Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7127 questions
23
votes
4 answers

Getting an intermediate SSL certificate

Is it possible to buy an intermediate certificate to use it to sign subdomain certificates? It has to be recognised by browsers and I can't use a wildcard certificate. The search turned up nothing so far. Is anyone issuing such certificates?
Alex B
  • 1,774
18
votes
1 answer

My certificate issued by StartSSL is not accepted by my clients

I have requested a new class 1 server certificate from StartSSL today and it is working great with Apache and Dovecot + (Thunderbird/Outlook/OpenXChange ), but when I try to connect to the mail server using an Apple client (Mac/iPhone), I get an SSL…
Max
  • 183
18
votes
7 answers

For an intranet server would you buy a ssl cert or use a self signed cert?

We have a webservice that our application uses and the developers require https connections to the webservice. Since this is an internal webservice would you use a self signed cert?
Aaron Fischer
  • 499
15
votes
2 answers

What is wrong with my SSL trust chain?

The SSL cert for my site, https://www.snipsalonsoftware.com/, doesn't work on Android. In troubleshooting this problem I've plugged my site into the Qualys SSL Labs testing…
Jason Swett
  • 1,468
11
votes
2 answers

Difference between SSL products

I'm looking into getting a few SSL certificates for domains to cover the following: autodiscover.example.com remote.example.com www.example.com Wildcard certificates are too expensive, so I'm going to purchase a single certificate for each…
Mark Henderson
  • 69,083
10
votes
2 answers

How to simulate SSL client failing handshake?

I have a bug in my app, which is triggered when the client disconnects in the middle of SSL handskahe. The only way I found to trigger it is to run 100 threads in JMeter and suddenly stop the test, resulting in some of those 100 threads ending in…
Pitel
  • 209
7
votes
1 answer

Is dhparam really required if only using ECDHE?

https://weakdh.org/sysadmin.html says there is a bunch of problems with DHE. It says it can be fixed by generating my own dhparams, but I'd rather not have to do this. I think ECDHE doesn't use dhparams, but the man page of openssl dhparam was less…
enigmaticPhysicist
  • 248
7
votes
2 answers

How do you protect against specific vectors if your site is pure ssl?

Currently our firewalls inspect packets looking for certain known attack vectors. If my application goes pure ssl we'll lose that ability correct? Granted we've lost that ability on our current ssl'd pages.
Webjedi
  • 257
6
votes
1 answer

Get an SSL certificate without revealing my clients postal address?

My client runs a blog site where he is an author with many published books and blogging is now his full time job. The issue is he blogs about a lot of political topics, mainly things to do with terrorists and ISIS and that sort of thing. He is…
JasonDavis
  • 2,658
6
votes
1 answer

How do I remove/disable the CBC cipher suites in Apache server?

I tried the settings below to remove the CBC cipher suites in Apache server, SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite…
offsecgirl
4
votes
1 answer

Revocation of SSL certificate on domain owner change?

I recently tranferred a domain name after winning a dispute resolution case. Generating an SSL certificate for the domain got me wondering if there is any process in place for invalidating any previously-generated certificates for such domain names.…
user206444
4
votes
1 answer

disable any cipher suites using md5-based mac algorithms

Another developer recently ran a PCI Compliance check with TripWire on our server and one of the tests we failed was "SSL Server Supports Weak MAC Algorithms for TLSv1". The recommended solution by TripWire was to "disable any cipher suites using…
learningtech
  • 7,445
  • 23
  • 64
  • 88
4
votes
4 answers

Dedicated IP for SSL

I'll be needing a Dedicated IP & SSL for a website. I've noticed that SSL will work for either www or canonical name - but not both. So does mean that Dedicated IP would be set to only one of them ? If I set SSL for www then if a user goes to a URL…
MotionGrafika
  • 203
4
votes
1 answer

SSL certificate still appears as expired

My ssl certificate has expired and I generated a new one with the same private key. After I uploaded my new certificate on the server, chrome and other browsers still view the old one. Deleted cache and everything, tried in an incognito window,…
Claudiu Creanga
  • 143
3
votes
1 answer

Hostname provided via SNI, but no hostname provided in HTTP request

I got this error in apache log: [Mon Oct 28 16:11:33.074606 2019] [ssl:error] [pid 30553] AH02031: Hostname mywebsite.com provided via SNI, but no hostname provided in HTTP request I couldn't find any info about it. What does it means? The website…
Elia Weiss
  • 160
1
2 3
9 10