Super User Stack Exchange
Super User Stack Exchange

Questions tagged [ssl-certificate]

412 questions
249
votes
7 answers

What is the difference between a certificate and a key with respect to SSL?

Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there a standard difference between a key and a…
drs
  • 2,694
  • 2
  • 15
  • 15
137
votes
3 answers

Why does my browser think that https://1.1.1.1 is secure?

When I visit https://1.1.1.1, any web browser I use considers the URL to be secure. This is what Google Chrome shows: Normally, when I try to visit an HTTPS site via its IP address, I get a security warning like this: From my understanding, the…
Deltik
  • 19,353
  • 17
  • 73
  • 114
104
votes
8 answers

Avoid password prompt for keys and prompts for DN information

I am using following code to generate keys: apt-get -qq -y install openssl; mkdir -p /etc/apache2/ssl; openssl genrsa -des3 -out server.key 1024; openssl req -new -key server.key -out server.csr; cp server.key server.key.org; openssl rsa -in…
JP19
40
votes
4 answers

cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)

Today out of a sudden all HTTPS requests, that my Ubuntu 14 server sends to websites with SSL certificates issued by Let's Encrypt, started to fail. The error produced by cURL is: curl: (60) SSL certificate problem: certificate has expired When I…
Finesse
  • 1,101
  • 1
  • 8
  • 9
36
votes
3 answers

How do you fix an incomplete SSL chain

I have a Go Daddy SSL cert installed, and works fine everywhere except Android. https://www.ssllabs.com/ssltest/analyze.html says the chain is incomplete, and I read on stack overflow that an SSL chain in the wrong order will fail on Android. But…
Jon
  • 609
  • 1
  • 6
  • 16
35
votes
2 answers

Wildcard SSL common name - can it be called anything?

I was just wondering if a wildcard SSL certificate necessarily needs to have a common name that contains the domain name of the sites that need the SSL certificate applied to. For example, for the following: Domain name: testdomain.com Subsites:…
Johnny Lamho
34
votes
3 answers

Do web browsers cache SSL certificates?

Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on a web server, will all of the web browsers pick up the new certificate when they connect via SSL, or is it possible that they could have a stale…
Lorin Hochstein
  • 4,287
  • 6
  • 29
  • 26
33
votes
3 answers

How do I make Safari automatically use a particular client certificate for an entire site?

Using client certificates with Safari present a number of problems: Safari asks to select a client certificate on each page of the site (annoying) Safari might even re-ask you to choose a certificate on a page you've already visited, particularly…
apinstein
  • 1,251
  • 1
  • 10
  • 9
29
votes
2 answers

ERR_SSL_KEY_USAGE_INCOMPATIBLE Solution

I recently encountered the error message ERR_SSL_KEY_USAGE_INCOMPATIBLE in chrome using a self signed certificate. I spent hours trying to solve the problem before finally re-generating the certificate with: openssl req -new -x509 -days 36500 -nodes…
Tiffany
  • 391
  • 1
  • 3
  • 4
28
votes
3 answers

How to add a self-signed certificate as an exception in Chrome?

I have a number of network devices that I access over HTTPS. However, they are self-signed certificates, so Chrome displays a warning page. In earlier versions of chrome, I seem to remember an "add exception" button on this screen, or on the…
Force Flow
  • 4,066
  • 8
  • 29
  • 40
26
votes
5 answers

How to fix Firefox 59 no longer accepting my self signed SSL certificate on .dev virtualhost

On my local Apache environment I have a site that requires SSL for development, so I have been using a self signed certificate. The local site has worked fine in Firefox and Chrome until now, but after updating Firefox to version 59 today I can't…
kontur
  • 528
  • 1
  • 4
  • 13
24
votes
1 answer

IE9: Permanently accept untrusted certificate

When accessing a website via HTTPS which has an untrusted certificate, Internet Explorer 9 always shows me the following error message: Is there a way to import the certificate permanently, so that I don't have to click away this message every…
Bob
  • 717
  • 3
  • 8
  • 22
23
votes
2 answers

Permissions for SSL key?

I'm trying to set up a secure connection (https) in nginx. But I'm a bit worried about the private key's permissions, which aren't mentioned in any tutorial. Should I change them? To what?
ChocoDeveloper
  • 2,767
  • 9
  • 30
  • 41
22
votes
3 answers

How to provide a verified server certificate for Remote Desktop (RDP) connections to Windows 10

We have a Windows 10 Pro machine at our office which has an open port to the internet for incoming remote desktop connections (a ‘host’). It is well protected by complex password and limited number of permitted attempts and only TLS 1.1 or higher,…
gogoud
  • 1,316
  • 1
  • 8
  • 12
20
votes
6 answers

Check expiry date of ssl certificate for multiple remote servers

I can find out the expiry date of ssl certificates using this OpenSSL command: openssl x509 -noout -in -enddate But if the certificates are scattered on different web servers, how do you find the expiry dates of all these certificates on…
user32262
  • 253
  • 1
  • 2
  • 7
1
2 3
27 28