Questions tagged [certificate]
Public key certificate - also digital certificate or identity certificate. A document that contains information about a user's or machine's identity, matched up with its public key, and is validated and cryptographically signed by a certificate authority. Certificates are intended to provide a trustworthy way to distribute and determine the correct public key for a given user or machine.
1,408
questions
441
votes
9
answers
968k
views
How to save a remote server SSL certificate locally as a file
I need to download an SSL certificate of a remote server (not HTTPS, but the SSL handshake should be the same as Google Chrome / IE / wget and curl all give certificate check fail errors) and add the ...
- 4,818
305
votes
15
answers
375k
views
Too many authentication failures for *username*
I have a hostgator account with ssh access enabled. When trying to upload the generated .pub key file with this command:
rsync -av -e "ssh -p2222" /home/user/.ssh/key.pub [email protected]:.ssh/...
- 3,685
293
votes
8
answers
885k
views
How do you add a certificate authority (CA) to Ubuntu?
My work has decided to issue their own certificate authority (CA) to handle different aspects of our work securely without paying for certificates.
Cryptographically sign emails
Encrypt email ...
- 4,662
264
votes
7
answers
286k
views
What is the difference between a certificate and a key with respect to SSL?
Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there ...
- 2,843
240
votes
9
answers
929k
views
How do I disable the warning Chrome gives if a security certificate is not trusted?
I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate.
I have a few sites in my bookmarks that use ...
- 2,659
192
votes
6
answers
381k
views
How do I view the contents of a PFX file on Windows?
I have a PFX certificate file on my machine and I'd like to view the details before importing it. (The import utility doesn't actually tell you what the certificate is!).
How do I view the details ...
- 5,311
129
votes
8
answers
796k
views
How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?
My work place intercepts SSL connections, looks at their contents, and then passes the data to and from my machine and remote hosts - a kind of man-in-the-middle attack. This is not uncommon in ...
- 3,461
90
votes
10
answers
262k
views
How to create my own certificate chain?
I would like to set up my own OCSP Responder for testing purposes, and this requires me to have a Root certificate with a few certificates generated from it.
I've managed to create a self-signed ...
- 3,041
80
votes
7
answers
352k
views
How to bypass the "secure connection failed" warning in Firefox 33
Since installing Firefox 33 a "Secure Connection Failed" error is no longer bypassable using the
"I Understand the Risks" button - it's gone!
Is it still somehow possible to ignore certificate errors?...
- 973
73
votes
5
answers
191k
views
Add permanent SSL certificate exception in Chrome (Linux)
I have a problem with a website that has an SSL certificate which doesn't correspond to the website domain. Chrome gives me a warning for this website (and rightly so), which I have to ignore manually....
- 3,851
57
votes
3
answers
61k
views
"Private key is missing or invalid when importing a certificate" in Google Chrome
I want to test my web app on https localhost. Unfortunately it seems impossible to remove certificate warning from chrome. First, I generated the certificate like this:
openssl req -x509 -nodes -days ...
- 683
55
votes
4
answers
246k
views
How can I get a list of installed certificates on Windows?
I know I have some certificates installed on my Windows 7 machine. How can I see what they are, the nicknames they are known by, and browse detailed information (such as issuer and available ...
- 973
53
votes
2
answers
137k
views
OpenSSL CA keyUsage extension
I want to set up a chain of certificates, with a self signed 'root' CA at the top that signs sub CAs, which can then sign client and server certificates. When setting up openssl.cnf, I noticed a ...
- 1,156
51
votes
4
answers
185k
views
How to configure Chrome to ignore SSL warning on specific URLs?
I guess there no need to introduce the "Privacy error" page in Chrome that appears whenever one uses SSL to access an uncertified website that has no signed certificate (red "X" on ...
- 921
47
votes
4
answers
15k
views
Firefox "Untrusted Connection" warnings when visiting reputable HTTPS sites when using child's account
When using Firefox on Windows, I see an "Untrusted Connection" warning when visiting any HTTPS site, including very reputable ones such as https://www.google.com and https://search.yahoo.com. The ...
- 1,231
45
votes
2
answers
70k
views
Which trusted root certificates are included in Java?
Which trusted root certificates are included in Java, specifically Sun Java and IBM Java? How can I get the list myself? Does Java on Windows use certificates from operating system?
- 1,391
43
votes
4
answers
158k
views
how to use curl to verify if a site's certificate has been revoked?
