Questions tagged [certificate]
Certificates are a Public Key and Identifying Information
1,349
questions
0
votes
1
answer
207
views
AH02565: Certificate and private key from <cert> and <private key> do not match
I'm trying to update some expired SSL certificates internally on some Ubuntu and Redhat servers. I have an internal certificate authority for this (ADCS). These are the steps I'm taking:
Generate CSR ...
- 21
1
vote
2
answers
235
views
Local Machine certificate (certlm.msc) - choosing "Microsoft Software Key Storage Provider" on import
When importing a device certificate/private key through CERTLM, the GUI seems to choose a deprecated Cryptography Service Provider (CSP) called "Microsoft Strong Cryptographic Provider"; I'm ...
- 145
1
vote
1
answer
49
views
Error: The issuer of this certificate could not be found for AD issued Code Signing Certificate
Problem
I've created a certificate through AD certificate services, but it has the error "The issuer of this certificate could not be found." despite the full chain being present in the PFX.
...
- 1,278
0
votes
1
answer
117
views
Why is certificate request invalid from Exchange 2019?
I am creating a cert request in powershell on an exchange 2019 server as follows:
$binrequest = New-ExchangeCertificate -Server "exchange" -BinaryEncoded -GenerateRequest -FriendlyName "...
- 1,841
1
vote
1
answer
38
views
openssl ignores intermediate certificate in pkcs12 file
After creating a new S/MIME certificate, I am stuck with creating a valid PKCS #12 file that is accepted by most mail clients:
$ openssl verify smime.pfx
CN = [email protected], emailAddress = mail@...
0
votes
0
answers
36
views
Create certificates for self-hosted apps, for access within the LAN [migrated]
I use Cloudfare Tunnel to access my apps form outside the network, but if I'm at home, I want to skip the tunnel, and access them directly using the same domain name and https connection as if from ...
- 121
0
votes
1
answer
76
views
How to extract CA Certificate from .pfx file and add it to a trust store file
I have a .pfx file that has multiple certificates, one of them is the signing CA certificate of a server certificate assigned to the IBM i Remote Command Server in DCM.
I managed to use openssl and ...
- 109
1
vote
0
answers
52
views
Windows CA Publishing Expired Certs in CRL When not configured to do so
I have a Windows ADDS CA that for some reason is publishing revoked but expired certificates in the CRL and I can't for the life of me figure out why. Here is my configuration:
Server 2012 R2
...
- 13
0
votes
1
answer
51
views
Microsoft Certificate Authority Machine Template - add single label host name to SAN
I would like to create a machine certificate template on a Microsoft Certificate Authority that includes the single label Active Directory (AD) Computer Names in the SAN.
I have tens of thousands of ...
- 1
1
vote
1
answer
208
views
FreeIPA subject name encoding mismatch when renewing certificate
When reading this question and answer, it seems this should be possible but I need a little more help understanding the answer.
Is there a way to change the string format for an existing CSR "...
- 11
1
vote
1
answer
330
views
Bluehost - wrong certificate presented by host for API call to Twilio
Bluehost VPS running CentOS, but cat /etc/redhat-release reveals CloudLinux release 6.10 (Final).
Executing curl commands against Twilio APIs on my local PC (Win11/IIS/PHP) works fine. When I attempt ...
0
votes
0
answers
29
views
Windows Remote Desktop Certificate is re-created after deleting from the Remote Desktop store
I'm running a WS2019 in Hyper-V.
After deleting a certificate in the Remote Desktop Store and it returns after deleting it.
I changed Certificate Auto enrollment settings but it does not help, the ...
- 1
0
votes
0
answers
99
views
Why do I get ECONNREFUSED|ECONNREFUSED for an openvpn server, after doing easyrsa gen-crl?
My OpenVPN server has been working perfectly fine on an Arch Linux install. I've done regular pacman -Syu updates over the past year, every now and then I've had to run:
easyrsa gen-crl
When the ...
- 151
0
votes
1
answer
39
views
Certificate management: which party should request certificates?
My question is concerned with proper certificate management.
Different parties provide domain / server / application services to our organisation.
One party manages our DNS (and more).
Another party ...
- 1
0
votes
0
answers
118
views
Unblock virtual smart card
I've setup a virtual smart card by following this guide. It worked fine until someone locked out the virtual smart card and now it's blocked.
When I try to use it with the correct code to sign in to ...
- 179
1
vote
3
answers
910
views
Unable to RDP, Error: SSL certificate is revoked
Problem
Unable to RDP to server due to the certificate is revoked.
