Server Fault
Server Fault

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3364 questions
451
votes
16 answers

Displaying a remote SSL certificate details using CLI tools

In Chrome, clicking on the green HTTPS lock icon opens a window with the certificate details: When I tried the same with cURL, I got only some of the information: $ curl -vvI https://gnupg.org * Rebuilt URL to: https://gnupg.org/ * Hostname was NOT…
Adam Matan
  • 14,084
287
votes
7 answers

how to download the ssl certificate from a website?

I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?
RainDoctor
  • 4,664
  • 5
  • 26
  • 26
279
votes
7 answers

How do I view the details of a digital certificate .cer file?

I am using Windows and have been given a .cer file. How can I view the details of it?
yazz.com
  • 7,953
217
votes
14 answers

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?
pdeva
  • 2,677
212
votes
6 answers

How do I convert a .cer certificate to .pem?

I have a .cer certificate and I would like to convert it to the .pem format. If I remember correctly, I used to be able to convert them by exporting the .cer in Base64, then renaming the file to .pem . How do I convert a .cer certificate to .pem?
systempuntoout
  • 2,265
203
votes
6 answers

SSL Certificate Location on UNIX/Linux

Is there any standard or convention for where SSL certificates and associated private keys should go on the UNIX/Linux filesystem?
John Topley
  • 2,335
150
votes
8 answers

Is there a reason to use an SSL certificate other than Let's Encrypt's free SSL?

Let's Encrypt are providing free SSL certificates. Are there any downsides compared to other, paid certificates e.g. AWS Certificate Manager?
ripper234
  • 6,232
110
votes
5 answers

Should a wildcard SSL certificate secure both the root domain as well as the sub-domains?

I ask this question, because Comodo are telling me that a wildcard certificate for *.example.com will also secure the root domain example.com. So with a single certificate, both my.example.com and example.com are secured without warning from a…
josswinn
  • 1,215
110
votes
3 answers

What is .crt and .key files and how to generate them?

I've the following configuration: SSLEngine on SSLCertificateFile /etc/httpd/conf/login.domain.com.crt SSLCertificateKeyFile /etc/httpd/conf/login.domain.com.key SSLCipherSuite ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP but I don't know how to…
Mohammad Ali Akbari
  • 1,833
101
votes
4 answers

Does each subdomain need its own SSL certificate?

I am creating a websocket server which will live on ws.mysite.example. I want the web socket server to be SSL encrypted as well as domain.example to be SSL encrypted. Do I need to purchase a new certificate for each subdomain I create? Do I need a…
user974407
  • 1,151
88
votes
5 answers

Best location to keep SSL certificates and private keys on Ubuntu servers?

On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/ This answer adds that the certificate should go in /etc/ssl/certs/ but that seems like an unsafe place. Do .crt files…
Adam Nelson
  • 1,767
82
votes
10 answers

How can I avoid this lftp certificate verification error?

I'm trying to get my Pelican blog working. It uses lftp to transfer the actual blog to ones server, but I always get an error: mirror: Fatal error: Certificate verification: subjectAltName does not match ‘blogname.com’ I think lftp is checking…
patrick
  • 922
79
votes
6 answers

Generating a self-signed cert with openssl that works in Chrome 58

As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%7Csort:relevance%7Cspell:false Instead it…
bcardarella
  • 1,757
77
votes
2 answers

How to combine various certificates into single .pem

I've just finished reading over this great thread explaining the different SSL formats. Now I'm essentially looking for the opposite of How to split a PEM file There's 4 files I want to consolidate, originally created for Apache, I'm looking at…
quickshiftin
  • 2,225
75
votes
2 answers

Must CSRs be generated on the server that will host the SSL certificate?

Is it necessary to generate the CSR (Certificate Signing Request) on the same machine that will host my web application and SSL certificate? This page on SSL Shopper says so, but I'm not sure if that's true, because it would mean I'd have to buy a…
Mike M. Lin
  • 931
1
2 3
99 100