To check if the certificate for google.com has been revoked, I tried the following command:
curl https://www.google.com --cacert GeoTrust_Global_CA.pem --crlfile gtglobal.pem -v
, but I got the ...
- 635
41
votes
7
answers
87k
views
Can I get around using "pip install --cert"?
Trying to figure out if there is a way that I can avoid using the --cert flag to pip when I am installing packages at work. There is some issue with the proxy that only allows me to download the ...
- 513
40
votes
4
answers
122k
views
How can I export a certificate from MMC as a PFX file?
I'm in the process of trying to change the KeySpec property of a code signing certificate from Comodo by following this guide. The guide mentions importing your certificate file into MMC and then ...
- 1,708
39
votes
3
answers
189k
views
View / install certificates for local machine store on Windows 7
On Windows 7 (Windows 7 Professional x64), how can I view and install certificates in the local machine store?
The certmgr.msc plugin allows me to view certificates installed in the current ...
- 2,433
38
votes
1
answer
117k
views
Importing .PEM certificates on Windows 7 on the command line
I need to import a PEM certificate on a massive number of freshly installed Windows 7 Enterprise machines.
Normally, I would do it through MMC → Certificates (Local Computer) snap-in → Trusted Root ...
- 383
37
votes
1
answer
33k
views
How to pass arguments like “Country Name” to OpenSSL when creating self signed certificate?
I can create a self-signed certificate using this command
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
But is it possible to pass arguments like “...
- 1,303
36
votes
2
answers
106k
views
What are the Windows system certificate stores?
When adding certificates, stls, ctls and crls to the system, I can choose the certificate store.
I have found only references to the "my" and "root" stores so far.
Are there any other?
- 16.1k
36
votes
3
answers
97k
views
Where is my RDP server certificate stored?
Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:
Selecting View Certificate, i was going to check the SHA1 Thumbprint:
...
- 22.4k
36
votes
1
answer
124k
views
How to make Firefox ignore all SSL certification errors?
I'm on a private network with a lot of restrictions and monitorings. Every HTTPS connection results in SSL certification errors (maybe those people use "man-in-the-middle" approach to decrypt the ...
- 1,019
33
votes
5
answers
41k
views
Why does Chrome say "Your connection to this site is not secure" even if the certificate is valid?
My site has a valid certificate, but Chrome marks it as insecure.
I tried my site using Brave and Firefox, and both mark it as secure.
I also ran this online test, and everything looks fine:
https:/...
32
votes
2
answers
127k
views
Import certificates using command line on Windows
I need to import a certificate file to Trusted Root Certification Authorities store, to get rid of an SSL warning when visiting my local website. The way I currently do it is lengthy: use Google ...
- 1,176
30
votes
2
answers
113k
views
Windows 7 will not install a root certificate
I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate ...
- 6,430
30
votes
4
answers
48k
views
Create self signed certificate with subjectAltName to fix [missing_subjectAltName] in Chrome 58+
I'm trying to create a self signed certificate for localhost containing subjectAltName to satisfy Chrome 58+:
createcertificate.sh:
#!/usr/bin/env bash
filename="$1server"
openssl req -new -sha256 -...
- 1,303
29
votes
2
answers
105k
views
Remote Desktop Connection - How to get the certificate prompt back?
I just tried remoting to my work PC from home and got the "identity cannot be verified" prompt like the one below. I marked the "Don't ask me again for connections to this computer" box, and then ...
- 435
29
votes
1
answer
139k
views
Where are digital certificates physically stored on a Mac OS X machine?
Can someone tell me and maybe link to literature which describes it, where are the digital certificates storage location on Mac OS X? I know I could access the certificates with the “Keychain” ...
- 441
28
votes
1
answer
57k
views
Add to "My certificates" in Keychain Access? (Mac OS 10.10)
I have a certificate file like this:
-----BEGIN CERTIFICATE-----
MIIHCDCCBPC ....
I can get it to show up under "Certificates" by going to "File->import items" (it is the "Elin" one).
I can however ...
- 283
28
votes
5
answers
58k
views
How do I remove security certificate exceptions from Google Chrome?
I am a developer and have created a certificate for my application.
The first time I access it Chrome states that the certificate is not recognized and suggests to leave the website.
There is however ...
- 579
28
votes
3
answers
49k
views
Trust self signed Cert in Chrome macOS 10.13
I'm trying to always trust a self signed certificate but I'm having issues.
