When i run this
$ /usr/lib/ssl/misc/CA.pl -signreq
I get this error:
Unknown arg "-signreq" Use -help for help.
From link https://help.landscape.canonical.com/LDS/SSL
I’m following the steps in order on a ubuntu 18.04lts server. Any idea what is wrong?
UPDATE Docs are wrong for “Signging your certificate”. Change:
$ /usr/lib/ssl/misc/CA.pl -signreq # TO $ /usr/lib/ssl/misc/CA.pl -sign
How do you create a self signed certificate ubnuntu 18.04LTS? I tried following the docs at https://help.landscape.canonical.com/LDS/SSL and it does not work. I can’t sign for more than 365 days even though i changed days in the CA.pl to 10950. When registering a new client i still get
certificate subject name (ctrl-server1) does not match target host name 'tst.ctrl-server1.com' even though i re-generated another certificate after changing apache site
The following article has explained both differently. X.509 wiki
Now my question is:
- Can we use more than one extension in a certificate? Is it how there can be more than one use of extensions in a certificate?
- How are they differentiated by a server?
Let’s sign a file with
$ openssl smime -sign -in file -out file.sign -outform DER -inkey private.pem -signer certificate.pem -nocerts
With the option
-no certs no certificate is included in
Now if you try to verify
$ openssl smime -verify -in file.sign -inform DER -content file -noverify certificate.pem
Verification failure 139909488150168:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:466:
The example works, if you sign without
-nocerts of course.
But is there are way to tell
openssl verify how to find the certificate ?
HI I am trying to install SSL on few of my domains and it throws the following error Error creating new order :: Policy forbids issuing for name I am kind of a newbie to this could anyone help?
I have the same question as this guy and it seems like trusting SSL certificates on the iPhone does nothing — it’s essentially broken, from what I can tell.
I have proxied my WiFi traffic to my BurpSuite instance in my VM (which is bridged), and I can see the traffic initiated in BurpSuite, but it doesn’t connect from my phone. It just says:
Safari cannot open the page because the network connection was lost.
Just to confirm, I have downloaded the certificate by navigating to https://burp from my iPhone, clicked on the “CA Certificate” button in the top right corner, and then trusted the certificate by going through the following steps:
- Navigated to Settings -> General -> Profile -> PortSwigger CA -> Installed this.
- Navigated to Settings -> General -> About -> Certificate Trust Settings -> Enabled the Port Swigger CA certificate.
- Rebooted phone.
Nothing works. Still can’t browse to https://www.google.com because of the same “connection lost” error.
Does anyone actually know how to get this to work properly?
I have many ssl certificates. On one of the certificates I run the command
openssl x509 -in cert.pem -text -noout it shows:
Signature Algorithm: ecdsa-with-SHA256 Public Key Algorithm: id-ecPublicKey
Based on the info from the certicate , how can I get the list of all possible ciphers which can be used with the particular certificate ?
On Android 6 if I move my own root CA from
it doesn’t work anymore.
It is in the system list and active, but my browser says certificate missing. Why?
A relevant question was posted in 2016 (https://stackoverflow.com/questions/37079547/cloudflare-origin-certificate-with-google-app-engine)
The cloudflare documentation is dated Apr 2019 (https://support.cloudflare.com/hc/en-us/articles/115000479507). It says
but it is difficult to assert if this particular section has been reviewed recently.
I am not sure if the situation has changed since.
I decided to give it a go. Here is the screen shot of the Google App Engine interface:
I downloaded the origin cert and the private key. I have uploaded the cert. And then convert the key by running
openssl rsa -in priv_key.pem -out priv_key.rsa.pem
When I hit upload I got the following error:
I am pretty sure they are the matching since I have just downloaded them minutes ago.
My questions are:
1) Can GAE accept Cloudflare origin certificate?
2) Did I miss any step when I prepare the origin cert for GAE?
Anywhere where I can find documentation for SharePoint 2013 for storing and retrieving Certificate and Certificate password in Secure Store Target Application?
I have IIS running on Windows Server 2012 R2. I have a wildcard SSL certificate on 14 subdomains. I’m seeing a lot of errors in the Event Viewer.
Event ID: 15021 Source: HttpEvent
An error occurred while using SSL configuration for endpoint my.domain.com:443. The error status code is contained within the returned data.
However, I’m only getting this error on 2 of the sites, the other 12 are not logging this error. The 2 sites creating this error load up fine in a web browser. I’ve checked the binding in IIS and they both have the wildcard SSL selected.
If there is a certificate problem, I would expect this error coming from all 14 sites, not just 2 of them.
Though those 2 sites load fine in a browser, I’m not comfortable seeing thousands of these errors on our two biggest sites.