPS compatibility issue with Chrome 116/117 ERR_SSL_PROTOCOL_ERROR
I'm having error ERR_SSL_PROTOCOL_ERROR since 2 day on my website for some reason.
Browsers tested
Windows Chrome 117.0.5938.132 : ERR_SSL_PROTOCOL_ERROR
Android Chrome 117.0.5938.61 : ...
- 192
0
votes
1
answer
91
views
Warning with sending emails from Thunderbird to Postfix using its own CA
I'm asking for help because I simply don't have the strength anymore, I've spent a lot of time and I'm still left with an unsolved puzzle.
My problem: I keep getting "Wrong Site" warnings ...
- 11
0
votes
4
answers
203
views
Can Standalone (online) CA + Subordinate Enterprise CA configuration issue valid intranet SSL certs?
The question is purely about whether this config is capable of issuing valid intranet SSL certs (i.e. SSL certs for internally facing sites), and not any other implications or concerns.
(The focus of ...
- 305
0
votes
2
answers
34
views
SSL When using (A) Record to point domain
Im not even sure this can be done but I will ask. Its been many years since i've done this and I have forgotten most things.
(1) Domain is at my hosting provider
(2) We have a platform (website) on ...
0
votes
0
answers
36
views
IIS Manager show no certificate, but can see in registry and browsers can use it
Using Windows Server 2016. I'm inspecting the bindings of some existing websites using IIS Manager. On the "Edit Site Binding" dialog for an https binding, the SSL Certificate dropdown ...
- 103
0
votes
0
answers
17
views
How to point wildcard subdomain to matching ec2 instance with tag name?
I have a use case where I need to create/delete ec2 instances (~30 instances). To access those instances I need to set up a subdomain but creating 30 subdomains and pointing each to their respective ...
-1
votes
1
answer
47
views
SSL Certificate Renewal Broke Payment Gateway - Modulus Mismatch
I have encountered a problem with my website's SSL certificate renewal, and it seems to have affected my payment gateway. Here's a brief overview of the issue:
Background:
I have a payment gateway ...
- 3
0
votes
1
answer
77
views
Identify SSL certificate type for apache configuration
I have SSL certificate files:
Root2023.crt
t1.crt
t1.pem
t1.pk8
on my apache How can I determine which of these files should be used for SSLCertificateFile, SSLCertificateKeyFile, and ...
- 139
0
votes
1
answer
175
views
"Signing in with a smart card isn't supported for your account"
We ran into an issue today where suddenly none of our users could log into their workstations using Smart Cards. The error occurred with a fresh logon or after a 'switch user' but not when logging on ...
- 826
0
votes
2
answers
63
views
curl with --cacert fails on almalinux8 but works on ubuntu
We try this:
curl -v --cacert cert.pem https://example.com/path.asmx
on ubuntu its working, we're getting:
successfully set certificate verify locations:
* CAfile: cert.pem
CApath: /etc/ssl/...
- 3
0
votes
0
answers
32
views
Is it necessary to recreate a Google-managed SSL certificate when switching the SSL resolution to a different provider?
I attempted to migrate a website from GCP to AWS Lightsail and then back again in order to gain a better understanding of the process. However, I discovered that the process was not as straightforward ...
google-cloud-platform
0
votes
2
answers
85
views
SSL Certificate without Private Key
I have SSL Certificate with below files and dont have privatekey as CSR generate with this key:
root.crt, server.crt, intermediate.crt
I want to use this certificate on one of my vm of Ubuntu 23.04 ...
0
votes
0
answers
63
views
Migrating a CA to a new server - CA services won't start
We have an Enterprise Root CA running on Server 2012 R2. I built a replacement server running Server 2019 and followed the steps in the below article, I backed up the CA and relevant registry keys, ...
- 1
-3
votes
2
answers
88
views
Creating/Configuring a DNS server with runtime configuration [closed]
I have a big Windows video/audio application that may be controlled remotely over a web server. For that, I can listen to a local port in a, say, 192.168.1.10 system to port 8000, forward the port via ...
4
votes
2
answers
819
views
Is it possible to get a browser to present a client side certificate even if the client cert isn't signed by the same CA as the server cert?
I'm in a strange scenario where I have a server with NodeJS backend and ReactJS frontend that does record keeping where the customer wants to use user certificates to ID who visits this internal site. ...
- 1,068
0
votes
1
answer
115
views
Disable TLSv1.0 and TLSv1.1 when generating certificates using openssl 1.1.1
I am struggling to implement a feature for my certificates. I am generating my certificates with OPENSSL 1.1.1.
