Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 22/170 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • apache and SSL certificate

    - by user12145
    [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) When connecting to https://www.xxx.com, it just says connecting, then timed out. ServerAdmin [email protected] ServerName www.xxx.com:443 DocumentRoot /var/www/vhosts/xxx SSLCertificateFile /etc/pki/tls/certs/xx.com.crt

    Read the article

  • DNS CNAME - SSL-certificate issue.

    - by Phoibe
    Hey, I have obtained an SSL certificate by Thawte for domain.com Now my infrastructure changed due to heavy load I have mx.domain.com as SMTP relay storage.domain.com as Mail-Storage and domain.com pointing at Web-Server Every server is hosted on another dedicated/virtual server with individual IP. I do not want to put the Web-Server on the Mail-Storage for security reasons but I do want to use my SSL-Certificate for the Mail-Storage(POP3S/IMAPS). Is that possible or how do I solve that issue?

    Read the article

  • Buying a certificate - what to spend and where

    - by bergin
    Hi there My boss wants to buy a certificate for his SBS so external connection can be made. they access on an IP number. What should he spend on the certificate? Where should he buy from? Verisign seems like overkill as its not an ecommerce site, just needs some security. Ive seen some cheap ones at $20 / yr - are there any problems with getting cheap certificates?

    Read the article

  • Multiple websites each with an SSL certificate of its own

    - by ServerDown
    Hi, We run cent os, plesk with apache and php, mysql. There are around 25 sites and each of them need an SSL certificate now. The host cannot have more than 16 IPs on the same server. Is it possible to have all these sites use just one IP address and have SSL certificate setup for each site? If yes, please let me know how I can set this up. Thanks

    Read the article

  • Create a certificate file

    - by saeed hardan
    I have a proxy that I want to test. The proxy generates a private key and a certificate like here . I have tried to copy the content as in the link in a file and name it x.CER , then clicked on it and i got the message : This file is invalid for use as the following : Security Certificate how can i install them on windows ? note: I have set in internet options that all the traffic goes throw the proxy

    Read the article

  • Certificate Authentication

    - by Steve McCall
    I am currently working on deploying a website for staff to use remotely and would like to make sure it is secure. I was thinking would it be possible to set up some kind of certificate authentication where I would generate a certificate and install it on their laptop so they could access the website? I don't really want them to generate the certificates themselves though as that could easily go wrong. How easy / possible is this and how do I go about doing it?

    Read the article

  • Delayed responses for cURL SSL PUTs/POSTs (php) (NSS vs OpenSSL)

    - by Yarin
    I have two Fedora-based apache webservers making the same SSL PUT/POST calls with php/cURL. One works fine, but with the other the call succeeds but takes a VERY long time to return a response (~10 min). (GETs don't seem affected) The working server's cURL uses OpenSSL for SSL, while the non-working version uses a later version of cURL that uses NSS for SSL I know nothing about SSL implementations or their effect on cURL. What would cause such a significant delay in SSL PUT/POST responses? Any suggestions appreciated- Thanks--

    Read the article

  • Trouble understanding SSL certificate chain verification

    - by Josh K
    My app uses SSL to communicate securely with a server and it's having trouble verifying the certificate chain. The chain looks like this: Entrust.net Secure Server Certification Authority - DigiCert Global CA - *.ourdomain.com We are using a certificate store pulled from Mozilla. It contains the Entrust.net certificate, but not the DigiCert Global CA one. My understanding is that an intermediate authority doesn't have to be trusted as long as the root authority is, but the verification fails: % openssl verify -CAfile mozilla-root-certs.crt ourdomain.com.crt error 20 at 0 depth lookup:unable to get local issuer certificate So do I need to explicitly trust the DigiCert Global CA in order for verification to pass? That seems wrong. But you tell me! EDIT: I now understand that the certificate file needs to be available to OpenSSL up front. Something like this works: % openssl verify -CAfile mozilla-root-certs.crt -untrusted digicert.crt ourdomain.com.crt ourdomain.com.crt: OK This allows me to provide a copy of the DigiCert CA without explicitly saying "I trust it", the whole chain still needs to be verified. But surely browsers like Firefox won't always ship with a copy of every single certificate it'll ever need. There's always going to be new CAs and the point is to use the security of the root certificate to make sure all intermediate CAs are valid. Right? So how does this work? Is it really as silly as it looks?

    Read the article

  • Why is site serving different SSL certs to different browsers?

