Questions tagged as ['certificate']

Certificates are a Public Key and Identifying Information
Score: 0
Oscar M avatar
Pass HTTPS certificates from downstream servers through NGINX proxy to client
de flag

I have a fleet of Ubuntu edge computers that host simple web HMI servers. Many are behind dynamic IPs where port forwarding is unavailable.

So, to access them each uses autossh to create a reverse tunnel into a central cloud proxy server. I can then access each one with, 6002, etc. This is working.

I now want to use NGINX so that we don't have to remember the port numbe ...

Score: 0
Why do i get openssl error unknown option for -adext?
cn flag

I am attempting to generate CSR using openssl with subject alternative names however i get an error stating no options for adext. See command below.. I am using OpenSSL 1.0.2k-fips

openssl req -new \
-newkey rsa:2048 -nodes -keyout {domain-name}.key \
-out {domain-name}.csr \
-subj "/C=GB/ST=test/L=/O=test/OU=test/CN={domain-name}.com" \
-addext "subjectAltName = DNS:first.{domain-name}.com,DNS:second ...
Score: 1
tio oit avatar
curl says a valid certificate is expired
in flag

I have a gitlab community edition hosted on a server, and when using curl on this server to fetch this local gitlab website, I get an expired certificate error even if the dates are valid:

curl --insecure -vvI 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
* Server certificate:
*  subject:
*  start d ...
Score: 0
SSL3 decrypt error lead to openssl_handshake bad signature
cn flag

I have an authentication server based on certificate. The previous roll of certificate (1 CA + 1 Server + 1 Client) worked perfectly. A few days ago the client certificate expired and I had to generate a new one. I encountered the following problem so I generated once again all of the certificates (CA, Server and Client) but the problem still remain.

The server hold the CA + Server + Client certi ...

Score: 0
How does XCEP policy (XML) define SubjectType for User or Computer constraint?
io flag

We've developed our own implementation of a XCEP/CES WCF service that uses a combination of our certificate management solution and the Microsoft CA to issue the certificates. The standard XCEP XML definition is used (same as the standard Microsoft XCEP/CES WCF service). We use the same WSDL for the WCF service. This works fine for CEP and CES.

Now, we extended the software to use a different Cer ...

Score: 0
Unable to scrape kublet api from prometheus
us flag

I am setting up prometheus to scrape kubernetes cluster. I am trying to use "role: node" with kubernetes_sd_config to monitor one of the K8s cluster. I created certificate ashishcert.pem for user "ashish" and prometheus will use this cert to scrape the cluster. This certificate is signed by cluster CA.


Now when i look back in my prometheus, it says "cannot validate certificate x.x.x ...

Score: 0
Ldap service not running on Windows Server 2019
ao flag

I have 2 windows server 2019. e.g. server1 and server2. server1 is the domain controller. server1 has below roles installed: ADDS, ADCS, DNS, FILE STORAGE, IIS.

server2 is connected to that domain controler. server1 has below roles installed: ADCS, FILE STORAGE, IIS.

I have setup PKI on server1 and everything works fine. I am able to use CRL as well as OCSP feature for certificate validation.

I wanted  ...

Score: 0
JakeRobb avatar
How does HTTPS certificate presentation work, exactly?
ng flag

I'm troubleshooting an issue with a SAS vendor. To be clear, this question isn't "how do I fix it?", nor is it "what exactly is causing this problem?" -- rather, it's "how do these technologies work, such that this combination of symptoms is possible?" I have a support ticket open with the vendor already (and I am less-than-patiently waiting for it to be escalated to someone sufficiently capable). The p ...

Score: 0
alancc avatar
How to Enable SSL for Amazon EC2 Instance(LAMP packaged by Bitnami)?
cn flag

I launch an EC2 instance with an AMI from the marketplace, which is called LAMP packaged by Bitnami.

After the instance is launched, I find I can only access its DNS name or IP via HTTP, not HTTPS. It seems that the SSL will not be installed by default.

So I search on its document and find this:

I follow the instr ...

