Skip to main content

Questions tagged [certificate]

Public key certificate - also digital certificate or identity certificate. A document that contains information about a user's or machine's identity, matched up with its public key, and is validated and cryptographically signed by a certificate authority. Certificates are intended to provide a trustworthy way to distribute and determine the correct public key for a given user or machine.

Filter by
Sorted by
Tagged with
441 votes
9 answers
968k views

How to save a remote server SSL certificate locally as a file

I need to download an SSL certificate of a remote server (not HTTPS, but the SSL handshake should be the same as Google Chrome / IE / wget and curl all give certificate check fail errors) and add the ...
Kimvais's user avatar
  • 4,818
305 votes
15 answers
375k views

Too many authentication failures for *username*

I have a hostgator account with ssh access enabled. When trying to upload the generated .pub key file with this command: rsync -av -e "ssh -p2222" /home/user/.ssh/key.pub [email protected]:.ssh/...
Gabriel's user avatar
  • 3,685
293 votes
8 answers
885k views

How do you add a certificate authority (CA) to Ubuntu?

My work has decided to issue their own certificate authority (CA) to handle different aspects of our work securely without paying for certificates. Cryptographically sign emails Encrypt email ...
Xeoncross's user avatar
  • 4,662
264 votes
7 answers
286k views

What is the difference between a certificate and a key with respect to SSL?

Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there ...
drs's user avatar
  • 2,843
240 votes
9 answers
929k views

How do I disable the warning Chrome gives if a security certificate is not trusted?

I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate. I have a few sites in my bookmarks that use ...
sippa's user avatar
  • 2,659
192 votes
6 answers
381k views

How do I view the contents of a PFX file on Windows?

I have a PFX certificate file on my machine and I'd like to view the details before importing it. (The import utility doesn't actually tell you what the certificate is!). How do I view the details ...
PeterX's user avatar
  • 5,311
129 votes
8 answers
796k views

How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?

My work place intercepts SSL connections, looks at their contents, and then passes the data to and from my machine and remote hosts - a kind of man-in-the-middle attack. This is not uncommon in ...
Richard's user avatar
  • 3,461
90 votes
10 answers
262k views

How to create my own certificate chain?

I would like to set up my own OCSP Responder for testing purposes, and this requires me to have a Root certificate with a few certificates generated from it. I've managed to create a self-signed ...
StackedCrooked's user avatar
80 votes
7 answers
352k views

How to bypass the "secure connection failed" warning in Firefox 33

Since installing Firefox 33 a "Secure Connection Failed" error is no longer bypassable using the "I Understand the Risks" button - it's gone! Is it still somehow possible to ignore certificate errors?...
RienNeVaPlu͢s's user avatar
73 votes
5 answers
191k views

Add permanent SSL certificate exception in Chrome (Linux)

I have a problem with a website that has an SSL certificate which doesn't correspond to the website domain. Chrome gives me a warning for this website (and rightly so), which I have to ignore manually....
raphink's user avatar
  • 3,851
57 votes
3 answers
61k views

"Private key is missing or invalid when importing a certificate" in Google Chrome

I want to test my web app on https localhost. Unfortunately it seems impossible to remove certificate warning from chrome. First, I generated the certificate like this: openssl req -x509 -nodes -days ...
Maciej Kravchyk's user avatar
55 votes
4 answers
246k views

How can I get a list of installed certificates on Windows?

I know I have some certificates installed on my Windows 7 machine. How can I see what they are, the nicknames they are known by, and browse detailed information (such as issuer and available ...
Tim Keating's user avatar
53 votes
2 answers
137k views

OpenSSL CA keyUsage extension

I want to set up a chain of certificates, with a self signed 'root' CA at the top that signs sub CAs, which can then sign client and server certificates. When setting up openssl.cnf, I noticed a ...
Robin McCorkell's user avatar
51 votes
4 answers
185k views

How to configure Chrome to ignore SSL warning on specific URLs?

I guess there no need to introduce the "Privacy error" page in Chrome that appears whenever one uses SSL to access an uncertified website that has no signed certificate (red "X" on ...
voronoi's user avatar
  • 921
47 votes
4 answers
15k views

Firefox "Untrusted Connection" warnings when visiting reputable HTTPS sites when using child's account

When using Firefox on Windows, I see an "Untrusted Connection" warning when visiting any HTTPS site, including very reputable ones such as https://www.google.com and https://search.yahoo.com. The ...
200_success's user avatar
  • 1,231
45 votes
2 answers
70k views

Which trusted root certificates are included in Java?

Which trusted root certificates are included in Java, specifically Sun Java and IBM Java? How can I get the list myself? Does Java on Windows use certificates from operating system?
Peter Štibraný's user avatar
43 votes
4 answers
158k views

how to use curl to verify if a site's certificate has been revoked?