    - by TRiG
    The SSL certificate on menswearireland.com and on www.menswearireland.com works fine on Safari, Chrome, SeaMonkey, K-Meleon, QtWeb, Firefox, and Opera. However, Internet Explorer claims that there is an error: The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) Another site hosted on the same managed server shows no errors: achill-fieldschool.com and www.achill-fieldschool.com work fine on IE, even though as far as I can tell the certificate is set up identically. What am I doing wrong? This is a LAMPP server running Plesk. It looks like the server is showing different certificates to different clients. To some clients it shows a RapidSSL certificate made out to www.menswearireland.com with menswearireland.com as a valid alternative name. To other clients, it shows a Parallels Panel certificate, made out to Parallels Panel. Here are results from a few different online SSL checkers: most say it's fine, while two show errors. Three online checkers say it's valid Comodo SSL Check shows it as valid DigiCert SSL Check shows it as valid SSL Shopper SSL Check shows it as valid Common name: www.menswearireland.com SANs: www.menswearireland.com, menswearireland.com Valid from October 2, 2012 to November 4, 2013 Serial Number: 559425 (0x88941) Signature Algorithm: sha1WithRSAEncryption Issuer: RapidSSL CA Another online checker seems to see a completely different certificate GeoCerts SSL Check shows it as invalid Common name: Parallels Panel Organization: Parallels Valid from August 15, 2012 to August 15, 2013 Issuer: Parallels Panel Another online checker sees more than one certificate Symantic SSL Check shows it as invalid The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Incidentally, on both menswearireland.com and achill-fieldschool.com the homepage will redirect from HTTPS to HTTP. To see SSL details, visit the page /account on both (that page will redirect from HTTP to HTTPS). I’ve found more information in a more detailed online SSL checker. https://www.ssllabs.com/ssltest/analyze.html?d=menswearireland.com This site works only in browsers with SNI support My understanding is that SNI (RFC 6066) is a method for putting many SSL sites on one shared IP address and port. This does not work on Internet Explorer on older versions of Windows (this has to do with the version of Windows, not the version of Internet Explorer). However, all our SSL sites are on a unique IP address, so we shouldn’t need SNI.

    Read the article

  • How to use SSL for some pages and not for others?

    - by solid
    We are building an application where we want anything the following to be SSL: secure.ourapp.com - all pages must be SSL (can this be done with a Vhost in apache?) www.ourapp.com/signup - SSL www.ourapp.com/login - SSL www.ourapp.com/information - NOT SSL So my question is: can you put SSL on some pages and not on others? Or does it only work on a per-subdomain basis? thanks a lot for helping me out

    Read the article

  • Cannot connect to website - SSL handshaking fails

    - by ravenspoint
    So I cannot connect to certain websites. Just a few, most are OK. The one I really care about is paypal.com. I have done the usual things. Let's see: Checked my etc/hosts Flushed the DNS cache Checked firewall Switched on & off virus protection Switched on and off ad blocking pinged the sites Eventually, I decided to look at what curl is saying in detail == Info: About to connect() to www.paypal.com port 443 (#0) == Info: Trying 66.211.169.2... == Info: connected == Info: SSLv3, TLS handshake, Client hello (1): => Send SSL data, 110 bytes (0x6e) 0000: 01 00 00 6a 03 01 4f 6c aa 8c 57 2b 3d 1e 74 64 ...j..Ol..W+=.td 0010: c1 27 25 a5 3a 12 7f 3f 41 0a 17 15 2e c9 67 7c .'%.:.?A.....g| 0020: b3 e1 f6 9a db a9 00 00 2a 00 39 00 38 00 35 00 ........*.9.8.5. 0030: 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 ......3.2./..... 0040: 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 ................ 0050: 03 00 ff 01 00 00 17 00 00 00 13 00 11 00 00 0e ................ 0060: 77 77 77 2e 70 61 79 70 61 6c 2e 63 6f 6d www.paypal.com (hangs here for ever) This looks to me like paypal is refusing to reply to the first SSL handshake. I don't know much about SSL, but compaing to the output from a site that works for me seems to make it obvious == Info: About to connect() to www.cibc.com port 443 (#0) == Info: Trying 159.231.80.200... == Info: connected == Info: SSLv3, TLS handshake, Client hello (1): => Send SSL data, 108 bytes (0x6c) 0000: 01 00 00 68 03 01 4f 6c ad 6a 1f 67 d5 84 c4 4b ...h..Ol.j.g...K 0010: 0d 49 ae d6 b9 5b c3 63 f9 48 aa 18 da 43 d1 32 .I...[.c.H...C.2 0020: 47 ae 17 e5 cd e9 00 00 2a 00 39 00 38 00 35 00 G.......*.9.8.5. 0030: 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 ......3.2./..... 0040: 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 ................ 0050: 03 00 ff 01 00 00 15 00 00 00 11 00 0f 00 00 0c ................ 0060: 77 77 77 2e 63 69 62 63 2e 63 6f 6d www.cibc.com == Info: SSLv3, TLS handshake, Server hello (2): <= Recv SSL data, 74 bytes (0x4a) 0000: 02 00 00 46 03 01 00 00 58 cf 26 e2 e1 65 db 11 ...F....X.&..e.. 0010: bc 6f 26 7b 3b 6d eb 14 5f ad 47 dd 86 ea 4d a3 .o&{;m.._.G...M. 0020: fb 9f b7 2a 54 3e 20 5f 6b 04 5a 12 38 64 5d 18 ...*T> _k.Z.8d]. 0030: 65 9e e9 cd 61 eb 91 c1 16 25 61 30 bb 08 2a 78 e...a....%a0..*x 0040: b8 ee b8 7e f2 65 6a 00 04 00 ...~.ej... == Info: SSLv3, TLS handshake, CERT (11): ... and so on - working nicely eventually get some nice HTML Now I am reaaly stuck. This has been going on for five days, so I am pretty sure that the problem is not with paypal. But what on my system could be interfering with the SSL handshaking done by curl with this particular site? I suppose I could not be offering any certificates that PayPal accepts, but wouldn't I get a reply telling me so, or at least giving an error?

