Questions tagged as ['ssl']

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.
Score: 0
SaltySteven avatar
Redirect old url to new with NGINX conflicting server name error
nl flag

My website will change url, I'm trying to apply a redirect ( to, but I'm getting the following error:

nginx: [warn] conflicting server name "" on, ignored nginx.

Here is my nginx config file on /etc/nginx/sites-enabled/myconf.conf:

server {
            locatio ...
Score: 0
Timothy Fisher avatar
Curl "peer's certificate issuer is not recognized" error when attempting to communicate between two servers
ca flag

I have two servers A and B that host websites that work fine in a browser with https. The lock icon in the browsers show active and trusted SSL certificates.

I'm trying to run curl so that server A can talk to server B, but am running into an error.

- Server A -
$ curl
CAfile: /etc/pki/tls/certs/ca-bundle.crt
curl: (60) Peer's Certificate issuer is not recognized.

I've done some ...

Score: 0
Leland Barton avatar
Nginx Keep Alive: Simultaneous SSL Handshakes Taking 25s
tr flag

Thanks for reading :)

This is a super difficult issue and would like to receive any ideas or suggestions to figure out this issue.

Problem: The application on a user logging in initiates ~20 api requests in parallel. The first request will do the SSL handshake and then around the 10th to 13th request, I see two requests initiate the SSL handshake at the same time with each handshake getting stuck and t ...

Score: 0
SScotti avatar
Questions about NGINX config after upgrade, TLSv1.2 TLSv1.3, etc. proxy config, getting SSL_do_handshake() failed, failed
cn flag

I recently upgraded a DOCKER container running NGINX to use the NGINX repo at instead of the Debian distro version, and for security purposes we are making some adjustments to the server config regarding SSL/TLS, etc. When I scan one of the server domains with a Qualsys ? scan it actually gets an A, but fails for some of the older browsers. Looking at the Log file, I am actually seeing error ...

Score: -1
wesley allison avatar
How to make a dynamic SSL HTTPS server in nodejs without SNICallback
vn flag

I want to make a dynamic SSL HTTPS server in node.js without using SNICallback, maybe using open SSL?

Score: 0
Claudiu Creanga avatar
SSL certificate still appears as expired
cn flag

My ssl certificate has expired and I generated a new one with the same private key. After I uploaded my new certificate on the server, chrome and other browsers still view the old one. Deleted cache and everything, tried in an incognito window, restarted the express js server. Could it be because I used the same private key?

Score: 0
Rsyslog - "Warning: CA certificate is not set" but TLS forwarding still works
ma flag

I am configuring rsyslog to forward over TCP/TLS. I was curious why, unlike HTTPS, I had to add the certificate to my client, so I went against the README and commented out the cert config, leaving me with this:

# global(DefaultNetstreamDriverCAFile="/etc/ssl/cert.pem")

ruleset(name="fluentd") {
                target="<my domain>"
Score: 1
How can I use Ubuntu 22.04 with OpenSSL 3 and PHP sites? Getting errors due to a conflict
us flag

I have an Ubuntu 22.04 install and it is using OpenSSL 3. When I put my site on the server, I get this error:

file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000126:SSL routines::unexpected eof while reading

Searching for answers just tells me there's a bug with PHP 8.1 and OpenSSL3 on a Laravel app. So, how is anybody hosing PHP apps on Ubuntu 22.04?

Score: 0
Ameya Kalyankar avatar
How to set up DNS on google domains to host tomcat websites on the internet
us flag

Excpectations / Target

  • We have a domain as (say) bought on Google Domains and a PC running with windows 10 Pro
  • We intend to make this PC a server for hosting 2 of our web-apps app1 and app2 Currently we do not own a static IP address so lets refer the public address as:
  • Web-applications app1 and app2 are running on tomcat in separate app-bases and port 8081 & 8082
  • We wan ...
Score: -2
Sahin avatar
Will Disabling All Non-256-bit Cipher Suites Cause An Issue?
in flag

I want to disable some risky cipher suites (especially for TLS 1.1 and 1.0) which are 128-bit, in order to achieve a more secure server in Windows. But these cipher suites may be used by some client. They probably use a 256 bit version of some cipher suite. I just want to be sure this won't cause a problem.

