Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1371 questions
8
votes
2 answers

Certificate authority expiration

When a certificate authority expires, is it gone for good? Is there a way to renew it? Or should I just generate a new certificate? I don't really want to make a new one because this certificate authority is already trusted by many of our customers.…
Jay
  • 191
7
votes
3 answers

Can I use a trusted CA certificate on multiple sites?

Are there any technical/legal/contractual limitations to using a CA certificate on multiple sites that are running on a single machine? multiple machines? Or are the certificates to be used on a per site basis?
Joseph
  • 1,746
6
votes
2 answers

Prevent copying (exporting) private key from one machine to another?

We are considering using digital certs to verify that the machine connecting to our VPN service is in fact a company-owned machine. So one of my co-workers here mentioned that for a knowledgable user (and our users are for the most part CompSci…
Will Dennis
  • 304
6
votes
2 answers

How do you install a certificate in a PFX file in to the personal container of the NT-AUTHORITY\NetworkService?

I have a .PXF file used to strongly name several of our .NET assemblies. VS2010/MSBUILD seems to expect this to be in the personal container for the user account running VS2010/MSBUILD. This is all just fine and dandy when working in an interactive…
Pete Stensønes
  • 165
  • 1
  • 6
4
votes
1 answer

How to get Let's Encrypt Public, Private Key?

I use Ubuntu 16.04 with Nginx for my web server. I setup my website SSL with Let's Encrypt. And I want to get private, public key pair of Let's Encrypt. Can someone point out where those files exist?
Set Kyar Wa Lar
  • 173
3
votes
2 answers

keytool error: Certificate reply does not contain public key for

I've recently purchased a certificate from GoDaddy for coding signing an Adobe Air application. I generated a CSR (Code Signing Request) file and sent it to them. They have send back a .spc certificate file (PKCS #7 format). I'm using keytool that…
andyuk
  • 365
3
votes
0 answers

Intermediate and root certificates expired but my certificate has not, what happens?

I have just renewed a certificate that is used for our web services and asymmetric encryption. I received the following bundle that I will need to provide to my clients, but two of the certificates in the chain are going to expire in May 2020. I've…
dcNaswa
  • 43
2
votes
1 answer

error Unable to configure verify locations for client authentication

Starting my apache2 Server on Ubuntu 12.04.5 LTS, I got the following error [error] Unable to configure verify locations for client authentication my Problem, on the server are more than one Client. so the question would be how to find out which…
syswombat
  • 31
2
votes
1 answer

"Unknown Publisher" on digitally signed exe

We're trying to sign an installer exe, but we keep getting "Unknown Publisher" errors on the machines that download them. Here's our steps: Build the code and create an installer Sign the installer (with a trusted certificate) Upload the…
Anthony Johnson
  • 123
  • 3
1
vote
0 answers

curl: requested domain name does not match the server's certificate

certificate is very new to me, I came to this question because docker pull failed. Then I check the url with wget and curl, they all describe certificate is somehow wrong. docker error Get https://registry-1.docker.io/v2/: x509: certificate is valid…
Tiina
  • 175
1
vote
0 answers

sbs 2011 certificate not renewing properly

I'm working on an SBS 2011 server here, the client advised she could no longer access mail on her laptop because her certificate had expired. The company uses a self assigned certificate. So I run the Fix my network tool in the SBS console, it says…
John A
  • 11
0
votes
1 answer

ADCS CAExchange Certificates gets iussued without default templates loaded

Eventhough I've used the "LoadDefaultTemplates=0" in my CAPolicy.inf when installing my subordinate I noticed that it still issued 1 certificate after the setup. This is the CAExhange cerificate and it issued it towards it self. Now I am wondering…
kevin rennenberg
  • 73
0
votes
1 answer

Can I create a CA which is part of a WW trusted CA?

When I create a CA role there is an option for "Root CA" and "Subordinate CA", choosing the second one adds an option to generate a cert request. Does it mean I can buy a service e.g. from Comodo that will sign my CA cert with theirs and allow me…
Alex
  • 1,868
0
votes
0 answers

Windows 10 computer certificate deleted and not issued again after gpupdate /f

I deleted the local computer certificate from: MMC>Certificate>ComputerAccount>Local Computer To test if my network lab is working and the network authentication fallback on the MAB from the Dot1x. The good news is that works well, but after running…
user22482857
  • 1
0
votes
1 answer

Path #2: Not trusted in SSLLabs domain check

First and foremost I want to apologize, because I am really an amateur in networking. I tried to run a SSLLabs check on a web domain my company owns. The overall rating is "A" and everything is shown "green", which lets me believe that I do not have…
Simon Rempel
  • 1
1
2