Tag: Certificate

After installing ssl certificate for django application on apache server with debian, I am getting Default test page only

Following are my configuration files

<VirtualHost *:80> Redirect permanent / https://www.piping.pro/ ServerName localhost ServerAdmin admin@piping.pro  ErrorLog $  {APACHE_LOG_DIR}/error.log CustomLog $  {APACHE_LOG_DIR}/access.log combined </VirtualHost>  <VirtualHost *:443> ServerName localhost ServerAdmin admin@piping.pro  Alias /static /var/www/static-root <Directory /var/www/static-root>    Require all granted  </Directory>  Alias /media /var/www/media-root <Directory /var/www/media-root>    Require all granted </Directory>  <Directory /var/www/venv/src/mysite>     <Files wsgi.py>         Require all granted     </Files> </Directory>   ErrorLog $  {APACHE_LOG_DIR}/error.log CustomLog $  {APACHE_LOG_DIR}/access.log combined  SSLEngine on SSLCertificateFile /etc/ssl/piping_pro.crt SSLCertificateKeyFile /etc/ssl/private/PrivateKey.key SSLCertificateChainFile /etc/ssl/piping_pro.ca-bundle  </VirtualHost>

Cannot update expired ServiceBus certificate

My servicebus has an expired certificate. So I would like to change it.

I have tried the following

PS C:\Program Files\Service Bus.0> Set-SBCertificate -SBFarmDBConnectionString  'Data Source=MYDBSERVER\MYINSTANCE;Initial Catalog=SbManagementDB;Integrat ed Security=True' -FarmCertThumbprint 'dac7fc30d5c534a151d3f21cbdee557ea9abfdfa'  Set-SBCertificate : Certificate requested with thumbprint 6450F755020335011BC6D6B5522675DCF15EC94A not found in the certificate store LocalMachine\My.

6450F755020335011BC6D6B5522675DCF15EC94A is the thumbprint of the expired certificate

I’ve tried following this article. But after running certutil -repairstore my “serialnumber” and get-sbfarm I once again get:

get-sbfarm : Certificate requested with thumbprint 6450F755020335011BC6D6B5522675DCF15EC94A not found in the certificate store LocalMachine\My. At line:1 char:1 + get-sbfarm

So, how can I change an expired certificate for ServiceBus ?

Generating or extracting public certificate and public key

Aim: Achieve two way mutual authentication

Could any one please help me understand how can i generate a publick key and public certificate so that i will share this to my clients so that they can connect my server.

Things i have for my server(tibco ems) CA signed root intermediate and chain certificate Private key

Things i want for my client(java application)

A p12 file which contains a public key and public certificate of my server so that they can connect to my server

Server : apache linux server Application tibco ems(server)

Creating a PFX File for Wildcard SSL Certificate

I am trying to install a Wildcard SSL Certificate in IIS on Windows Server. It only accepts the .pfx file format for importing & installing an SSL certificate for hosted applications. I got the .csr file from CA as it was a wildcard cert.

I downloaded and installed OpenSSL for Windows (Latest version).

I placed the .crt file & .key file into C:\Program Files\OpenSSL-Win64\bin.

Then I ran this command to generate a random file:

set RANDFILE=C:\Program Files\OpenSSL-Win64\bin\<RANDOMFILENAME>.rnd

Then I ran this command to give a path of config file:

set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg

Finally, I ran this command

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

The result of this was:

unable to load private key 140406554043456:error:0909006C:PEM routines: get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

I want to know if I’m making any mistake in the steps that I followed. I also want to know the reason of this error. I have the copy of private key & .crt file

Following are some more inputs which will make my question more specific.

  1. I have the copy of generated-private-key.key file & .crt file. I changed the file names before executing the OpenSSL command. I even created the random file & config file.

  2. The SSL certificate that I got from CA is a wildcard certificate, which I used to install on multiple subdomains of a customer. It was successful. Now while creating the .pfx file once again, I’m facing this problem.

  3. A .pfx file should be created only on the server which was used to create .csr file. In our case, we got the .csr file from CA as it was a wildcard certificate.

(Thanks in advance. Any help is appreciated)

Creating a PFX File for Wildcard SSL Certificate

I am trying to install a Wildcard SSL Certificate in IIS on Windows Server. It only accepts the .pfx file format for importing & installing an SSL certificate for hosted applications. I got the .csr file from CA as it was a wildcard cert.

I downloaded and installed OpenSSL for Windows (Latest version).

I placed the .crt file & .key file into C:\Program Files\OpenSSL-Win64\bin.

Then I ran this command to generate a random file:

set RANDFILE=C:\Program Files\OpenSSL-Win64\bin\<RANDOMFILENAME>.rnd

Then I ran this command to give a path of config file:

set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg

Finally, I ran this command

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

The result of this was:

unable to load private key 140406554043456:error:0909006C:PEM routines: get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

I want to know if I’m making any mistake in the steps that I followed. I also want to know the reason of this error. I have the copy of private key & .crt file

Following are some more inputs which will make my question more specific.

  1. I have the copy of generated-private-key.key file & .crt file. I changed the file names before executing the OpenSSL command. I even created the random file & config file.

  2. The SSL certificate that I got from CA is a wildcard certificate, which I used to install on multiple subdomains of a customer. It was successful. Now while creating the .pfx file once again, I’m facing this problem.

  3. A .pfx file should be created only on the server which was used to create .csr file. In our case, we got the .csr file from CA as it was a wildcard certificate.

(Thanks in advance. Any help is appreciated)

Unable to get information from a PKCS certificate

I sniffed the communication between the client and the server using Wireshark, and I found out that during the handshake session, the client sends its certificate to the server.