However, when checking certificate, it is not expired. (Today is Oct 5, the Cert expires in November.)
My attempts to fix
Login to ...
- 163
0
votes
1
answer
129
views
Attributes Windows CA templates
Windows Enterprise CA.
I have been requested that in the certificates appear the following attributes: OU, C (country) and O (organization).
I have seen that in the certificate template in the "...
- 29
1
vote
3
answers
78
views
Postfix - Cannot run - update-ca-certificates -fresh
I just face an extensive Email service disruption at my work. During the incident, we had some postfix giving some errors concerning:
Fatal: connect #n to subsystem private/rewrite: Connection refused....
- 113
0
votes
1
answer
32
views
Should I create a new forest for the DMZ
I have a local area network with a DC called "mycompanyptyltd.local" and a DMZ that is not in the AD DC forest.
I own the domain "mycompany.com" and I receive and send email from ...
- 1
1
vote
0
answers
148
views
How to convert a DER private key to PEM
I have a private key that is in binary format. I'm not sure if this is DER format but I need to convert it to PEM.
I'm using openssl with this command:
openssl rsa -inform DER -outform PEM -in test....
- 11
0
votes
0
answers
35
views
Request Certificate CA
I have a Windows server configured as a Certificate Authority (CA).
When requesting a certificate via https://server/certServ and choosing the template to request (Request Certificate->Advance ...
- 29
0
votes
0
answers
38
views
Export pfx certificate after approving pending request
In Active Directory Certificate Authority I have template with CA certificate manager approval.
CA picture
When I approve a request I can not export issued certificates to pfx format. How can I export ...
- 1
0
votes
1
answer
108
views
self signed certificate for a site that can only be access through VPN
I read a lot of articles about self signed certificates and I'm not exactly sure if I'm getting near to what I want to actually achieve.
I'm trying to implement a self signed certificate so that the ...
- 11
0
votes
1
answer
821
views
How to force Domain Controller to get new certificate from PKI Server
I bluntly created a PKI Server (AD CS) that sits inside the Domain.
My Domain Controllers got a DomainController Certificate from it.
After that I thought that it would be better, to create a Root CA ...
- 785
0
votes
1
answer
116
views
How can I add alternate subject names when creating a CSR using xca?
openSUSE and SLES dropped their old CA management, now recommending to use xca.
While it was easy to add alternate subject names like hostname aliases or IP addresses in the old CA management, I could ...
- 374
0
votes
1
answer
58
views
CA: Certificate User for VPN
From a subordinate Enterprise CA I want to generate a user certificate that serves as an authentication method for VPN connections.
I want to install this certificate with autoenroll on the domain ...
- 29
0
votes
0
answers
73
views
Certificate Template Purpose Unknown
I am facing a strange issue with one certificate template. In CA console under certificate template box, it is showing with cross sign with “Unknown” as it’s intended purpose and neither I am able to ...
0
votes
0
answers
129
views
(Self-Signed) Certificate revoked in IE mode, but not in Edge mode
I am using a self-signed certificate which is working fine when using Chrome or Edge. Both browsers show that the connection is secure and that the certificate is valid.
An application using the ...
- 103
1
vote
1
answer
106
views
SubCA certificate of trust
I have deployed a PKI infrastructure with a Stand-Alone Root CA (which will be kept off) and 4 Enterprise SubCA's which depends on this Root CA.
To make the computers trust the Root CA, I am going to ...
- 29
0
votes
0
answers
70
views
Can't create a custom CSR using mmc and certificates snap-in on Windows 10
I am trying to generate a custom CSR using the certificates snap-in for mmc on Windows 10. The certificate I want to create is a client authentication cert using ECC. However, I have run into a ...
- 31
0
votes
1
answer
561
views
OpenSSL 3.0 generating p12 certificate issue with FIPS
I am running the OpenSSL command to generate bundle.p12 with -legacy option. RHEL 9 FIPS Enabled setup.
openssl pkcs12 -export -legacy -in cacert.pem -inkey cakey.pem -out bundle.p12
Error creating ...
0
votes
0
answers
57
views
FreeRADIUS Certificate Based Authentication WiFi
We are currently trying to deploy a new SSID for BYOD devices. The plan is to host a FreeRADIUS (CA) server and generate a certificate which can be shared to all staff and can be imported onto their ...
- 101
1
vote
1
answer
92
views
High available PKI related questions with regards to CA/OCSP and NDES
I have some specific questions with regards a high available PKI based on ADCS.