    Read the article

  • ISA Server 2006 SSL Certificate Dilemma

    - by JohnyD
    I'm making so great headway in offering our services over https with help from a Go Daddy certificate, later to be upgraded to Thawte SSL123 certs. But, I've just run into one whopper of a problem. Here's my setup: I run an ISA 2006 firewall. Our web services are distributed over 2 servers. One is Windows 2000 (www.domain.com) and the other is Windows 2003 (services.domain.com). So, I'll need to purchase 2 certs for both www and services, import them into IIS6 on their respective machines, then export them with the primary key (making sure to Include all certificates in the certification path if possible... that had me stumped for a while), and then to finally import them into ISA's local computer Personal store. The problem I've just run into is that I have separate firewall rules for services.domain.com and www.domain.com... because requests need to be forwarded to different web servers. Each of these firewall rules use the same httplistener. I have just found out that you can only use 1 certificate per httplistener. To make matters worse you can only have a single httplistener per ip / port. Is this correct? I can only use a single certificate for a single ip address? This would seem to be a severe limitation. Am I wrong? If I'm not then I've got a whole lot more work ahead of me as I'll have to set up extra ip's, add them to the firewall's network interface, create new listeners using that ip, etc... Can someone please confirm that I'm doing this correctly / incorrectly? Once I got my head wrapped around it all it seemed easy... then this. Thanks in advance.

    Read the article

  • Troubleshooting certificate issues

    - by Weezy
    I'm trying to access my (European Parliament) Webmail from a Linux/Firefox machine at the following address and I get security warning messages explaining that the identity of the site cannot be verified (the error message is in french). But this only happens with Linux/Firefox from one machine. Here's the address: https://webmail.europarl.europa.eu/ (and I'm trying to access it from my home, not from the EP). And here's the detailed error message: webmail.europarl.europa.eu utilise un certificat de sécurité invalide. Le certificat n'est pas sûr car l'autorité délivrant le certificat est inconnue. (Code d'erreur : sec_error_unknown_issuer) So basically, if I translate, it is telling that the webmail.europarl.europa.eu certificate is invalid because the authority that delivered the certificate is unknown. I do only get this invalid certificate thing on Linux/Firefox. From a MacBookPro running Safari, I go to what looks like the correct webmail login page. From the same Linux machine, but using another user account and Chrome instead of Firefox, I go to what looks like the correct webmail login page. So there are several possibilities, here are a few ones: Firefox is right and my Linux box has been hacked Firefox is right and detecting something that neither Chrome nor Safari is detecting (like, say, my router that may be hacked) Safari on the MacBook Pro and Chrome on Linux are both correct and it is just Firefox on Linux that is wrongly stressing me when everything is normal. How do I know which one of these possibilities (or any other) is correct? How can I troubleshoot what is going on with either Linux/Firefox or with the parliament's webmail?

    Read the article

  • Outlook certificate error and separate send/receive error

    - by Richard
    I run a laptop with Vista 32bit and MS Office 2010. Outlook has two profiles, both configured as POP3/SMTP and neither go through an exchange server. Recently, one of the mail servers (hosted with easily) was getting full, so I changed the profile setting to delete from the server if mails are older than 60 days. Suddenly, I am now experiencing a couple of glitches. The first is that I get a certificate error when outlook tries it's first send/receive under the relevant profile - "The server you are connected to is using a security certificate that cannot be verified" This continues despite apparently successfully re-importing the certificate. The second glitch is that I get a "Sending reported error (0x8004010F): 'Outlook data file cannot be accessed'" error on send receive. Strangely, it seems to be trying to send/receive twice - once to 'mail@domain', which works, and the second to 'domain' which doesn't. I've tried deleting the profile and re-creating it, pointing to the original .pst file, but still get both errors. Does anybody know how I can resolve these errors? (As a by note, and not that important, more for curiosity, does anybody know why simply changing the delete from server setting against that profile would cause these issues?)