To check if the certificate for google.com has been revoked, I tried the following command: curl https://www.google.com --cacert GeoTrust_Global_CA.pem --crlfile gtglobal.pem -v , but I got the ...
Claudiu's user avatar
  • 635
41 votes
7 answers
87k views

Can I get around using "pip install --cert"?

Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the ...
Ian Lee's user avatar
  • 513
40 votes
4 answers
122k views

How can I export a certificate from MMC as a PFX file?

I'm in the process of trying to change the KeySpec property of a code signing certificate from Comodo by following this guide. The guide mentions importing your certificate file into MMC and then ...
soapergem's user avatar
  • 1,708
39 votes
3 answers
189k views

View / install certificates for local machine store on Windows 7

On Windows 7 (Windows 7 Professional x64), how can I view and install certificates in the local machine store? The certmgr.msc plugin allows me to view certificates installed in the current ...
richzilla's user avatar
  • 2,433
38 votes
1 answer
117k views

Importing .PEM certificates on Windows 7 on the command line

I need to import a PEM certificate on a massive number of freshly installed Windows 7 Enterprise machines. Normally, I would do it through MMC → Certificates (Local Computer) snap-in → Trusted Root ...
V.G.'s user avatar
  • 383
37 votes
1 answer
33k views

How to pass arguments like “Country Name” to OpenSSL when creating self signed certificate?

I can create a self-signed certificate using this command openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt But is it possible to pass arguments like “...
Alexander Zeitler's user avatar
36 votes
2 answers
106k views

What are the Windows system certificate stores?

When adding certificates, stls, ctls and crls to the system, I can choose the certificate store. I have found only references to the "my" and "root" stores so far. Are there any other?
Jader Dias's user avatar
  • 16.1k
36 votes
3 answers
97k views

Where is my RDP server certificate stored?

Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server: Selecting View Certificate, i was going to check the SHA1 Thumbprint: ...
Ian Boyd's user avatar
  • 22.4k
36 votes
1 answer
124k views

How to make Firefox ignore all SSL certification errors?

I'm on a private network with a lot of restrictions and monitorings. Every HTTPS connection results in SSL certification errors (maybe those people use "man-in-the-middle" approach to decrypt the ...
Teiv's user avatar
  • 1,019
33 votes
5 answers
41k views

Why does Chrome say "Your connection to this site is not secure" even if the certificate is valid?

My site has a valid certificate, but Chrome marks it as insecure. I tried my site using Brave and Firefox, and both mark it as secure. I also ran this online test, and everything looks fine: https:/...
Jean-François Beauchamp's user avatar
32 votes
2 answers
127k views

Import certificates using command line on Windows

I need to import a certificate file to Trusted Root Certification Authorities store, to get rid of an SSL warning when visiting my local website. The way I currently do it is lengthy: use Google ...
Livy's user avatar
  • 1,176
30 votes
2 answers
113k views

Windows 7 will not install a root certificate

I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate ...
Mark Henderson's user avatar
30 votes
4 answers
48k views

Create self signed certificate with subjectAltName to fix [missing_subjectAltName] in Chrome 58+

I'm trying to create a self signed certificate for localhost containing subjectAltName to satisfy Chrome 58+: createcertificate.sh: #!/usr/bin/env bash filename="$1server" openssl req -new -sha256 -...
Alexander Zeitler's user avatar
29 votes
2 answers
105k views

Remote Desktop Connection - How to get the certificate prompt back?

I just tried remoting to my work PC from home and got the "identity cannot be verified" prompt like the one below. I marked the "Don't ask me again for connections to this computer" box, and then ...
pibboater's user avatar
  • 435
29 votes
1 answer
139k views

Where are digital certificates physically stored on a Mac OS X machine?

Can someone tell me and maybe link to literature which describes it, where are the digital certificates storage location on Mac OS X? I know I could access the certificates with the “Keychain” ...
Opa114's user avatar
  • 441
28 votes
1 answer
57k views

Add to "My certificates" in Keychain Access? (Mac OS 10.10)

I have a certificate file like this: -----BEGIN CERTIFICATE----- MIIHCDCCBPC .... I can get it to show up under "Certificates" by going to "File->import items" (it is the "Elin" one). I can however ...
dani's user avatar
  • 283
28 votes
5 answers
58k views

How do I remove security certificate exceptions from Google Chrome?

I am a developer and have created a certificate for my application. The first time I access it Chrome states that the certificate is not recognized and suggests to leave the website. There is however ...
algiogia's user avatar
  • 579
28 votes
3 answers
49k views

Trust self signed Cert in Chrome macOS 10.13

I'm trying to always trust a self signed certificate but I'm having issues. For one, when I try to drag the certificate to a folder or desktop, it just doesn't do anything. I can do the same from ...
cclloyd's user avatar
  • 792
27 votes
1 answer
50k views

What's the quickest way on a Windows machine to look at the detail of a p12 certificate?

