Questions tagged [ssl-certificate]
426 questions
275
votes
7 answers
What is the difference between a certificate and a key with respect to SSL?
Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there a standard difference between a key and a…
drs
- 2,953
137
votes
3 answers
Why does my browser think that https://1.1.1.1 is secure?
When I visit https://1.1.1.1, any web browser I use considers the URL to be secure.
This is what Google Chrome shows:
Normally, when I try to visit an HTTPS site via its IP address, I get a security warning like this:
From my understanding, the…
Deltik
- 19,971
107
votes
8 answers
Avoid password prompt for keys and prompts for DN information
I am using following code to generate keys:
apt-get -qq -y install openssl;
mkdir -p /etc/apache2/ssl;
openssl genrsa -des3 -out server.key 1024;
openssl req -new -key server.key -out server.csr;
cp server.key server.key.org;
openssl rsa -in…
JP19
41
votes
4 answers
cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)
Today out of a sudden all HTTPS requests, that my Ubuntu 14 server sends to websites with SSL certificates issued by Let's Encrypt, started to fail. The error produced by cURL is:
curl: (60) SSL certificate problem: certificate has expired
When I…
Finesse
- 1,131
36
votes
3 answers
How do you fix an incomplete SSL chain
I have a Go Daddy SSL cert installed, and works fine everywhere except Android.
https://www.ssllabs.com/ssltest/analyze.html says the chain is incomplete, and I read on stack overflow that an SSL chain in the wrong order will fail on Android.
But…
Jon
- 609
36
votes
2 answers
ERR_SSL_KEY_USAGE_INCOMPATIBLE Solution
I recently encountered the error message ERR_SSL_KEY_USAGE_INCOMPATIBLE in chrome using a self signed certificate. I spent hours trying to solve the problem before finally re-generating the certificate with:
openssl req -new -x509 -days 36500 -nodes…
Tiffany
- 461
35
votes
2 answers
Wildcard SSL common name - can it be called anything?
I was just wondering if a wildcard SSL certificate necessarily needs to have a common name that contains the domain name of the sites that need the SSL certificate applied to.
For example, for the following:
Domain name: testdomain.com
Subsites:…
Johnny Lamho
35
votes
3 answers
Do web browsers cache SSL certificates?
Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on a web server, will all of the web browsers pick up the new certificate when they connect via SSL, or is it possible that they could have a stale…
Lorin Hochstein
- 4,597
33
votes
3 answers
How do I make Safari automatically use a particular client certificate for an entire site?
Using client certificates with Safari present a number of problems:
Safari asks to select a client certificate on each page of the site (annoying)
Safari might even re-ask you to choose a certificate on a page you've already visited, particularly…
apinstein
- 1,261
30
votes
3 answers
How to add a self-signed certificate as an exception in Chrome?
I have a number of network devices that I access over HTTPS. However, they are self-signed certificates, so Chrome displays a warning page.
In earlier versions of chrome, I seem to remember an "add exception" button on this screen, or on the…
Force Flow
- 4,144
26
votes
5 answers
How to fix Firefox 59 no longer accepting my self signed SSL certificate on .dev virtualhost
On my local Apache environment I have a site that requires SSL for development, so I have been using a self signed certificate. The local site has worked fine in Firefox and Chrome until now, but after updating Firefox to version 59 today I can't…
kontur
- 540
26
votes
3 answers
How to provide a verified server certificate for Remote Desktop (RDP) connections to Windows 10
We have a Windows 10 Pro machine at our office which has an open port to the internet for incoming remote desktop connections (a ‘host’). It is well protected by complex password and limited number of permitted attempts and only TLS 1.1 or higher,…
gogoud
- 1,436
25
votes
2 answers
Permissions for SSL key?
I'm trying to set up a secure connection (https) in nginx.
But I'm a bit worried about the private key's permissions, which aren't mentioned in any tutorial.
Should I change them? To what?
ChocoDeveloper
- 2,877
24
votes
1 answer
IE9: Permanently accept untrusted certificate
When accessing a website via HTTPS which has an untrusted certificate, Internet Explorer 9 always shows me the following error message:
Is there a way to import the certificate permanently, so that I don't have to click away this message every…
Bob
- 716
23
votes
1 answer
Create Certificate Signing Request (CSR) with Subject Alternative Name (SAN) on Windows without third party tools
I need to create a CSR on Windows with Subject Alternative Names. Normally I use the built in feature from IIS but it does not give the alternative to use Subject Alternative Name (SAN).
I know that I can use DigiCert Certificate Utility for this…
Ogglas
- 2,204