Afternoon All (or morning depending where you are),
I've recently started getting back into making blogs as something to stop me watching rubbish TV when i get in from work, my question might be a stupid one, but as this is currently more of a hobby (no ad revenue as of yet, only launched a week ago however) is having an SSL certificate make or break in terms of SEO or general traffic/bounce rate for a new blog? If the answer is yes i have no problem spending the money, i would just rather…
Are SSL Certificates Make or Break for New Blogs
I was accessing my internet banking site, and browser asking to install some certificates noted some extensions of certificate.
Do i need to install certificate to access the site safely or can i access it ignoring the suggestion of installing certificate ?
Do certificate helps me to more secure browsing ?
I have a single HTTPS connection. I am using SSL / TLSv1.2
We are changing to a new CA. For the interim, I wanted to concatenate the old CA and the new CA in my CA file. Load the new cert for the new CA. So, now I have 2 certs. 1. Old CA, 2. New CA and both CA’s concatenated with their root cert.
It seems this causes TLS to shut down and process in the clear.
How can I support this?
I am running a web service that can be accessed from my domain company’s name. I have setup automatic SSL certificates with Lets Encrypt as seen below.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: basic-ingress annotations: certmanager.k8s.io/issuer: letsencrypt spec: tls: - hosts: - my.domain.net secretName: my-domain-net-tls rules: - host: my.domain.net http: paths: - backend: serviceName: frontend-service servicePort: 80-to-8080-tcp
I want to offer clients the option of serving the frontend from their own domains. What is the best way to go about this with certificates? I understand that I can setup the load balancer to use multiple secrets as shown here: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl, but I will need to be serving from more than the stated max of 10 domains.
Is there a more efficient way to go about this? What’s the industry standard for serving one frontend service from multiple domains?
In our system there are a lot of certificates. Some of them are used to secure HTTPS endpoints. Many more of them are used as a means of authenticating our system to an external system (we integrate with over a dozen of other systems). Some others yet are used to authenticate external systems to our system.
All in all, we have dozens of various certificates lying about all over the place. Most of them are only found in one place – the production server that needs them. Some are checked in source control which we all agree is not a good idea, but nobody has gotten around to fixing that yet. There is no list of all (or any) of them.
Me and a few other colleagues feel that this is too chaotic. It feels like we should have some sort of registry where they are stored. A central place which lists them all; where you can check which one is going to expire next; and where you can restore them from when the need arises. Occasionally a certificate does expire and nobody notices it until it’s too late.
Other colleagues feel differently. Most certificates are either automatically renewed (certbot), there are notifications set in our monitoring system (Zabbix), or there are emails from 3rd parties notifying us when they expire and need to be replaced. All certificates are already backed up in the “normal” server backups which simply back up the virtual server image. And if those backups are gone too, we have bigger problems to worry about. In addition, storing the certificates elsewhere reduces security.
Is there some largely agreed upon best practice here? Should we create a central certificate registry or should each certificate be found in one place and only one? Is there perhaps already some software for securely managing a list of certificates?
I need one place to deal with… Looking for a company that has been in the web hosting business at least for 5 years.
I need 25GB space, bandwidth can be 1100GB.
I have some SW that extracts certificates data and the SW utilizes OpenSSL. I am confused what is the difference between the
subjectKeyIdentifier and the
sha1Fingerprint. Both are hash values. My intuition is that the
subjectKeyIdentifier is the hash of the public-key of the certificate and the
sha1Fingerprint is the hash of the overall fields of the certificate. My research made more confused. For example, this reference says about the
This is a hash value of the SSL certificate.
This is an example of what I get from the SW:
"subjectKeyIdentifier": "A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1", "sha1Fingerprint": "E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB"
What is the difference between the two hashes? What each hash is for?
Have a number of private network services deployed on different nodes outside of encrypted mesh systems, like Docker or Consul.
The services have high value and should communicate via TLS only, currently using OpenSSL.
Once the certificates are about to expire in production environment, should they be renewed manually by sys-admin or it may be automated somehow?
Is it secure to use cron tasks for this?
– A have CertA and secret key KsA
– B have CertB and secret key KsB
A need to transfer data M to B with the requirement of confidentiality and authenticity, BUT Data encryption must be done by symmetric encryption.
How do A and B do that to achieve all the requirements?
We have a SharePoint site https://example.com hosted on port 443.
There is another site https://anotherexample.com that should be hosted on same server and without port (i.e. 443).
Both the certificates are issued to different host names (i.e. not wildcard certificate).
How can I achieve above scenario?
I’m working on IIS 6.
Any help is much appreciated!