This question already has answers here: Why wget doesn’t verify SSL certificates? (4 answers) Closed 6 years ago. Ubuntu 12.04 OpenSSL 1.0.1 14 Wget 1.13.4 My setup: create our own CA (our_own_ca.crt) generate a certificate which is signed with the above CA (graphite.local.crt) Concatenate that cert and the CA cert into a bundle file Nginx … Read more
We have a GoDaddy wildcard certificate that we have installed into Exchange 2010 and is successfully used on IIS connections for OWA. We have assigned this certificate to the SMTP Service as well as IIS, but that doesn’t seem to have unassigned the default self-signed certificate. The self-signed certificate is already assigned to SMTP, IMAP … Read more
This might be me having done it wrong. I recently used OpenSSL to convert a .cer to .pem using this – openssl x509 -inform der -in certificate.cer -out certificate.pem (And then loaded the .pem onto the loadbalancer) However the client browser (chrome) reports it’s SHA-1 and although it works, (connectivity wise) it doesn’t look good. … Read more
When I set up Postfix I have to create a cert because the snakeoil cert included with Postfix is there strictly for the purpose of demonstration. I use this command: sudo openssl req -x509 -newkey rsa:4096 -sha512 -keyout postfix-key.pem -out postfix-cert.pem -days 3650 This prompts me with Country Name, State or Province Name, etc. Is … Read more
Hell everyone, so i’m trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to not give me the “green lock” when im there. Any idea why is this happening. Here is my server.crt file: … Read more
My task is to retrieve emails from an imaps email server using Java so as a client I need to authenticate the email server using an appropriate certificate. It seems however, that this email server is using a self-signed certificate which does not included in the truststore(?) by default. From what I found here, the … Read more
I need to set up an IIS webserver that will be accessed by a small, finite number of users. I was considering using a self-signed certificate only, and manually installing it on the user’s systems. So I generated the certificate with IIS tools, installed it on the webserver, and exported it in a .cer file. … Read more
I use my own CA to create SSL certs for services in my infra. These certs are signed directly by my CA. It comes to me that this is likely a weak strategy, as if the cert was to be compromised, I need to create new ones from the one CA. If the CA gets … Read more
I am creating https server side that I am using to practice OAuth to Instagram which requires https. I generated a certificate using ssl by running the script from the following link: https://gist.github.com/bjanderson/075fadfccdd12623ab935e57eff58eb4 The script ran just fine and I received all the expected files. I’ve imported the ca.crt to my chrome under the trusted … Read more
I have nginx and want it to verify client certificates. So I bought commercial certificate for server, and non-commercial for clients. Basically I’ve generated client certificates with easy-rsa scripts. Connecting with client certificates validation disabled works as expected. Connecting with “ssl_verify_client on;” fails with code 400 and no information in error or access log. nginx … Read more