Score: 0
Sahin avatar
How To Disable Weak Cipher Suites Only For TLS 1.0 and 1.1 In Windows?
in flag

I want to disable some weak cipher suites in Windows but TLS 1.2 is not so vulnerable and I don't want to cause any other problem in the server, so I just want to disable them for TLS 1.0 and 1.1.
Disable-TlsCipherSuite command works but disables a cipher suite for all TLS versions.

Score: 0
taipei avatar
Running multiple apps on the same subdomain with different IIS servers
ru flag

I have a subdomain, let's say it's Currently, I set up this subdomain with the SSL cert. on the IIS server, we can call this server is server-A. Under server-A I have more than one app running for each path. For example, app-A running on, app-B running on

I have another IIS server (we can call it server-B), and I would like to use the same domain as

Score: 0
user3621726 avatar
curl request via Nginx with mTLS enabled
us flag

When Nginx is configured to verify server's TLS chain like this:

  proxy_ssl_trusted_certificate some.pem;
  proxy_ssl_verify on;
  proxy_ssl_verify_depth 3;

and testing using a curl command, will both curl and Nginx perform server TLS chain verification?

Score: 0
birgersp avatar
Redirect port 443 to 8080?
us flag

(note: I intentionally wrote "httpz" instead of "https" because I got an error message when trying to post the question)

I have a web server (docker container) running on 8080. I want people going to httpz:// to access it. I changed the port configuration for the container (docker compose) to map 443 to 8080, and that works. But I would rather route traffic going to my server from port 443 t ...

Score: 0
Dolphin avatar
unable to load certificate when convert cer to pem
af flag

I am using this openssl OpenSSL 1.0.2k-fips 26 Jan 2017 command to convert cer to pem:

openssl x509 -inform der -in fullchain.cer -out fullchain.pem

but shows error:

unable to load certificate
140025671485328:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140025671485328:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=X509
Score: 0
Adding Cloudflare SSL Results in 522 Error
us flag

Currently I'm trying to install a Cloudflare SSL certificate on my Ubuntu server that uses Nginx. I am following this guide on how to do so, but once I successfully install the certificate as per the instructions, my host seems to stop working and Cloudflare shows an Error 522 when visiting my domain.

My Nginx Configuration:

ubuntu:/etc/nginx/sites-available$ cat
server {
    listen 80; ...
Score: -3
Mudassir Razvi avatar
Extend validity of SSL certificate - Any Hack
ng flag

I have an absolute requirement of extending the validity of my SSL certificate. I have an SSL certificate pinned in the SDK which cannot be updated in time. This will lead to a huge business loss. Any way, any hack that will help me circumvent this.

PS: I know expiry date intrinsic to SSL and that's how its supposed to work. But I am desperate right now.

Score: 0
Himanshu Poddar avatar
How to check in what request-response mode my HAProxy is operating in?
ma flag

I have read that

Load balancers/reverse proxies usually have 2 operation modes.

In the first one, the requests from the clients are forward to one of the backends as is if they come directly from the source. Is this case the LB only redirects the request and the backend answers back directly to the client.

On the second mode, the LB answers the request and then creates a new one to the backend with  ...

Score: 0
shmuel wachtfogel avatar
Is it possible to terminate ssl between servers behind haproxy, using the existing haproxy's ssl termination
sa flag

photo of my architecture

I have an haproxy server doing SSL termination for traffic from the internet and a domain name GitLab.private pointing to it(orange path in the picture).

The problem I'm facing is when I want to access https://gitlab.private from another backend server I'm getting an error because GitLab.private is expecting HTTP from within the backend(green path in the picture).

