Questions tagged [self-signed-certificate]
A self signed certificate is signed with its own private key instead of the private key of a higher or publicly trusted certificate authority (CA).
140
questions
27
votes
2
answers
86k
views
Why openssl ignore -days for expiration date for self signed certificate?
I have a bash script that generates a self-signed certificate and works perfectly fine:
#! /bin/bash
# Generate self signed root CA cert
openssl req -nodes -x509 -days 358000 -newkey rsa:2048 -...
- 603
17
votes
2
answers
4k
views
Why not validate self signed certificates through DNS-record instead of letsencrypt
I was just wondering. We use a lot of SSL certificates. Nowadays, we almost exclusively use letsencrypt (thanks!). The bottom line of these certificates is, that proof of ownership of the domain name(...
- 321
10
votes
1
answer
19k
views
Self signed ssl I created for localhost cannot be trusted even though I have already imported it to chrome
I am creating https server side that I am using to practice OAuth to Instagram which requires https.
I generated a certificate using ssl by running the script from the following link: https://gist....
- 101
8
votes
3
answers
16k
views
How can I create self-signed certificate that is stronger than SHA-1?
For development environment, I can create create self-signed certificate in IIS7.5. But that certificate is SHA-1 and recently browsers are complaining about it. When I open FireBug I see following ...
- 191
8
votes
1
answer
9k
views
nginx: No client certificate CA names sent
I have nginx and want it to verify client certificates. So I bought commercial certificate for server, and non-commercial for clients. Basically I've generated client certificates with easy-rsa ...
- 337
5
votes
2
answers
21k
views
how to create a SSL certificate chain from my own CA?
I use my own CA to create SSL certs for services in my infra. These certs are signed directly by my CA.
It comes to me that this is likely a weak strategy, as if the cert was to be compromised, I ...
- 418
4
votes
3
answers
15k
views
openssl keeps creating v1 certificate instead of v3
Hell everyone,
so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to ...
4
votes
1
answer
9k
views
Cannot add a self signed certificate in Firefox
I need to set up an IIS webserver that will be accessed by a small, finite number of users. I was considering using a self-signed certificate only, and manually installing it on the user's systems.
...
- 193
4
votes
3
answers
564
views
Does filling out the Country Name, State etc. matter when creating a self-signed certificate for Postfix?
When I set up Postfix I have to create a cert because the snakeoil cert included with Postfix is there strictly for the purpose of demonstration. I use this command:
sudo openssl req -x509 -newkey ...
- 279
4
votes
1
answer
26k
views
How to make wget trust my self signed certificate (without using --no-check-certificate)? [duplicate]
Ubuntu 12.04
OpenSSL 1.0.1 14
Wget 1.13.4
My setup:
create our own CA (our_own_ca.crt)
generate a certificate which is signed with the above CA (graphite.local.crt)
Concatenate that cert and the CA ...
- 51.6k
3
votes
2
answers
2k
views
How to certify a self-signed imap email server
My task is to retrieve emails from an imaps email server using Java so as a client I need to authenticate the email server using an appropriate certificate. It seems however, that this email server is ...
- 390
3
votes
1
answer
5k
views
Powershell self-signed certifcate private key not exportable
Using Powershell, I'm attempting to create a self-signed ssl certificate with a private key that can be exported. I've read and followed various tutorials, however the end result is always that no ...
3
votes
2
answers
10k
views
How do I add certificates to Kubernetes to allow images to be pulled from a custom Harbor repository?
I am finding all sorts of walkthroughs on how to add certificates to be used in the pods themselves, but I can't seem to find info on how to setup Kubernetes to allow a self-signed cert for pulling ...
- 323
3
votes
1
answer
12k
views
Convert cert .cer to .pem via OpenSSL plus using SHA-256
This might be me having done it wrong. I recently used OpenSSL to convert a .cer to .pem using this -
openssl x509 -inform der -in certificate.cer -out certificate.pem
(And then loaded the .pem onto ...
- 33
3
votes
1
answer
14k
views
How to unassign self-signed cert from SMTP on Exchange 2010?
We have a GoDaddy wildcard certificate that we have installed into Exchange 2010 and is successfully used on IIS connections for OWA.
We have assigned this certificate to the SMTP Service as well as ...
- 9,615
3
votes
0
answers
17k
views
x509 certificate not valid for any names when added IP address to openssl.cnf
A self-signed certificate works well while the command used to generate it on a ubuntu machine is:
openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes
If the ...
- 171
3
votes
0
answers
2k
views
The revocation function was unable to check revocation for the certificate 0x80092012
Please help me to deal with self-signed revocation check
I've used makecert.exe to create root and client certificate
The problem is that certutil fails to check certificate with error
The ...