I’ve managed to get the client’s certificate, which is a PKCS, which looks like this: formatted certificate and it looks like this:

MIIQuQIBAzCCEH8GCSqGSIb3DQEHAaCCEHAEghBsMIIQaDCCCx8GCSqGSIb3DQEHBqCCCxAwggsMAgEAMIILBQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIYreCShA7AXACAggAgIIK2G6f/joD/1VqmZGehnd4f6UQ89fDrRUJ1tugG3ncL6ewz8iD/viVbdDtYD2+CYQaXAu2jx4ePRw9ohippdK3pQLPPDzjzN7p4RmmsdCc3F8lVEmVkDq2IRzB1BSmZ3HK6PU5v5BvUQmIqZpijUiLCLdn7dKNTyvjFFKDfGS0oy5JVYr+O5WS1CqxfafDtwrX+iCiHMzDulGYVldb9+FHV8SMKkiiwjszih3+hgo+S6DVa3Cyfir3KEa9G2MBh2VkeQgCQdw893WAyFbIwHdB9QWWkwSWk4FGCtXP4gZ0Vjprv0tRydxnAcxpish5b5vmG0uMtguRC2criPAyFhW1NlT2TqzlX/mJW+shdh2FRvSyGlWqzcPdcT8Uks8BnZHpYOZVP9LbYVnO0X7bEAnNw6lsmbL4jxPJhAXGXX16vaXcCWLF+s64qFG6j/Jp61Vf6MxJWiqaC2AWLIVfdh9FJjQlvKtoX04uK9abYdBEvJ/J3u+/YIO7EIPiVwet1C23PRahybAQuGIXXHkk23rSDQ2AaIwnNBCBmW+mv2RuraS5KOm7Lk/9a9jWEWbjTYIMYSiy0PUFjhiZjjf3F1E4OqHGhbmCn3uhiYBGUXLRD8D33R9kMpzg1CAKq5ZOOyMkcNy2TWiWFB0ykQNuaPoOaoiXtsJiGEM/9ejhFQzOB28GiE3DG7xRfOb/BQTgjPzzAtfs1yXalzWu9CgguVZ/7/wL9sQVO29BWYwZQvbizEGczmPcHnzK4ft81bK1Ap4jZDvqSEfOBbH6j2BNw1d9hPUF/kjaccm/2jKkJTG4zQSz7RzxNs3w+QrYryc5sx8sQgcnYyGemirizHoNahbQU9RIzjP3lE0IjTuYl//DVXlVMXMu6JuLGwlC1F5wZ108NH1gUBC/Hepz8PXbwqB+exuSFNO51Mfg8kPTekO7wMTJK6OVBFkHi5QQLiL1PZSTtD4ypfL8BA/BFpm8A5N6ERCIwK5h8AOFdUO58iYeH98lSdppbwEQL7cMsSFczvBMJgiSfcflmPR1/mDEJtC9lqXt4pXhxbLSwMLB/CKaAMKBR6O3Ej6KVOsH2gOt2xGSHW08EURLXBLkvaFEpFi7JYg+N9UAWfS9eCNiLD6KKPCf1eBtJXfN3AR/n8/qouhOeub+MEHXNIaUoBpwaH+68ezDh7EAId9ytZXkiDWO9XMJYvfDIcJHoAKSjEYpnMjr3C9FbUpMDm4Bzu2eDOPR5B9T3oXH+HUDlSn6wERxNd79FgWuyUljZ2kQXIPLlKEgcCulAszHQeLEYgh/vbnwj/4lZ+LNehI6qyAphfEr1WOSfbVVGrZe0ekUDHi0hEifYm3sVwoiJHDE4Z0Qa+xHmGohVPrlvELNhcG7K1+Hd+MuNgTNAwxj40ix3qGQKEDfX .........

This is all I’ve got.

Also, I have the password used to secure the certificate, but I can’t get any information out of it. So I’ve tried the extensions .p12 and .pfx in the file containing my certificate, and I’ve tried to convert the PEM format using openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes; This didn’t work!

I’ve also used the header/footer : —-BEGIN PKCS12—–/—–END PKCS—– and I still can’t convert it to pem.

Is there anything else I can try? Thank you.

What would happen to the connection when certificate expires? [duplicate]

This question already has an answer here:

  • Does an existing SSL connection outlast the certificate's expiration 1 answer

We are using X509 certificate to connect between on-premise devices to the cloud services (Device provisioning service from Azure)

The expiry date of the certificate is 3 years from now.

Once the handshake is success between device and cloud, they send/receive messages continuously. So question, how does this connection verify if certificate is expired or not?

How can I make nginx use my certificate?

I need to configure a reverse-proxy on nginx that allows https. The way it’s supposed to work is the following: 1) Client connects to the site (port 80); 2) The reverse-proxy redirects it to port 443; 3) The communication is encrypted using my certificate; 4) The client request is then proxy_pass’ed to another site. My problem is in 3 and 4. My configuration successfully does all this and redirects to the site that it’s supposed to, but instead of using my certificate it uses the certificate of the site that I’m redirecting to.

Configuration:

server {     listen 80;     server_name example.com;     return 301 https://$  server_name:443; }   server {     listen 443 ssl http2;     listen [::]:443 ssl http2;     server_name example.com;      ssl_certificate /path/to/cert.crt;     ssl_certificate_key /path/to/key.key;      location {         proxy_pass https://another-site.com;         proxy_set_header Host $  host;         proxy_set_header X-Real-IP $  remote_addr;         proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;     } }

Like I said, this works but it doesn’t use the certificate I specified in this configuration

Thank you.