Questions tagged [ssl-certificate]
The ssl-certificate tag has no usage guidance.
419
questions
264
votes
7
answers
286k
views
What is the difference between a certificate and a key with respect to SSL?
Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there ...
- 2,843
136
votes
3
answers
25k
views
Why does my browser think that https://1.1.1.1 is secure?
When I visit https://1.1.1.1, any web browser I use considers the URL to be secure.
This is what Google Chrome shows:
Normally, when I try to visit an HTTPS site via its IP address, I get a security ...
- 19.7k
108
votes
8
answers
134k
views
Avoid password prompt for keys and prompts for DN information
I am using following code to generate keys:
apt-get -qq -y install openssl;
mkdir -p /etc/apache2/ssl;
openssl genrsa -des3 -out server.key 1024;
openssl req -new -key server.key -out server.csr;
cp ...
JP19
41
votes
4
answers
20k
views
cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)
Today out of a sudden all HTTPS requests, that my Ubuntu 14 server sends to websites with SSL certificates issued by Let's Encrypt, started to fail. The error produced by cURL is:
curl: (60) SSL ...
- 1,121
36
votes
3
answers
110k
views
How do you fix an incomplete SSL chain
I have a Go Daddy SSL cert installed, and works fine everywhere except Android.
https://www.ssllabs.com/ssltest/analyze.html says the chain is incomplete, and I read on stack overflow that an SSL ...
- 609
35
votes
2
answers
41k
views
Wildcard SSL common name - can it be called anything?
I was just wondering if a wildcard SSL certificate necessarily needs to have a common name that contains the domain name of the sites that need the SSL certificate applied to.
For example, for the ...
Johnny Lamho
35
votes
2
answers
97k
views
ERR_SSL_KEY_USAGE_INCOMPATIBLE Solution
I recently encountered the error message ERR_SSL_KEY_USAGE_INCOMPATIBLE in chrome using a self signed certificate. I spent hours trying to solve the problem before finally re-generating the ...
- 451
34
votes
3
answers
43k
views
Do web browsers cache SSL certificates?
Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on a web server, will all of the web browsers pick up the new certificate when they connect via SSL, or ...
- 4,477
33
votes
3
answers
56k
views
How do I make Safari automatically use a particular client certificate for an entire site?
Using client certificates with Safari present a number of problems:
Safari asks to select a client certificate on each page of the site (annoying)
Safari might even re-ask you to choose a certificate ...
- 1,261
29
votes
3
answers
97k
views
How to add a self-signed certificate as an exception in Chrome?
I have a number of network devices that I access over HTTPS. However, they are self-signed certificates, so Chrome displays a warning page.
In earlier versions of chrome, I seem to remember an "add ...
- 4,116
26
votes
5
answers
50k
views
How to fix Firefox 59 no longer accepting my self signed SSL certificate on .dev virtualhost
On my local Apache environment I have a site that requires SSL for development, so I have been using a self signed certificate. The local site has worked fine in Firefox and Chrome until now, but ...
- 540
24
votes
3
answers
55k
views
How to provide a verified server certificate for Remote Desktop (RDP) connections to Windows 10
We have a Windows 10 Pro machine at our office which has an open port to the internet for incoming remote desktop connections (a ‘host’). It is well protected by complex password and limited number of ...
- 1,386
24
votes
2
answers
55k
views
Permissions for SSL key?
I'm trying to set up a secure connection (https) in nginx.
But I'm a bit worried about the private key's permissions, which aren't mentioned in any tutorial.
Should I change them? To what?
- 2,807
24
votes
1
answer
104k
views
IE9: Permanently accept untrusted certificate
When accessing a website via HTTPS which has an untrusted certificate, Internet Explorer 9 always shows me the following error message:
Is there a way to import the certificate permanently, so that I ...
- 717
20
votes
7
answers
7k
views
Why is an unsigned SSL cert treated worse than no SSL cert?
If I view a site that has a unsigned or self-signed SSL cert, my browser gives me a warning. Yet the same browser has no problem allowing credentials to be sent across unsecured pages.
Why is the ...
- 5,322
20
votes
1
answer
92k
views
Create Certificate Signing Request (CSR) with Subject Alternative Name (SAN) on Windows without third party tools
I need to create a CSR on Windows with Subject Alternative Names. Normally I use the built in feature from IIS but it does not give the alternative to use Subject Alternative Name (SAN).
I know that ...
- 2,084
19
votes
6
answers
47k
views
Check expiry date of ssl certificate for multiple remote servers
I can find out the expiry date of ssl certificates using this OpenSSL command:
openssl x509 -noout -in <filename> -enddate
But if the certificates are scattered on different web servers, how ...