I thought perhaps there is a way I can u ...

Score: 0
Peter Reynolds avatar
Kubernetes error creating PKI assets: Certificate invalid
mn flag

I have an issue with joining my worker nodes into the three masters configured. It's worth noting I know very little about the networking side of this (I'd rather it was explained like I am five, so that I can be sure I don't miss anything.)

I've been following the guide located at: ...

Score: 0
Multiple SSL certificate types on the same server
cn flag

Can i have two types of certificates installed on the server at the same time?

I need a wildcard SSL to protect a single domain and all its all subs. I need a UCC/SAN SSL to protect multiple other domains.

My assumption is i can buy one of each, install both and use the standard wildcard as the main SSL and SNI for the other sites?

Server 2016 datacenter IIS10

Score: 0
casparjespersen avatar
WSL-Docker: curl: (60) unable to get local issuer certificate
cn flag

After a PC reconfiguration I am unable to use Docker properly, since some curl commands are rejected due to SSL/TLS issues.

In just one example curl -vfsSL returns the following error:

*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* succe ...
Score: 0
user3621726 avatar
NGINX: Please explain proxy_ssl_verify_depth in detail
us flag

Can someone please explain how exactly proxy_ssl_verify_depth property works in the ngx_http_proxy_module?

The definition is rather short - Sets the verification depth in the proxied HTTPS server certificates chain.

Score: 0
user3621726 avatar
mtls configuration in NGINX - upstream chain validation
us flag

I have several questions regarding the mtls configuration in NGINX:

When configuring with ngx_http_proxy_module, to verify upstream certificate, does upstream's TLS chain have to be stored in a cert which is used in proxy_ssl_trusted_certificate property? or just the Root CA certificate? or intermediary and root?

The server's TLS chain looks approximately like this:

0 - A cert for a company's domain, i ...

Score: -1
Ali Muhanad avatar
installing SSL on 2 exchange servers
cn flag

I have 2 exchange servers run for one email service, and I need to renew the SSL certificate. Do I need to issue 2 SSL, or one is enough? If one is enough how can I replicate it between them?

Score: 0
Kubernetes: using an intermediate CA which certificate is signed by a self-signed root CA certificate
au flag

Does anyone use own certificate chains for Kubernetes clusters?

There's an issue with such kind of setup, and I would be grateful for any ideas on how to solve it.

Let's assume we have a Root CA which certificate is self-signed. Also we have an Intermediate CA which certificate is signed by the Root CA. We make a certification chain (by concatenating both PEM containers in one file) and set up Kuber ...

Score: 0
nightisovered avatar
Nginx TLS setting conflict
tc flag

I want my Nginx's SSL on the default website only support TLSv1.1 to achieve the effect of the browser's "unsupported encryption protocol" preventing others from directly access my source IP, but if I set the default website's configuration file only supports TLSv1.1, other sites will also not support TLSv1.2 and TLSv1.3, which confuses me, any ideas?

Score: 0
Finbar avatar
Proxy pass to express http server not working with secure websocket
cn flag

So I currently have apache with a proxy pass which redirects all requests to an express api running using the http node module, I also have a letsencrypt ssl certificate installed and all is working fine on this part. However, When I try to open a secure websocket connection it errors. I have only the bare minimum experience as far as apache configuration and ssl configuration goes so please bare with me ...

Score: 0
How do I run two Nginx Web Servers on the same machine?
br flag

I want to host a website and run a microservices project on my own server.

  1. The website will be run with the Nginx web server. The domain of the website will look like that and this website will use freessl.

  2. One of the services of the Microservice project will be run with Nginx web server as a service in a docker container. This service uses subdomains of my such as api-dev ...

Score: -1
Dita Aji Pratama avatar
How to configure SSL on SearX with step by step installation from SearX documentation?
cn flag

I install searx on my server with this instruction:

I use default setting and change bind_address into my domain name. It works.

Now I have no hint how to configure SSL on my SearX installation.