Questions tagged [ssl-certificate]
The ssl-certificate tag has no usage guidance.
162
questions with no upvoted or accepted answers
5
votes
1
answer
2k
views
SSL handshake fails for google.com only, in all browsers
I can't connect to google.com via HTTPS on any browser (Safari, Firefox or Chrome). All other sites (HTTPS or not) are fine. The error I get is ERR_CONNECTION_CLOSED in Chrome, Secure Connection ...
5
votes
1
answer
11k
views
How to configure GlassFish v3.1 to use SSL?
We are looking for simple step-by-step manuals how to configure GlassFish v3.1 to use SSL. We are running few legacy application under GlassFish and we hope there is no need to change them: so that ...
4
votes
0
answers
4k
views
How to renew CA certificate using easy-rsa
I need to renew ca certificate. I use easyrsa. I know there is command easyrsa renew foo
but it works only with regular certificates. I can't see any option like easyrsa renew-ca and easyrsa renew ca ...
4
votes
0
answers
4k
views
Establish https on nonstandard port
I'm trying to estamblish https on port 55434 (different than standard 443). My nginx configuration looks like this:
server {
server_name example.org;
listen 55434 ssl;
ssl ...
3
votes
0
answers
2k
views
SSL verification doesn't happen with curl cacert option
This is my understanding of curl --cacert option :
We can make curl perform SSL verification against a custom truststore by providing a PEM file path to this option. It is mostly used when we are ...
3
votes
1
answer
2k
views
macOS - Getting SSL certificate error on valid certificate when accessing via git
2 days ago we started to get an error in git when pulling updates from our repository via HTTPs:
"SSL certificate problem: certificate has expired"
Seems like a duplicate of the issue below, but ...
3
votes
1
answer
3k
views
Safari forces user to select client certificate even if it is optional
This question is loosely related to another one:
IIS7.5 SSL Question, Safari users get a prompt of certificate to select, but since it was asked more than a year ago I thought that there may be some ...
3
votes
0
answers
5k
views
setup vpnc to use vpnclient certificate for authentication
I am trying to access my company VPN using my Centos 5.5 laptop. I have the vpn client certificate issued by my company's IT dept. I am able to access the webmail using the same certificate which I ...
2
votes
0
answers
2k
views
Self-signed SSL Certificate for Nginx not working with Chrome
I've generated a Self-signed SSL Certificate and Authority for my localhost nginx dev environment and imported the Certificate Authority in both Firefox and Chrome.
- Firefox: works perfectly, the ...
2
votes
0
answers
130
views
Since installing an SSL certificate the featured images from my portfolio aren't displaying on my website homepage
I'm using Wordpress for my website with a Phlox theme and the Elementor and Phlox plug-ins. Since installing the SSL certificate the feature images are not displaying on my home page. The area it ...
2
votes
0
answers
6k
views
Vagrant: SSL verification error behind corporate proxy
My company uses a proxy.
I am using a Windows 10 notebook, 64 bit. Vagrant version 2.1.1.
When trying to install a Vagrant plugin, e.g.
vagrant plugin install vagrant-proxyconf
I see the following ...
2
votes
1
answer
6k
views
Tomcat SSL error after setting up certificate
After generating certificate and key pem file using openssl on ubuntu 16.04 I configured tomcat connector in server.xml file as given below but, when I start tomcat I get an error.
In the browser ...
2
votes
0
answers
1k
views
Browser prompts client certificates only from current user store ignoring local machine store
I've implemented an application, which installs X509 client certificates on the user's computer. They are supposed to be used to log in to the SSO system. They are installed both in the context of ...
2
votes
1
answer
5k
views
How to disable «Secure Connection Failed» for all visited sites?
UPD: Problem was reproduced for me in Windows 10 EN Enterprise LTSB 64-bit. I install Windows → I download browsers (more I do not download anything after installation) → I get same errors.
1. ...
2
votes
1
answer
4k
views
Is this setup of an HTTPS/TLS/SSL certificate for an Asus RT-AC3200 router via Mac OS X 10.10 and Chrome correct?
Using the following links I believe I was able to create and install a certificate and authority for my router so that when I connect to it via HTTPS it won't give me the warning screen about the site ...
2
votes
0
answers
1k
views
Windows 2012 R2 CA - certsrv missing templates field
Has anybody come across an issue where the certificate templates field is not available in the CA menu, http://localhost/certsrv/certrqxt.asp?
What it should look like is:
Has anybody any idea what ...
