Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1287 questions
1720
votes
3 answers

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

I am responsible for maintaining two Debian servers. Every time I have to do anything with security certificates, I Google for tutorials and beat away until it finally works. However, in my searches I often come across different file formats (.key,…
Noah Goodrich
  • 18,677
  • 6
  • 24
  • 16
200
votes
6 answers

How do I view the details of a digital certificate .cer file?

I am using Windows and have been given a .cer file. How can I view the details of it?
yazz.com
  • 6,743
  • 14
  • 37
  • 38
130
votes
8 answers

Wildcard SSL certificate for second-level subdomain

I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer anything like that and that she didn't think it was…
Rob Long
84
votes
3 answers

How to inspect remote SMTP server's TLS certificate?

We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently. Now, when Exchange tries to deliver mail…
Skyhawk
  • 14,149
  • 3
  • 52
  • 95
71
votes
10 answers

How to avoid lftp Certificate verification error?

I'm trying to get my Pelican blog working. It uses lftp to transfer the actual blog to ones server, but I always get an error: mirror: Fatal error: Certificate verification: subjectAltName does not match ‘blogname.com’ I think lftp is checking the…
patrick
  • 812
  • 1
  • 6
  • 6
54
votes
11 answers

IIS7: can't set host name on site with SSL cert and port 443

Consider a Win 2008 SP2 machine with IIS7. The task is to apply a certificate and host name to the one and only Site on this machine. The site's host headers need to be abc.123.example.com The first step was installing the .pfx to the Personal…
p.campbell
  • 4,397
  • 6
  • 40
  • 51
45
votes
5 answers

Why are many admins using 'Turn off Automatic Root Certificates Update' Policy?

My company distributes a Windows Installer for a Server based product. As per best practices it is signed using a certificate. In line with Microsoft's advice we use a GlobalSign code signing certificate, which Microsoft claims is recognised by…
Jeroen Ritmeijer
  • 717
  • 1
  • 6
  • 14
43
votes
4 answers

Fingerprint of PEM ssh key

I have a PEM file which I add to a running ssh-agent: $ file query.pem query.pem: PEM RSA private key $ ssh-add ./query.pem Identity added: ./query.pem (./query.pem) $ ssh-add -l | grep query 2048 ef:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX…
Unknown
  • 1,291
  • 2
  • 13
  • 19
38
votes
2 answers

Is it possible to restrict the use of a root certificate to a domain

My customer uses a self signed certificate for an application to work. To be able to work, I have to install the root certificate they used to sign the certificate. Is it possible to configure a root certificate so it only validates towards one…
MichaelD
  • 515
  • 5
  • 7
36
votes
3 answers

Import of PEM certificate chain and key to Java Keystore

There are plenty of resources out there about this topic, but none I found which covers this slightly special case. I have 4 files; privatekey.pem certificate.pem intermediate_rapidssl.pem ca_geotrust_global.pem And I wish to import them into a…
Trollbane
  • 463
  • 1
  • 5
  • 4
35
votes
2 answers

Can I build my own Extended Validation SSL certificate?

I can create by own CA and generate a self signed SSL certificate this way. But what does it take to make the browser show the certificate as being an "Extended Validation SSL certificate" ? Can I create one myself and teach my browser to show it as…
Niels Basjes
  • 2,176
  • 3
  • 18
  • 26
35
votes
4 answers

Are self-signed SSL certificates secure?

I want to have a secure connection, when I log into my webmail, phpMyAdmin, etc. Therefore I signed my own SSL certificates with OpenSSL and told Apache to listen on port 443. Is this in fact secure? Are all my passwords really sent through a safe…
cherrun
  • 729
  • 2
  • 10
  • 17
33
votes
2 answers

How can I work around problems with certificate configuration in Remote Desktop Services?

I am setting up a Remote Desktop Services farm, and am having trouble configuring certificates for it to use. A demonstration of the problem I'm seeing can be found in Step #4. At this point I am convinced that there are problems with the user…
32
votes
1 answer

Certificate does not have a name

I've installed an SSL certificate in IIS, however the 'Name' column is showing as blank even though I entered a friendly name. Is there any way to fix this?
Jonathan
  • 1,279
  • 2
  • 20
  • 28
30
votes
1 answer

Generate .key and .crt from PKCS12 file?

How exactly would I generate a .key file and a .crt file from a .p12 file?
Fela Maslen
  • 1,183
  • 2
  • 11
  • 19
1
2 3
85 86