Given a P12 certificate file on Windows, what's the quickest way to see the details such as common name? Say i have a file mycertificate.p12, ideally I'm looking for a command line tool that I can run ...
Iain's user avatar
  • 728
27 votes
3 answers
85k views

keytool commands to replace existing SSL certificate?

I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. ...
user avatar
27 votes
4 answers
82k views

Can self-signed SSL certificate be renewed? How?

I'm fairly new to SSL certificates and would like to know if a self-signed certificate which I use for HTTPS can be renewed to extend its expiry date without all clients of the site having to go ...
FriendFX's user avatar
  • 917
27 votes
3 answers
21k views

How can I check if a domain uses DNSSEC?

DNSSEC has been deployed on some topdomains now. But how could I see if a site/domain is using DNSSEC? Is it shown in the browser? or is there any windows or linux command to see it? or a tool for it?
Jonas's user avatar
  • 27.8k
27 votes
1 answer
57k views

nginx http to https proxy with self-signed certificate

I have an nginx proxy to redirect http requests with a specified port to another https url. Here is my configuration so far: server { listen 59848; location / { resolver 8.8.8.8; ...
Jakob's user avatar
  • 381
26 votes
2 answers
8k views

What is the superfish SSL certificate and where did it originate

I recently bought a new laptop, every https:// connection I do to any site regardless of browser chain back to a root certificate issued by "superfish, inc". I have had a dig around but I can't seem ...
user avatar
25 votes
2 answers
25k views

Self-signed wildcard certificate

I've got pihole set up at home, so I want to be able to handle requests for any website with my own server, to show a "this site has been blocked" page. I'm attempting to do this by creating a self-...
Daniël van den Berg's user avatar
24 votes
3 answers
55k views

How to provide a verified server certificate for Remote Desktop (RDP) connections to Windows 10

We have a Windows 10 Pro machine at our office which has an open port to the internet for incoming remote desktop connections (a ‘host’). It is well protected by complex password and limited number of ...
gogoud's user avatar
  • 1,386
24 votes
3 answers
82k views

How to bypass certificate error in Microsoft Edge?

I'm trying to access an intranet server under HTTPS, whose certificate has been autogenerated. With other browsers (IE, Firefox, Chrome, etc.) I have the option to ignore this error and to somehow "go ...
Starnuto di topo's user avatar
24 votes
1 answer
104k views

IE9: Permanently accept untrusted certificate

When accessing a website via HTTPS which has an untrusted certificate, Internet Explorer 9 always shows me the following error message: Is there a way to import the certificate permanently, so that I ...
Bob's user avatar
  • 717
23 votes
2 answers
53k views

Remove Key Password with OpenSSL

This is something I've wanted to do for a while now. There wasn't a question already for it so I'm putting one in. How do you remove a password from a .key file using OpenSSL.
Matt Vukomanovic's user avatar
21 votes
2 answers
56k views

Generate an ECDSA key and CSR with OpenSSL

I know how to generate an RSA Private Key and CSR: openssl genrsa -out my.key.pem 2048 openssl req -new -sha256 -key my.key.pem -out my.csr But, how do I do the same with an ECDSA (Elliptic Curve ...
Sreehari's user avatar
  • 325
21 votes
2 answers
38k views

Why can't I verify this certificate chain?

I have three certificates in a chain: root.pem intermediate.pem john.pem When I examine them using openssl x509 -in [filename] -text -noout they look fine, root.pem looks like it is self-signed (...
Jong Bor's user avatar
  • 373
20 votes
2 answers
39k views

Get a server's SSL/TLS certificate using "openssl s_client"

I am trying to get the SSL/TLS certificate for one of our load balancers (Netscaler) using: openssl s_client -showcerts -connect lb.example.com:443 But it won't show me the certificate: CONNECTED(...
Daniel Serodio's user avatar
19 votes
5 answers
7k views

Why do some websites change SSL certificates so frequently? [closed]

So after learning the Firefox was allowing developers access to see SSL certificate information, I happily switched over from Chrome to Firefox and installed Certificate Watch. I had to exclude the ...
8vtwo's user avatar
  • 383
19 votes
6 answers
47k views

Check expiry date of ssl certificate for multiple remote servers

I can find out the expiry date of ssl certificates using this OpenSSL command: openssl x509 -noout -in <filename> -enddate But if the certificates are scattered on different web servers, how ...
user32262's user avatar
  • 243

1
2 3 4 5
29