- 243
18
votes
3
answers
70k
views
The certificate is not trusted because no issuer chain was provided
Could anyone explain the meaning of this error message in plain English?
Should I add an exception or I should not continue on this website?
Technical details: the URL is here, the browser is ...
- 325
17
votes
1
answer
19k
views
How to add a domain to existing certificate generated by Let’s Encrypt/Certbot?
This question is a continuation of essentially the same question that was closed for being "off-topic" on Stack Overflow.
The OP's question:
I am just simply trying to add the domain test.example....
- 705
16
votes
3
answers
59k
views
How to make Chrome trust Windows system root CA certificate?
Our corporate machine administrators distribute corporate root CA certificates via Active Directory, but Chrome does not trust system certificates by default. Is there any way to tweak Chrome to trust ...
- 746
15
votes
8
answers
201k
views
Continually getting https certificate errors on all browsers
I recently switched to a new laptop running Windows 7. For some reason I am constantly getting certificate errors when hitting sites where I really shouldn't be getting them - twitter, picasa, google ...
- 427
15
votes
2
answers
6k
views
openssl certificate generation commands [duplicate]
I am making a self signed certificate using OpenSSL. I want to make the certificate in one go, means that it will not ask me for the input for Company Name, Common Name etc etc. Is there anyway to do ...
maqsood ahmed
15
votes
2
answers
122k
views
How do I get my browser to ignore certificate on trusted domain
I got this message when I tried to login to my own dedi or one of the cpanel using Internet Explorer.
The security certificate presented by this website was issued for a
different website's address.
...
- 4,803
14
votes
1
answer
19k
views
How to tell `links` to ignore expired SSL certificate and proceed?
I'm using the links browser and trying to connect to an HTTPS site. I then get:
Verification failure: certificate has expired
this is "fine" (i.e. was decided to be tolerated) for this internal-only ...
- 7,203
13
votes
2
answers
74k
views
How do I use the openssl command to decode a certificate/public key .PEM file?
I have my localhost TSL/SSL certificate from Chrome stored to a .PEM file. Was wondering how do I use the oppenssl command to decode it into a list of human-readable fields.
Googling this only ...
11
votes
2
answers
10k
views
How to view SSL-certificate details in Firefox mobile
In the desktop versions of Firefox it's possible to view details of a sites SSL-certificate by clicking on the lock symbol and then navigating through the popup.
Is there a way of viewing the ...
- 221
11
votes
1
answer
12k
views
How long does it take to see a renewed SSL certificate?
I just renewed the SSL certificate for a domain and installed the new files on my AWS server running Apache. All appears to be ok, but the browser still shows the old expiration date. Is there a way I ...
- 489
10
votes
3
answers
39k
views
Can't make Chrome to trust my certificate
I am serving web pages inside LAN with my own certificate, signed by my own CA. Chrome warns connection is not trusted with the following details:
I am trying to add inthemoon-ca to Trusted Root ...
- 12.8k
9
votes
4
answers
57k
views
SSLCipherSuite settings in Apache for supporting TLS 1.0, 1.1 and 1.2
I have an Apache 2.4.7 web server running multiple domain names using a single IP address. As a result of the Poodle vulnerability, I added the following SSLCipherSuite line.
It worked fine for a ...
- 320
8
votes
3
answers
12k
views
Getting SSL certificate error on valid certificate when accessing via Curl
I have a wildcard SSL certificate which powers *.mysite.com. The site is accessible from all browsers without any problem. There is also a service (on a different server)
with URL: service.mysite.com....
- 183
8
votes
4
answers
7k
views
Where do I install certificates so that wget and other MacPorts programs will find them?
I have to install custom certificates so that they work with wget installed via MacPorts. I can't find the right directory.
I've tried installing in /System/Library/OpenSSL/certs but that directory ...
- 3,401
8
votes
4
answers
6k
views
How is ESET Smart Security able to intercept my HTTPS traffic?
Yesterday, ESET showed a notification to install the latest version of Smart Security, so I’ve clicked “Install”. Now, it appears that ESET can intercept HTTPS traffic in my browser.
In Firefox, I ...
- 823
8
votes
2
answers
29k
views
Trust SSL certificate to local system account
I have the following need:
A windows service needs to connect to a svn repository through https. The service needs also to run as local system account for IO permissions on the machine.
Now when the ...
- 197
8
votes
1
answer
2k
views
Do intermediate certificates get cached in Firefox?