Score: 0
isd503 avatar
WinRM "Access Denied" Cross Domain
es flag

I have SERVER1 in DOMAINA and SERVER2 in DOMAINB. There is a firewall between the domains. SERVER1 is running Windows 2012 R2 and SERVER2 is running Windows 2016 Std. SERVER1 is a domain controller and SERVER2 is Windows Event Forwarding (WEF) collector. DOMAINA\SERVER3 is also a domain controller running Windows 2012 R2.

SERVER3 is using a certificate to send its Security event logs to the c ...

Score: 0
radumanolescu avatar
X.509 signed certificate validity
cn flag

We are trying to generate server certificates for a cluster of Kafka servers to communicate over SSL.

The procedure works, but the resulting validity of the certificates is only 30 days.

We are requesting 365 days, and after "Step 1" (see below), we have a key pair with the correct validity. See (1) below.

However, after we import the signed certificate back into the keystore, the validity has been red ...

Score: 0
Silverman avatar
Verify two pfx certificates are not the same without the password
cn flag

I need to verify that two pfx files are indeed different certificates, and not the same data pasted two times. My constraints are:

  • I don't have access to the certificate password, therefore I cannot use tools like "certutil -dump path" etc.
  • As explained, I cannot rely on the file metadata (creation date, etc.) because I want to verify that the content is actually different.

I understand that the p ...

Score: 0
Keith Stein avatar
Certificate for Azure Point-To-Site VPN via Custom HostName
ng flag

I have a feeling there's something about this I don't understand.

I have a working point-to-site VPN connection between my computer (using Windows' native rasphone component), and our Azure Virtual Network Gateway. The gateway uses a self-signed root certificate that I created, and my computer has a client certificate signed by the root which it uses to authenticate.

In the VPN configuration on my co ...

Score: 0
jack j avatar
Howto dump loaded valid ssl cert's from running nginx, which was erased from disk by mistake?
ru flag

I knew about gdb. I already dump memory of running nginx process. I see all txt *.conf configs in that dump.

But! howto find, convert, etc... some of memory range from that dump to valid initial and erased ssl cert?

(Now I can not nither reload or restart my nginx - nginx -t WARN me, there is no ssl cert's)

Score: 0
LiBRo avatar
iOS 14.7.1 + Exchange 2019 - Server certificate no longer trusted
bo flag

After upgrade to iOS 14.7.1 I am no longer able to sync my email/calendar/contacts with company Exchange 2019.

Our Exchange uses certificate issued by our enterprise CA and these seem to become untrusted after the upgrade to iOS 14.7.1.

I tried multiple procedures:

Score: 1
Guy Tabak avatar
openssl upgrade | fail validating certificate
kr flag

I am working on CentOS7 machine, and I am trying to upgrade my machine's openssl version 1.0.2k -> 1.1.0l. It seems like the handshake process with my server(which didn't change) fails after the upgrade and I'm trying to figure out the cause.

Running the following command with both openssl version:

openssl s_client -showcerts -connect server:port

Resulted with failure with the newer one (if i provid ...

Score: 0
Eugene Afanasovich avatar
How to configure Windows to execute only .exe with certificate signing?
cn flag

I want to run (on a certain computer with Windows 10) only those exe. files, who signed by certificates, which installed on the computer (it can be certificates from CA or my own test certificate).

I already tried this solution (and many others): How does one configure Windows not to execute tampered binaries?

but none of them solved my problem.

I wrote two "HelloWorld" apps (with certificate sign ...

Score: 1
Andrea Nobili avatar
ERROR: Site default does not exist! when I perfomr a2dissite default command after SSL certificate generation
mx flag

I am not a system administrator or a network administrator (I have a software developer background). I am finding some difficulties trying to follow this tutorial in order to implement SLL client authentication on an Ubuntu 20.04 version:

I know that this tutorial is pretty old but it seems to works fine except a sin ...

Score: 0
What if you give a certificate without domain authentication?
cn flag

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn't find a satisfactory answer. I'm very curious about that part.

Score: 0
What was the reason for dns validation?
cn flag

I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this process itself dns validation? I want to know the effect of dns validation, and I want to know what happens when dns validation is not done.

thank you.

Score: 2
Haneef Ibn Ahmad avatar
Which clients support self-signed certificates with DANE?
ru flag

We've been considering to make more use of DANE as a decentralised authority for our certificates.