- 130
3
votes
0
answers
1k
views
Creating SSL certificate signed by a self-signed CA certificate in Jetty
I'm trying to configure a jetty-distribution-9.3.1.v20150714 backend running on Java 1.8.0_45-b14 with a certificate signed by a self-signed CA certificate, for SSL pinning.
Following Apple's guide, ...
- 143
2
votes
4
answers
3k
views
How could I prevent NetExtender Cli to asking certificate confirmation?
Our company is using self-signed SonicWall for firewall facility. And remote clients needs to be connect to internal network through VPN via NetExtender client.
Some of the clients are using Linux OS ...
- 562
2
votes
2
answers
620
views
create a self-signed certificate for a subdomain, the main domain does not belong to me
I have my internet box provider who offers me a free subdomain to connect to my network, ex: xxxxx.provider.com
I have generated a self-signed certificate for the subdomain foo.provider.com
I tried to ...
2
votes
1
answer
214
views
install self signed cert on user computers
I'm currently running a test Sharepoint 2013 server. Not all users are within the internal network. They can bypass the self signed cert warning for Sharepoint easily but the Office Web Apps cert ...
- 79
2
votes
1
answer
2k
views
How does load balancer verify self-signed certificates from the server
In my application, I have multiple instances of the server running behind a load balancer.
Usually, SSL offloading takes place at the load-balancer in the case of AWS Application Load Balancers, and ...
- 21
2
votes
2
answers
3k
views
Revoked certificate still valid
I've recently setup a new domain joined Standalone CA on a Windows 2012 R2 server which is publicly accessible and authenticating fine, however, revoked certificates still appear to be authenticating. ...
- 351
2
votes
3
answers
17k
views
How do I trust a self signed certificate?
I've generated a self signed certificate using openssl - it's entirely self signed and not signed by a self signed CA. I've imported it successfully into the nss database for use by browsers. I now ...
- 89
2
votes
1
answer
3k
views
What is the use of SigningCertificate in AWS Cognito
I'm using AWS Cognito for my user authentication. I want to know the actual use of SigningCertificate in AWS cognito?
NOTE: We can get the SigningCertificate of AWS Cognito usign this ...
- 123
2
votes
2
answers
6k
views
Issue with generating self-sign certificate with proper SAN field
I am trying to configure Janus Gateway and I am experiencing with an issue with my self-signed certificate, see log below
Jan 25 09:50:46 localhost platform: [2018/01/25 09:50:46 EST] [EROR] /api/v4/...
- 141
2
votes
1
answer
4k
views
Generate end-entity certificate with OpenSSL for localhost on IIS
I would like to ask how to generate end entity certificate based on my own CA root certificate?
I've generated root CA this way:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-...
- 31
2
votes
1
answer
5k
views
OpenSSL self-signed certificates, Windows 10 laptops, and "This certificate has an invalid digital signature" error
I have the following:
OpenSSL-generated, Self-signed Internal CA cert
OpenSSL-generated Internal-CA signed, wildcard cert
This cert protects our internal websites. e.g. "myservice.corp.example.com"
...
- 2,608
2
votes
0
answers
494
views
Access of K8s service within WSL2 + Docker Desktop from Linux machine over HTTPS
I've setup an authentication service in a Kubernetes cluster which lives in a Docker Desktop + WSL2 environment on a Windows 11 Pro machine.
It can be reached e.g. via CURL & PostMan requests from ...
- 121
2
votes
0
answers
2k
views
How to make squid proxy to accept self-signed certificate?
I have an use-case were I have to accept self-signed certificate in Squid.
The endpoints are Kubernetes clusters using self-signed certificates. The clusters will be recreated on demand with different ...
- 131
2
votes
1
answer
3k
views
Replace Self Signed RDP Cert with CA Signed Cert
A few servers are getting picked up by security scans with the following message:
The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an ...
- 688
2
votes
0
answers
66
views
Which clients support self-signed certificates with DANE?
We've been considering to make more use of DANE as a decentralised authority for our certificates.
Especially with S/MIME.
However, the key obstacle is... how widely are DANE treated as an authority ...
2
votes
1
answer
2k
views
cannot trust development https self-signed certificate in ubuntu 18.04.2 LTS
I created a rest api project and I'm tring to access the https endpoint using curl like this:
$ dotnet new angular
$ curl -I -X GET 'https://localhost:5001/api/SampleData/WeatherForecasts'
curl: (60)...