2
votes
0
answers
2k
views
Why doesn't Firefox accept different Ports for SSL encryption other than 443
There is an IIS Webserver with different Sites (SSL Binding) because I can't configure IIS to listen on same Address and Port with different Certificates so I set the SSL Port direction in the ...
2
votes
1
answer
1k
views
Multiple websites on one server/IP; only one with SSL
I recently acquired an SSL certificate for my primary site (https://wemarsh.com/). It works great, and I've even set up an .htaccess rule so all traffic on that site is encrypted. (I'm running Apache.)...
2
votes
0
answers
5k
views
How can I automatically trust a Root CA in Firefox given a PEM file?
I have:
Firefox 24.0 on Windows 7 Enterprise
A frequent need to have Firefox trust a specific Root CA in Base64-encoded "PEM" format on disk, e.g. C:\foo.pem (for instance)
The certificate I need to ...
2
votes
0
answers
488
views
separate irssi services passwords from main configuration file
I want to automatically connect to some IRC networks that don't all support authentication SSL client certificates (like OFTC) or SASL (Freenode). At the same time I want to add my irssi config to ...
2
votes
0
answers
1k
views
self-signed SSL certificate error: certificate has invalid digital signature
I have a c# program and part of it creates a self-signed certificate.
The problem is when i try to import the certificate in MMC it says "This certificate has an invalid digital signature."
And when ...
2
votes
0
answers
117
views
Permanently use certificate for site on chrome
I have installed a certificate in chrome for a website I am running. Whenever I go to the site, chrome prompts me for which certificate I want to use. I only have one certificate for the site. Is ...
2
votes
0
answers
2k
views
Restore default CA Certificates on Mac OSX 10.7
I've been screwing around with my Mac, trying to install self-signed certificate as trusted for our WAN site (for which we can't justify paying for a real signed certificate)
I've broken something ...
2
votes
2
answers
6k
views
Fedora 18 - error [Errno 14] Peer cert cannot be verified or peer cert invalid
When i run the command:
sudo yum install perl-bioperl
I get the error
[Errno 14] Peer cert cannot be verified or peer cert invalid.
My system details are:
Linux localhost.localdomain 3.11.10-100....
1
vote
0
answers
972
views
Using OpenSSH config file with -addext and -subj parameters
I'm trying to create a bash script to manage a PKI. I want to use OpenSSL conf file to specify some parameters for the generated and signed certs using my CA.
I specified default parameters as below:
...
1
vote
0
answers
106
views
SSL expired web root certificate for one client, on some computers but not others
I'm a non-network pro who has a situation with one of our largest clients. They get the red Certificate Invalid icon, because of an outdated, expired root certificate. However, our certificate is up ...
1
vote
0
answers
429
views
Cloudflare Nginx SSL Not Trusted/400 bad request (No required ssl certificate was sent)
Similar to this the error I am receiving from this thread (https://community.cloudflare.com/t/getting-400-bad-request-no-required-ssl-certificate-was-sent-using-nginx-and-cloudflare-authenticated-...
1
vote
0
answers
2k
views
How to troubleshoot ERR_CERT_AUTHORITY_INVALID error on specific site, on specific device, on specific browser?
I get the ERR_CERT_AUTHORITY_INVALID error only on a specific website, only on one Android phone, only using Chrome mobile.
the site works (i.e. https is accessible without error) with every other ...
1
vote
0
answers
4k
views
Unable to load CA private key when creating the intermediate pair
Following the tutorial at LINK to create the root pair and intermediate pair.
Creating the root pair works fine, but when I try to create the intermediate pair using:
openssl ca -config openssl.cnf -...
1
vote
1
answer
25
views
Easy switching between multiple sets of ca certificates?
My new job requires company's custom CA certificate to be installed. It is ok until I'm working, but I don't want this CA certificate to be active during non-working time.
Are there any ways ...
1
vote
0
answers
3k
views
TLS 1.2 connection with lftp
I'm trying to connect to a server from my RHEL 7 server that only accepts FTPS, TLS 1.2 connections. The only client available seems to be lftp. When I try to connect, it hangs on "TLS negotiation......
1
vote
1
answer
2k
views
openssl how to generate CSR with S/MIME Capabilities
what req_extensions should I pass to openssl to include "S/MIME Capabilities" into my CSR?
Please see example openssl s_client outpout below from installed certificate.
I aware of
"X509v3 ...