I want to allow only TLSv1.2 and TLSv1.3. The other protocols should not be possible (...
0
votes
0
answers
40
views
Can't create a custom CSR using mmc and certificates snap-in on Windows 10
I am trying to generate a custom CSR using the certificates snap-in for mmc on Windows 10. The certificate I want to create is a client authentication cert using ECC. However, I have run into a ...
- 31
0
votes
0
answers
58
views
Is it possible to create a self-signed certificate in Active Directory on the network and have it recognized by Citrix VDIs without importing the cert
I have written some (intranet) web applications for a small customer of mine (< 50 employees) who have now incorporated a cloud Citrix server into their network for remote access. They still have ...
- 203
3
votes
3
answers
1k
views
Are self-signed SSL certificates still allowed in 2023 for an intranet server running IIS?
I'd just like to confirm that self-signed certificates are still allowed in 2023-2034 for an IIS server that is not exposed to the internet and serves up only intranet apps. I'm asking because I'm ...
- 203
0
votes
0
answers
29
views
Using if with ssl_certificate in nginx for loading SSL certificates
I have two domains: foo.com and bar.com which are served by nginx. To avoid duplicating code, I want to put this
[some code]
if ($host = "foo.com") {
ssl_certificate /...
- 101
0
votes
1
answer
256
views
Can't get .pfx file to work on Linux
I am writing a C# program that has to call an API endpoint that requires authentication via certificates.
I have got a .pfx file, which I can import in Windows and everything works fine, however the ...
- 3
0
votes
1
answer
157
views
Clients of a site are getting SSL_ERROR_HANDSHAKE_FAILURE_ALERT (Firefox) and ERR_BAD_SSL_CLIENT_AUTH_CERT (Chrome)
I'm running a site in AlmaLinux 8.8 (Centos) and Apache 2.4.56.
The site has a self-signed certificate.
When I access the site, I get the usual warning due to the self-signed certificate. After ...
- 101
0
votes
0
answers
106
views
How to manage certificate renewal using win-acme if the folder doesn't exist anymore?
win-acme auto renews SSL certificate by invoking task scheduler task which executes C:\Users\admin\Downloads\win-acme.v2.2.5.1541.x64.pluggable\wacs.exe
Someone deleted that folder from the downloads ...
- 187
0
votes
1
answer
133
views
Connection to Mysql database failing from different clients
I work with an ETL tool called airbyte to move data from various data sources to our main data warehouse. I am also asking this question in the airbyte slack channel, but would like to ask it here as ...
0
votes
2
answers
117
views
802.1x with GoDaddy Certificates EAP-TTLS
I have a little question. I am not sure but does clients need to resolve AAA Server via DNS and need to reach AAA Server if I use EAP-TTLS with GoDaddy x509 Certificates to verify the certificate on e....
0
votes
0
answers
47
views
Trouble loading wildcard SSL that uses the hostname
I have a wildcard SSL cert from Let's Encrypt, the installation has worked and when accessing a sub-domain the cert loads properly. However the virtual site (Apache) that has no subdomain produces an ...
- 247
0
votes
0
answers
227
views
.p12 certificate not working on mac (Ventura 13.4.1) but works on windows
I generated ssl certificates for (Nifi Registry https://nifi.apache.org/registry.html) I installed them in Windows.. it worked and i get a prompt to select certificate when i open the website https://
...
- 103
0
votes
0
answers
45
views
How to setup https website when I have own CA
I have very interesting question for me... I'm runnig webserver on linux machine (debian 10) with apache. In the same domain I have Windows Server on which are my DNS server and Certificate authority.
...
- 13
0
votes
1
answer
53
views
SSL certificate not working for www subdomain on multiple domain setup
I have a LAMP server running CentOS Stream 8 and Apache 2.4.37. On this I have three domains (let's call them example.com, example.net & example.org). I have SSL certificates for each domain + the ...
- 309
0
votes
0
answers
141
views
NodeJS https server returns http 0 and SSL error:14094412 ERR_SSL_SSLV3_ALERT_BAD_CERTIFICATE
I have a nodejs https server running on my Raspberry Pi. It responses to ajax requests. When open the webpage with a desktop/laptop or an iPhone (Safari), the ajax call returns the proper result with ...
- 101
8
votes
3
answers
1k
views
What minimum versions of operating systems and browsers are compatible with Google-managed SSL certificates?