- 1,181
2
votes
1
answer
1k
views
RSA/Machine keys broken on new 1809
When deploying an image of 1809, slipstreamed with any updates from January 2019 onward I'm having issue where the permissions are broken on the RSA\MachineKeys located here:
C:\ProgramData\Microsoft\...
- 412
2
votes
1
answer
727
views
Untrusted publisher for Powershell profile modules after creating, installing, and signing with certificate?
I'm still getting untrusted publisher after creating a self-signed certificate and installing it on a system, when trying to run my Powershell Profile sub modules?
Do you want to run software from ...
- 4,909
2
votes
0
answers
729
views
sign keytool generated cert/key pairs using easy-rsa openvpn intermediate CA
I am creating root and intermediate CA with easy-rsa using ./build-ca & ./build-inter commands consecutively. Now, I want my root ca as offline and I want my certs/keys signed by intermediate CA. ...
- 121
1
vote
2
answers
16k
views
Powershell New-SelfSignedCertificate missing -NotBefore in Windows 2012r2
My 2008 powershell script is not working correctly in 2012r2. The command
New-SelfSignedCertificate -DnsName test.testdomain.com -NotBefore [datetime]::now.AddYears(10)
comes back with:
New-...
- 203
1
vote
1
answer
176
views
Why am I getting URL mismatches on my wildcard self signed certificate?
I'm trying to set up a self signed wildcard certificate for use by Apache, normally this is pretty straightforward I just set a subjectalternate name with the root domain and specify *.dcrdev.com in ...
- 89
1
vote
2
answers
1k
views
Re-create SSL cert from key
So I have my own CA for self-signing SSL certs, but I lost my root certificate. I have a few dependent certs that list the subject info of my root cert. I have my CA's private key and the password to ...
- 123
1
vote
3
answers
4k
views
How is a self-signed certificate different from a certificate signing request?
From the wiki page for a Certificate signing request:
In Public Key Infrastructure (PKI) systems, a Certificate Signing Request (also CSR or certification request) is a message sent from an ...
- 299
1
vote
1
answer
1k
views
Which certificate store do I put a third party self-signed SSL certificate to have authentication working without extra security risks?
I'm trying to setup client certificate authentication in an ASP.NET MVC3 application running in IIS 8. The client (Good Third Party) uses a self-signed SSL certificate to authenticate himself and my ...
- 2,739
1
vote
1
answer
49
views
Error: The issuer of this certificate could not be found for AD issued Code Signing Certificate
Problem
I've created a certificate through AD certificate services, but it has the error "The issuer of this certificate could not be found." despite the full chain being present in the PFX.
...
- 1,278
1
vote
1
answer
267
views
Securing Apache Solr on an Apache TLS / SSL server
I have a SSL-only website hosted on a CentOS 7, Apache httpd based server. SSL certification is via a Let's Encrypt certificate. The domain has a HTTP Strict Transport Security (HSTS) policy.
I am ...
- 111
1
vote
1
answer
1k
views
How long it takes for the Issued certificates to reach the requester's computer?
Windows server 2019 with CA role, made a certificate template and enabled the option "CA certificate manager approval" in it, then issued it on my CA server. now on a client I went to the personal ...
user299093
1
vote
1
answer
377
views
Signing Powershell scripts that are included in another script?
Do I need to sign every Powershell script (external .ps1 file) that I include in my Powershell profile? If so, can I sign it with the same certificate (or is that a worst practice)?
And just to be ...
- 4,909
1
vote
1
answer
1k
views
How can I trust my self signed root CA on Fedora?
I've generated a root CA certificate and key on my fedora system, using the following command:
openssl req -new -x509 -extensions v3_ca -keyout \
/etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert....
- 89
1
vote
1
answer
3k
views
CA with intermediate certificate for vault
I want to setup Private CA for internal services using Vault (HashiCorp). I am generating Root CA & Intermediate CA certificate outside of Vault. Vault will be generating short-lived (30 days) ...
- 121
1
vote
2
answers
12k
views
How to add a header to my apache2 server
I have an apache2 web server for testing only (not a production server). It is running on Ubuntu 18.04. I have configured it with TLS. I want to add a header. So I navigated to this file:
/etc/...
- 25
1
vote
2
answers
4k
views
Unable to access a server with a self-signed SSL certificate from some devices
I'm struggling to connect to an SSL site (self-signed certificate) that seems to work from other computers/internet connections. I've tried accessing the site using wget:
wget https://example.com --...
- 111
1
vote
2
answers
2k
views
Difference between CSR creation and create domain certificate
I'm a CA admin and I'm new to this field, Can any one explain the below scenario and explain the difference between them.
Scenario 1
System Admin creates a CSR file and give it to me... I will ...
- 21