The questions are as follows. Please see the detailed info below to get more info on the casus.
-------------------------...
4
votes
2
answers
156
views
Windows Server Reaches out to WindowsUpdate during TLS negotation
We deploy hardened Windows Server 2022 servers in AWS. These servers reach out to RDS servers using a TLS encrypted channel. During the TLS negotiation, the Windows server is reaching out to Windows ...
0
votes
0
answers
101
views
How to submit certificate request from Red Hat machine to Windows CA?
I’m looking for solution, which helps me send certificate request from domain-joined RedHat Enterprise Linux machine to Certification Authority on Windows Sever 2022. Is there any solution to do this? ...
- 9
0
votes
0
answers
97
views
How to submit certificate request from RedHat machine to Windows CA?
I’m looking for solution, which helps me send certificate request from domain-joined RedHat Enterprise Linux machine to Certification Authority on Windows Sever 2022. Is there any solution to do this? ...
- 9
0
votes
2
answers
122
views
Change certificate issuer
Is it possible to change the "issuer" value in a CA so that when a new certificate is issued, the new "issuer" value appears?
In the case of having several SubCa, is it possible to ...
- 29
0
votes
1
answer
91
views
Winrm client cert replacement fails
I'm managing a group of servers with Ansible and in case of Windows Servers, winrm is being used. Everything was setup and working fine, but the time has come to replace the cert for the service user ...
0
votes
1
answer
419
views
PKI hierarchy. Root CA CAand subordinate
I have to deploy a new PKI hierarchy
I have one domain and several subdomains
I had thought about having a Root CA and a Sub CA.
What are the advantages of this option over having a root CA only?
Do ...
- 29
0
votes
1
answer
146
views
How can we stop a repeated request for the same certificate in ADCS?
If I submit the same CSR file twice to my Active Directory Certificate Services (online via the certsrv web interface), I am issued two different certificates (judging by the serial numbers).
Is there ...
- 23
-1
votes
1
answer
267
views
How to verify signed file? [closed]
How to check a validity of a file using openssl and cms?
I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate.
is there any way to check validity of ...
- 3
0
votes
1
answer
751
views
"PTY allocation request failed on channel 0" with CertificateFile
I have a problem with TTY allocation when I try to connect via ssh with trusted certificate containing public key.
If I perform classic ssh access with the user, e.g. ssh -i test-key-for-vault -o ...
- 1
0
votes
0
answers
223
views
Failed verifying certificate revocation for Enterprise certificate from non-domain computer
We have a typical offline root and issuing intermediate CA Enterprise environment.
My problem is very similar to the one found here:
Certificate revocation check fails for non-domain guest in spite of ...
- 1
0
votes
0
answers
43
views
CA root and CA subordinate administrator
I want to deploy a new PKI infrastructure on a domain that has several subdomains and trusted domains.
I would like to be able to delegate the administration between several administrators ...
- 29
0
votes
0
answers
433
views
Can't connect to WebSocket server over wss:// (ws:// works), and no debug information
I have a website on example.com, and a WebSocket server on example-websocket-server.com.
Each have an SSL certificate so that I can access them from https://
I am using the websocket server as a ...
- 229
0
votes
0
answers
375
views
LDAPS, Certificate Authority, and Domain Controllers
I have a domain environment with 4 2012 Domain Controllers that I am working on replacing with 4 new 2022 domain controllers. I have some questions regarding how the CA works when issuing certificates ...
- 111
0
votes
1
answer
180
views
Can I set my own SSL certificate via .htaccess file in a shared web server?
I am hosted in a shared web (apache) server in a subdomain. I don't have access to any panel, only sshfs.
The problem is that the host (lazy), does not issues / uses SSL certificates.
I issued my own (...
- 3
0
votes
0
answers
250
views
How to sign a certificate for s/mime and generate pkcs12 store with existing CA?
I want to create a certificate store file in pkcs12 format to use in thunderbird for s/mime signing and encrypting. I already run a mail and web server that use certificates signed by a CA certificate ...
- 136
0
votes
0
answers
253
views
Certificates issue during RADIUS authentication using NPS server with PEAP MSCHAPv2
I am using NPS as a RADIUS server to authenticate some devices using PEAP MSCHAPv2.
I have an issue during the server authentication, I am using a chain of trust certificates, with 1 server cert, 1 ...
0
votes
2
answers
57
views
IIS https certificates
I’m migrating the c# web applications and data apis I've developed that are hosted on IIS to use http to use SSL / TSL (https).
I have not setup certificates with https before and was wondering if it’...
- 13