Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [self-signed-certificate]

A self signed certificate is signed with its own private key instead of the private key of a higher or publicly trusted certificate authority (CA).

130 questions
23
votes
2 answers

Why openssl ignore -days for expiration date for self signed certificate?

I have a bash script that generates a self-signed certificate and works perfectly fine: #! /bin/bash # Generate self signed root CA cert openssl req -nodes -x509 -days 358000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj…
Alireza
  • 563
  • 4
  • 8
  • 27
17
votes
2 answers

Why not validate self signed certificates through DNS-record instead of letsencrypt

I was just wondering. We use a lot of SSL certificates. Nowadays, we almost exclusively use letsencrypt (thanks!). The bottom line of these certificates is, that proof of ownership of the domain name(s) on the certificate comes from the power to…
Jelmer Jellema
  • 311
  • 2
  • 8
8
votes
1 answer

Self signed ssl I created for localhost cannot be trusted even though I have already imported it to chrome

I am creating https server side that I am using to practice OAuth to Instagram which requires https. I generated a certificate using ssl by running the script from the following link:…
alexW
  • 81
  • 1
  • 2
  • 4
8
votes
1 answer

nginx: No client certificate CA names sent

I have nginx and want it to verify client certificates. So I bought commercial certificate for server, and non-commercial for clients. Basically I've generated client certificates with easy-rsa scripts. Connecting with client certificates validation…
adontz
  • 337
  • 4
  • 12
8
votes
3 answers

How can I create self-signed certificate that is stronger than SHA-1?

For development environment, I can create create self-signed certificate in IIS7.5. But that certificate is SHA-1 and recently browsers are complaining about it. When I open FireBug I see following warnings: "This site makes use of a SHA-1…
CrnaStena
  • 191
  • 1
  • 1
  • 6
5
votes
2 answers

how to create a SSL certificate chain from my own CA?

I use my own CA to create SSL certs for services in my infra. These certs are signed directly by my CA. It comes to me that this is likely a weak strategy, as if the cert was to be compromised, I need to create new ones from the one CA. If the CA…
MrE
  • 408
  • 1
  • 5
  • 14
4
votes
1 answer

Cannot add a self signed certificate in Firefox

I need to set up an IIS webserver that will be accessed by a small, finite number of users. I was considering using a self-signed certificate only, and manually installing it on the user's systems. So I generated the certificate with IIS tools,…
galinette
  • 193
  • 1
  • 6
3
votes
2 answers

openssl keeps creating v1 certificate instead of v3

Hell everyone, so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to not give me the "green lock" when im there. Any…
Ghaith Haddad
  • 53
  • 1
  • 3
  • 6
3
votes
0 answers

x509 certificate not valid for any names when added IP address to openssl.cnf

A self-signed certificate works well while the command used to generate it on a ubuntu machine is: openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes If the client side uses an IP address instead of the domain…
minghua
  • 171
  • 1
  • 1
  • 8
3
votes
3 answers

Does filling out the Country Name, State etc. matter when creating a self-signed certificate for Postfix?

When I set up Postfix I have to create a cert because the snakeoil cert included with Postfix is there strictly for the purpose of demonstration. I use this command: sudo openssl req -x509 -newkey rsa:4096 -sha512 -keyout postfix-key.pem -out…
Harold Fischer
  • 269
  • 3
  • 8
3
votes
0 answers

The revocation function was unable to check revocation for the certificate 0x80092012

Please help me to deal with self-signed revocation check I've used makecert.exe to create root and client certificate The problem is that certutil fails to check certificate with error The revocation function was unable to check revocation for the…
oleksa
  • 130
  • 7
3
votes
2 answers

How to certify a self-signed imap email server

My task is to retrieve emails from an imaps email server using Java so as a client I need to authenticate the email server using an appropriate certificate. It seems however, that this email server is using a self-signed certificate which does not…
Eugene S
  • 370
  • 2
  • 7
  • 19
3
votes
1 answer

Convert cert .cer to .pem via OpenSSL plus using SHA-256

This might be me having done it wrong. I recently used OpenSSL to convert a .cer to .pem using this - openssl x509 -inform der -in certificate.cer -out certificate.pem (And then loaded the .pem onto the loadbalancer) However the client browser…
mrchinchin25
  • 33
  • 1
  • 4
3
votes
0 answers

Creating SSL certificate signed by a self-signed CA certificate in Jetty

I'm trying to configure a jetty-distribution-9.3.1.v20150714 backend running on Java 1.8.0_45-b14 with a certificate signed by a self-signed CA certificate, for SSL pinning. Following Apple's guide, I created a self signed CA certificate, then…
Kof
  • 143
  • 1
  • 4
3
votes
1 answer

How to unassign self-signed cert from SMTP on Exchange 2010?

We have a GoDaddy wildcard certificate that we have installed into Exchange 2010 and is successfully used on IIS connections for OWA. We have assigned this certificate to the SMTP Service as well as IIS, but that doesn't seem to have unassigned the…
Craig Watson
  • 9,370
  • 3
  • 30
  • 46
1
2 3
8 9