If someone visits site A which has a certificate issues by GoDaddy which also supplied a intermediate certificate between GoDaddy and their CA, would Firefox cache the intermediate certificate and use ...
- 2,411
8
votes
3
answers
59k
views
How to turn off Opera server certificate messages?
While I'm browsing the Internet, Opera always pop out a lots of from these Server certificate expired boxes. Several times it pops out a tons from them and I have to click to Approve on each of them ...
- 5,234
8
votes
2
answers
1k
views
How to tell which resources are loaded "insecurely" with Chrome using https
I understand this is because I'm loading some stuff via http:// but does that mean a single http reference can't appear in the source? Even in examples like <a href="http://...">...</a>?
...
- 6,305
8
votes
1
answer
5k
views
How can I verify a certificate's fingerprints?
I use gmail with mutt over imap. imaps://imap.gmail.com:993
Today when I launched mutt, it prompted me to reject or accept a certificate. Screenshot:
q:Exit ?:Help
This certificate belongs to:
...
- 951
7
votes
3
answers
10k
views
Certificates signed by multiple CAs
Is it possible to have a OpenSSL Certificate signed by multiple CAs?
Background: We have a CA to issue certificates mainly for our machine-to-machine communications. Now we need to make some services ...
- 131
7
votes
1
answer
17k
views
Expired web/SSL certificate error on only one computer
I have a strange problem with one website's SSL certificate that only affects one computer Windows 7 operating system. The site works fine on other Win 7 computers with no error, pulling valid ...
- 196
7
votes
3
answers
6k
views
Removing certificates in Firefox doesn't work
I'm trying to remove my certificates going to Preferences > Advanced > Encryption > View Certificates. Then I select the certificates I want to remove and delete them.
But when I go again to the list,...
- 1,359
6
votes
2
answers
12k
views
Make Chrome trust the Linux system certificate store or select certificates via policies
I need to trust a self-signed certificate on a lot of managed Linux desktops.
I have imported them into the trust store of the OS, curl, wget etc. trust them.
However browsers like Firefox and Chrome (...
6
votes
1
answer
2k
views
How to create private security certificates that behave like official ones?
I'm trying to get a valid secured environment for HTTP communication to behave like normal ones. I'm doing this for a restricted group of users.
There is a hardware server running a web service (nginx)...
- 517
5
votes
1
answer
10k
views
netsh "Error: 87 The parameter is incorrect" when using hostnameport
I am using the following netsh command successfully:
netsh http add sslcert ipport=127.0.0.1:9000 appid={7B8DB713-2C51-41B5-AE6F-6DAA07833DBE} certhash=69fed34fdf164e7feac5e17823b94d0f30ab05c5
but ...
- 337
5
votes
2
answers
15k
views
Let Firefox accept a website with self-signed certificate
How do I tell Firefox 112 that it is fine to visit a specific site containing a self-signed certificate?
The 'I understand the risk' button is no longer available, clicking 'Advanced' again shows 'Go ...
- 4,247
5
votes
2
answers
19k
views
Why is the local certificate store missing in Windows 8.1?
I am trying to import a self-signed certificate into the local certificate store of the Trusted Root CAs on my Windows 8.1 machine, but that store is missing. Importing it into the Trusted Root CAs ...
- 3,365
5
votes
1
answer
8k
views
How to allow specific SSL client certificates in Nginx?
Nginx's ssl_client_certificate and ssl_trusted_certificate directives can be used to allow client certificates signed by a given authority. But how can I allow specific certificates? I would like to ...
- 344
5
votes
2
answers
2k
views
Is there a way to quickly disable all trusted root certificates in Windows 7?
(I've posted this earlier to superuser)
I'd like to temporarily disable all trusted root certificates and wondering if there is a quicker way than going through every single one of them, right-click ...
- 243
5
votes
2
answers
12k
views
Firefox "invalid certificate" error for a trusted website (sec_error_reused_issuer_and_serial)
I am connecting to a website (via Firefox 6.0.2 on Mac OS X 10.6.8) I know is legitimate, and the connection worked up till yesterday. However, when I connected to day I got the following error:
...
- 6,121
5
votes
1
answer
9k
views
Using HTTPS in client browsers on a local network without internet connection
I'm working on a web application running on a server. There will be clients (smartphone browsers) connecting to the server via HTTPS over a WiFi that wouldn't be connected to the internet. It would ...
- 153
5
votes
1
answer
365
views
Chrome - how do I actually VIEW a https certificate? [duplicate]
While Chrome is happy to show me certificates when they are invalid, with a nice warning message, I've just tried to view a certificate for a valid site and found there's no obvious way to do so.
If ...
- 6,773