1
vote
0
answers
82
views
Angularjs PUT & DELETE Aborted on PreFlight with IE11
Our AngularJs WebApp communicates CORS CRUD operations against a WebApi service hosted in IIS that is SSL, and requires Certificates. All Verbs - GET, POST, PUT, DELETE, work in Chrome, but... IE11 ...
1
vote
0
answers
422
views
How do I manually connect to a WPA2 EAP-TLS school network using cloudpath on linux?
I’ve been trying to join my school’s wifi network with little success.
Our school uses Cloudpath Enrollment System (used to be called Xpressconnect or something). All devices have to install and run ...
1
vote
0
answers
290
views
Disabling the self-signed certificate exception for Java
I'm trying to access a Java Applet over https, the big burden is the applet is self-signed (which I currently have no control over) and the https port changes every time because it is behind a private ...
1
vote
0
answers
560
views
Strongswan ikev2: https stops working on client when connected to vpn server
I have set up strongswan 5.3.3-1 on OpenWRT 15.05 based router.
Followed this tutorial
The certificate for Server side authentication is issued by Let's Encrypt - I use it for my synology box and it ...
1
vote
0
answers
14k
views
NET::ERR_CERT_AUTHORITY_INVALID on Chrome
I have generated self signed certificate for my server. After importing root CA cert to my browser, I was trying to access my website via Chrome, I am however getting "NET::ERR_CERT_AUTHORITY_INVALID" ...
1
vote
0
answers
9k
views
certificate verify failed - Open VPN
When establishing open vpn connection, i am facing error "TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"
SSL ...
1
vote
0
answers
371
views
Add exception to the list of disabled signature algorithms on Firefox?
I'm currently accessing some internal websites with Firefox. The certificates for the websites are signed with RSASSA-PSS, which is trusted by Chrome but not by Firefox. I understand that Mozilla ...
1
vote
0
answers
725
views
Get ssl server name from ssl handshake - tshark
I am trying to verify a certificate using openssl. I verified the certificate chain itself and I want to check if the subject of the certificate matches the server name from the SSL field.
My code ...
1
vote
0
answers
603
views
"Error certificate signature failure getting chain" when combining certificates in a PKCS12 keystore
I got the above error when I tried to combine a server certificate, a private key and a certificate chain into a PCKS#12 keystore (step 3) prior to convert it to a JKS keystore.
Below are the steps I ...
1
vote
0
answers
113
views
How to get domain name of laptop
I need to create a certificate signing request to get a certificate from a CA for my laptop:
openssl req -subj "/CN=<my common name>" -new -key client-key.pem -out client.csr
In order to ...
1
vote
1
answer
6k
views
Retrieve ssl certificate from a server using ssl-cert nmap script: what security issues?
I'm a student in computer security, and I'm wondering what would be the risks for a server if I can retrieve its SSL certificate using the nmap script ssl-cert ?
Thank you
1
vote
0
answers
3k
views
Your connection is not private in Chrome and Internet Explorer
There is a problem with my Google Chrome and Internet Explorer when I am visiting https sites mostly google.com and anything related to Google is not working...
See screenshot of chrome and internet ...
1
vote
1
answer
73
views
Wildcard Server Certificate cannot be saved in IIs
I am using a domain wildcard certificate and want to get that installed on a new server.
In IIS Manager > Server Certificate, I use Complete Certificate Request to add the cert and it's showing in ...
1
vote
0
answers
160
views
Installing SSL on Shared hosting server
I have beta invitation of letsencrypt.org I followed there documentation here . But i am unable to install there packages because i have shared hosting server which does not allow to use sudo commands....
1
vote
3
answers
2k
views
https certificates for 2 IP addresses on the same server
We are working on a router-like device which can have it’s own access point and be connected to another router. We want to have https on the management web page using a valid certificate (not a self-...
1
vote
0
answers
1k
views
IE/Chrome add permanent SSL certificate exception?
How can I add a permanent SSL certificate exception for certain websites?
These sites have certificates signed by some root CA which I do not want to trust. When I tried to manually install the ...
1
vote
1
answer
183
views
Configure WinRM to Use HTTPS makecert.exe Name Syntax
I am trying to enable the remote execution of powershell scripts on a remote server over https using this example.
What I do not understand is what value to give for the hostname when generating the ...
1
vote
3
answers
3k
views
SSL certificate for CNAME record
I have the CNAME record images.bob.com, which points to the images.susan.co.uk (images.bob.com. 1800 IN CNAME images.susan.co.uk.). I would like to ask for issuing SSL certificate for the alias....