Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
407
votes
15 answers

Displaying a remote SSL certificate details using CLI tools

In Chrome, clicking on the green HTTPS lock icon opens a window with the certificate details: When I tried the same with cURL, I got only some of the information: $ curl -vvI https://gnupg.org * Rebuilt URL to: https://gnupg.org/ * Hostname was NOT…
Adam Matan
  • 13,194
  • 19
  • 55
  • 75
271
votes
6 answers

how to download the ssl certificate from a website?

I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?
RainDoctor
  • 4,422
  • 3
  • 23
  • 25
226
votes
6 answers

How do I view the details of a digital certificate .cer file?

I am using Windows and have been given a .cer file. How can I view the details of it?
yazz.com
  • 7,193
  • 15
  • 38
  • 39
195
votes
14 answers

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?
pdeva
  • 2,447
  • 5
  • 18
  • 15
191
votes
6 answers

How do I convert a .cer certificate to .pem?

I have a .cer certificate and I would like to convert it to the .pem format. If I remember correctly, I used to be able to convert them by exporting the .cer in Base64, then renaming the file to .pem . How do I convert a .cer certificate to .pem?
systempuntoout
  • 2,055
  • 2
  • 13
  • 10
188
votes
6 answers

SSL Certificate Location on UNIX/Linux

Is there any standard or convention for where SSL certificates and associated private keys should go on the UNIX/Linux filesystem?
John Topley
  • 2,175
  • 3
  • 16
  • 17
148
votes
8 answers

Is there a reason to use an SSL certificate other than Let's Encrypt's free SSL?

Let's Encrypt are providing free SSL certificates. Are there any downsides compared to other, paid certificates e.g. AWS Certificate Manager?
ripper234
  • 5,890
  • 9
  • 41
  • 49
103
votes
5 answers

Should a wildcard SSL certificate secure both the root domain as well as the sub-domains?

I ask this question, because Comodo are telling me that a wildcard certificate for *.example.com will also secure the root domain example.com. So with a single certificate, both my.example.com and example.com are secured without warning from a…
josswinn
  • 1,145
  • 2
  • 7
  • 4
103
votes
2 answers

What is .crt and .key files and how to generate them?

I've the following configuration: SSLEngine on SSLCertificateFile /etc/httpd/conf/login.domain.com.crt SSLCertificateKeyFile /etc/httpd/conf/login.domain.com.key SSLCipherSuite ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP but I don't know how to…
Mohammad Ali Akbari
  • 1,763
  • 5
  • 20
  • 24
93
votes
4 answers

Does each subdomain need its own SSL certificate?

I am creating a websocket server which will live on ws.mysite.example. I want the web socket server to be SSL encrypted as well as domain.example to be SSL encrypted. Do I need to purchase a new certificate for each subdomain I create? Do I need a…
user974407
  • 1,081
  • 1
  • 8
  • 10
80
votes
5 answers

Best location to keep SSL certificates and private keys on Ubuntu servers?

On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/ This answer adds that the certificate should go in /etc/ssl/certs/ but that seems like an unsafe place. Do .crt files…
Adam Nelson
  • 1,647
  • 3
  • 14
  • 12
79
votes
10 answers

How to avoid lftp Certificate verification error?

I'm trying to get my Pelican blog working. It uses lftp to transfer the actual blog to ones server, but I always get an error: mirror: Fatal error: Certificate verification: subjectAltName does not match ‘blogname.com’ I think lftp is checking the…
patrick
  • 892
  • 1
  • 6
  • 6
78
votes
6 answers

Generating a self-signed cert with openssl that works in Chrome 58

As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%7Csort:relevance%7Cspell:false Instead it…
bcardarella
  • 1,737
  • 2
  • 12
  • 10
73
votes
6 answers

Why are CA root certificates all SHA-1 signed (since SHA-1 is deprecated)?

I understand that SSL certs cannot be signed using SHA-1 anymore. Yet, all CA root certificates are SHA-1 signed (mostly). Does it mean the same algorithm that is no longer trusted for "you grandma SSL shop" is fine for the uttermost top secured…
131
  • 887
  • 1
  • 6
  • 10
72
votes
2 answers

Must CSRs be generated on the server that will host the SSL certificate?

Is it necessary to generate the CSR (Certificate Signing Request) on the same machine that will host my web application and SSL certificate? This page on SSL Shopper says so, but I'm not sure if that's true, because it would mean I'd have to buy a…
Mike M. Lin
  • 901
  • 1
  • 7
  • 8
1
2 3
99 100