For one, when I try to drag the certificate to a folder or desktop, it just doesn't do anything. I can do the same from ...
- 792
27
votes
1
answer
50k
views
What's the quickest way on a Windows machine to look at the detail of a p12 certificate?
Given a P12 certificate file on Windows, what's the quickest way to see the details such as common name?
Say i have a file mycertificate.p12, ideally I'm looking for a command line tool that I can run ...
- 728
27
votes
3
answers
85k
views
keytool commands to replace existing SSL certificate?
I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. ...
user68950
27
votes
4
answers
82k
views
Can self-signed SSL certificate be renewed? How?
I'm fairly new to SSL certificates and would like to know if a self-signed certificate which I use for HTTPS can be renewed to extend its expiry date without all clients of the site having to go ...
- 917
27
votes
3
answers
21k
views
How can I check if a domain uses DNSSEC?
DNSSEC has been deployed on some topdomains now. But how could I see if a site/domain is using DNSSEC? Is it shown in the browser? or is there any windows or linux command to see it? or a tool for it?
- 27.8k
27
votes
1
answer
57k
views
nginx http to https proxy with self-signed certificate
I have an nginx proxy to redirect http requests with a specified port to another https url.
Here is my configuration so far:
server {
listen 59848;
location / {
resolver 8.8.8.8;
...
- 381
26
votes
2
answers
8k
views
What is the superfish SSL certificate and where did it originate
I recently bought a new laptop, every https:// connection I do to any site regardless of browser chain back to a root certificate issued by "superfish, inc". I have had a dig around but I can't seem ...
Bob
25
votes
2
answers
25k
views
Self-signed wildcard certificate
I've got pihole set up at home, so I want to be able to handle requests for any website with my own server, to show a "this site has been blocked" page.
I'm attempting to do this by creating a self-...
24
votes
3
answers
55k
views
How to provide a verified server certificate for Remote Desktop (RDP) connections to Windows 10
We have a Windows 10 Pro machine at our office which has an open port to the internet for incoming remote desktop connections (a ‘host’). It is well protected by complex password and limited number of ...
- 1,386
24
votes
3
answers
82k
views
How to bypass certificate error in Microsoft Edge?
I'm trying to access an intranet server under HTTPS, whose certificate has been autogenerated. With other browsers (IE, Firefox, Chrome, etc.) I have the option to ignore this error and to somehow "go ...
- 624
24
votes
1
answer
104k
views
IE9: Permanently accept untrusted certificate
When accessing a website via HTTPS which has an untrusted certificate, Internet Explorer 9 always shows me the following error message:
Is there a way to import the certificate permanently, so that I ...
- 717
23
votes
2
answers
53k
views
Remove Key Password with OpenSSL
This is something I've wanted to do for a while now.
There wasn't a question already for it so I'm putting one in.
How do you remove a password from a .key file using OpenSSL.
- 731
21
votes
2
answers
56k
views
Generate an ECDSA key and CSR with OpenSSL
I know how to generate an RSA Private Key and CSR:
openssl genrsa -out my.key.pem 2048
openssl req -new -sha256 -key my.key.pem -out my.csr
But, how do I do the same with an ECDSA (Elliptic Curve ...
- 325
21
votes
2
answers
38k
views
Why can't I verify this certificate chain?
I have three certificates in a chain:
root.pem
intermediate.pem
john.pem
When I examine them using openssl x509 -in [filename] -text -noout they look fine, root.pem looks like it is self-signed (...
- 373
20
votes
2
answers
39k
views
Get a server's SSL/TLS certificate using "openssl s_client"
I am trying to get the SSL/TLS certificate for one of our load balancers (Netscaler) using:
openssl s_client -showcerts -connect lb.example.com:443
But it won't show me the certificate:
CONNECTED(...
- 938
19
votes
5
answers
7k
views
Why do some websites change SSL certificates so frequently? [closed]
So after learning the Firefox was allowing developers access to see SSL certificate information, I happily switched over from Chrome to Firefox and installed Certificate Watch. I had to exclude the ...
- 383
19
votes
6
answers
47k
views
Check expiry date of ssl certificate for multiple remote servers
I can find out the expiry date of ssl certificates using this OpenSSL command:
openssl x509 -noout -in <filename> -enddate
But if the certificates are scattered on different web servers, how ...
- 243