Issuers of SSL certificates usually provide documentation of what minimum versions of OSes and browsers are supported by their solutions.
Examples:
Cloudflare
Let's Encrypt
However, I was not able ...
0
votes
2
answers
337
views
How to Renew an SSL Certificate from a PFX file?
I have a .PFX file, and want to use it to update an existing SSL certificate in IIS.
I can use the Import command. This prompts me for my PFX file and password. That's exactly what I want except that ...
- 269
0
votes
0
answers
333
views
Setup proxy with local CA certificate on Ubuntu 20.04
In our company, we have a proxy server with a self-signed CA certificate implementing MITM inspection. No internet connection is possible without this proxy server. My certificate installation process ...
- 121
0
votes
0
answers
29
views
Nginx reverse proxy: no certificate on proxy, use the backend one
I have a small machine that serves as an entry point to my network, let's call it A. I also have two servers on my private network which are not accessible from outside, let's call them B1 and B2.
We ...
- 101
0
votes
1
answer
99
views
How can we stop a repeated request for the same certificate in ADCS?
If I submit the same CSR file twice to my Active Directory Certificate Services (online via the certsrv web interface), I am issued two different certificates (judging by the serial numbers).
Is there ...
- 13
0
votes
2
answers
269
views
Is letsencrypt registration email address stored in certificate
I'm using letsencrypt in two ways: a docker stack using certbot, and another using traefik (which performs certificate management automatically, using lego). In both cases there's a setting for the ...
- 898
0
votes
0
answers
194
views
How to fix cURL error 35 when consulting endpoints in production server?
I have a Laravel project consulting various endpoints via get method, and sometimes in random moment return this error:
production.ERROR: GuzzleHttp\Exception\ConnectException: cURL error 35: OpenSSL ...
0
votes
1
answer
65
views
What are all the certificates mandatory to be provide while setting TLSVerifyClient option to demand
In my case, I had set TLSVerifyClient to demand. I couldn't be able to establish a connection While providing TLSCACertificateFile alone.
While setting the TLSVerifyClient option demand is it ...
- 11
0
votes
0
answers
56
views
SSL Certificate for host poiting to CNAME
Hi apologies if this has been asked before but i didn't find a clear cut example.
Lets assume the following scenario, I've a third party server, "sub.example.com" that has a CNAME pointing ...
1
vote
1
answer
135
views
IIS multiple sites with separate SSL certificate for each - they all use the same one
Using IIS 10, I have 3 websites with 3 different hostnames, but the same IP address and port, and each of them has their own SSL certificate.
In the bindings I can see that each has the correct ...
- 229
0
votes
0
answers
331
views
Can't connect to WebSocket server over wss:// (ws:// works), and no debug information
I have a website on example.com, and a WebSocket server on example-websocket-server.com.
Each have an SSL certificate so that I can access them from https://
I am using the websocket server as a ...
- 229
0
votes
0
answers
764
views
What could be the reason that `apt update` says certificate is NOT trusted whereas curl says `SSL certificate verify ok`
I am trying to add docker to my Debian 11 bullseye installation.
until now, I have ran -
apt clean
apt update
update-ca-certificates
apt-get install -y ca-certificates
apt reinstall ca-certificates
...
- 111
0
votes
1
answer
52
views
Export Server certificate To use in XAMPP for SSL
I had to upgrade to XAMPP 8.2.4 on our new OFFLINE web server when we replaced our OFFLINE web server. Both servers are Windows Server 2019. Our old OFFLINE web server was running 8.0.0. In 8.1.0 php ...
- 825
0
votes
0
answers
216
views
Nginx, reverse proxy and HTTPS
I have a problem setting up reverse proxy in nginx for HTTPS.
I have set up Tomcat HTTPS connector on 127.0.0.1:443. It works:
% openssl s_client -showcerts -connect 127.0.0.1:443
CONNECTED(00000005)
...
- 1,391
0
votes
0
answers
32
views
SSL certificate for subdomain, which is routed to public IP masked on firewall, which navigates to local server
I have a web application hosted on local server. Which we have opened for public use by masking this local IP to public IP provided by ISP. So now website is accessible with public IP.
We required to ...
- 1
2
votes
1
answer
281
views
Why does my pfsense gateway break SSL for some internal hosts?
I have a proxmox cluster with pfsense acting as a firewall and gateway for the cluster nodes and VMs. VMs have no problem, but the cluster nodes can't browse any websites using SSL, which of course ...
- 173