Especially with S/MIME.

However, the key obstacle is... how widely are DANE treated as an authority with mail clients?

Is there a list with all the clients (mail, web, ftp, ssh and etc...) that support DANE?


Score: 0
meetooR avatar
CLIUSR certificate expiration
uy flag

I have an Exchange 2019 DAG and the CLIUSR certificate (clusinfracert) will expire soon. I have extensively researched this and there are very few resources online that address this certificate.
There is nothing to 'try', it's either manually renew it via ECP or allow it to expire and see what happens to the DAG.

Do I need to manually renew this cert or will it renew on its own?

Score: 1
How do I set permissions on a service certificate store?
cz flag

I have a service that requires access to its own certificate store but gets an access denied.

I checked with mmc and the Certificates snapin for the service and the store exists and contains certificates. However, in the snapin I cannot see or set permissions.

I tried dumping the certificates (for a test, later to change permissions) using certutil but I keep getting a FAILED with "The parameter is  ...

Score: 0
curious_weather avatar
Strongswan IPsec ignores empty certificate request
in flag

I am trying to set up a certificate based VPN connection to a modem (a Digi WAN Connect 3G) in the field.

Using ipsec version Linux strongSwan U5.8.2/K5.8.0-55-generic on Ubuntu 20.04.

I am pretty certain that I am setting up the certificates correctly with pki. After executing ipsec up modem15 on the server I get these messages:

initiating Main Mode IKE_SA modem15[1] to ..
generating ID_PROT request  ...
Score: 0
Can you enable certificate authentication in ADFS for devices *only* so that users don't receive a certificate prompt in the browser?
cn flag

Everything is in 2019 functional level.

We host our ADFS WAPs in Azure. Because the Azure servers are registered in Azure AD, they have the Azure DRS CA in the trust chain, and so the WAPs are willing to accept registered device certificates for any workstation, even though those devices aren't actually registered in our tenant. This has a side-effect of prompting users for certificates that the s ...

Score: 0
Sauron avatar
Installing a PFX with bundle-ca included, do I still have to install the ca-authority in root?
br flag

I have a Windows web server, and usually I install the ca-authority in "LocalMachine\Root" and the intermediary PFX certificate in "LocalMachine\My", everything works well. Now I wonder, if during the PFX certificate generation I include the ca-bundle, can I avoid to install the ca-authority in "LocalMachine\Root" and just install the PFX with included the bundle-ca in "LocalMachine\My"?

Score: 0
Sauron avatar
Do I need to use the bundle-ca when generating a pfx?
br flag

I just bought a "Positive SSL certificate". The crt files and bundle-ca from the issuing company (Sectigo) arrived via email. To generate the pfx I use the "PEM TO PKCS #12" from this site Is it necessary that in "Bundle File" I insert the bundle-ca received? The pfx certificate is still generated even without inserting it, so I wonder what is needed and if excludi ...

Score: 0
We'll See avatar
Access certificate used for PEAP in wireless network connection
tr flag

OS: Windows 10 Pro

Where on my computer can I find the certificate that is used in the PEAP authentication of my wireless network connection?

If I 'forget' the wireless network and rejoin then I am once again asked whether I trust the RAS server's certificate, presumably it is then stored somewhere on my computer?

I have tried the following through Powershell but neither lead to the certificate:

Score: 0
Woodstock avatar
How to specify identity when using SSH agent?
in flag

I've got a slightly unusual use-case...

I'm using SSH via certificates, (where the authentication mechanism isn't just a signature from a private key, but also presentation of a signed cert).

I have many endpoints/servers and different environments that I access in the same session, thus my ssh-agent is "loaded" with many identities at a time.

I'm using the ssh-agent as it provides a number of ni ...

Score: 0
Ejabberd: failed to decode from DER format
cn flag


ejabberd version: 20.7 Erlang version: 10.6 OS: Windows Server 2019 Installed from: official binary installer Errors from error.log/crash.log 2021-06-21 07:40:31.041 [critical] <0.105.0>@ejabberd_app:start:71 Failed to start ejabberd application: Invalid value of option listen->4->certfile: Failed to read PEM file 'C:/ProgramData/ejabberd/conf/test.pem': at line 41: failed t ...