    Read the article

  • Nginx, proxy passing to Apache, and SSL

    - by Vic
    I have Nginx and Apache set up with Nginx proxy-passing everything to Apache except static resources. I have a server set up for port 80 like so: server { listen 80; server_name *.example1.com *.example2.com; [...] location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf|te?xt)$ { access_log off; expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Vary: Accept-Encoding; } location / { proxy_pass http://127.0.0.1:8080; include /etc/nginx/conf.d/proxy.conf; } } And since we have multiple ssl sites (with different ssl certificates) I have a server{} block for each of them like so: server { listen 443 ssl; server_name *.example1.com; [...] location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf|te?xt)$ { access_log off; expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Vary: Accept-Encoding; } location / { proxy_pass https://127.0.0.1:8443; include /etc/nginx/conf.d/proxy.conf; proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Proto https; } } server { listen 443 ssl; server_name *.example2.com; [...] location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf|te?xt)$ { access_log off; expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Vary: Accept-Encoding; } location / { proxy_pass https://127.0.0.1:8445; include /etc/nginx/conf.d/proxy.conf; proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Proto https; } } First of all, I think there is a very obvious problem here, which is that I'm double-encrypting everything, first at the nginx level and then again by Apache. To make everything worse, I just started using Amazon's Elastic Load Balancer, so I added the certificate to the ELB and now SSL encryption is happening three times. That's gotta be horrible for performance. What is the sane way to handle this? Should I be forwarding https on the ELB - http on nginx - http on apache? Secondly, there is so much duplication above. Is the best method to not repeat myself to put all of the static asset handling in an include file and just include it in the server?

    Read the article

  • what means subject in certificate?

    - by George2
    Hi guys, The related link is this MSDN article. I am always confused about the term "subject", for example, sk option "Specifies the subject's key container location", sr option "Specifies the subject's certificate store location". What exactly mean subject? The certificate owner? The certificate issuer (e.g. the root CA which issues the certificate)? Or something else? regards, George

    Read the article

  • How to retrieve certificate from my store personal? [closed]

    - by shariphwar
    I want to use the following code by java program. How to convert the following C# code to java code or how to write just like this code by java programming language? Access certificate by C# X509Store store = null; X509Certificate2Collection _recipients = null; // select the right store //if (lstRecipients.Text=="Personal") store = new X509Store(StoreName.My, StoreLocation.CurrentUser); // else // store = new X509Store(StoreName.AddressBook, StoreLocation.CurrentUser); // open store and show certificate picker store.Open(OpenFlags.ReadOnly); X509Certificate2Collection tempCollection = X509Certificate2UI.SelectFromCollection(store.Certificates, "Crypter", "Select a Certificate for Encryption", X509SelectionFlag.MultiSelection); store.Close();

    Read the article

  • Error when trying to start Apache after installing SSL cert

    - by chris
    I am trying to install an SSL certificate, and I get the following errors: AH02241: Init: Unable to read server certificate from file /path/my.crt SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509) AH02312: Fatal error initialising mod_ssl, exiting. Here's the process I followed: I generated my private key with: openssl genrsa -out my.key 2048 I created the CSR with: openssl req -new -key my.key -out my.csr I provided the CSR to our IT department, and they returned a crt - it starts with -----BEGIN CERTIFICATE----- My ssl.conf has (my.example.com matches the Common name used during the generation of the CSR): <VirtualHost my.example.com:443> SSLEngine On ServerName my.example.com SSLCertificateFile /path/my.crt SSLCertificateKeyFile /path/my.key </VirtualHost> I do not have SSLCertificateChainFile or SSLCACertificate file set. The private key starts with ----BEGIN RSA PRIVATE KEY----- The csr starts with -----BEGIN CERTIFICATE REQUEST----- I have verified that both: openssl rsa -noout -modulus -in my.key openssl req -noout -modulus -in my.csr produce the same output. I cannot figure out how to verify the crt - trying both x509 and rsa produce an error. Should this process have worked? Can I verify that my.crt matches the key somehow?

    Read the article

  • ssl_error_rx_record_too_long connection error with SSL site in Firefox

    - by Thomas
    I am trying to set up SSL in Apache but when I go to the server in Firefox I get the following error message: An error occurred during a connection to sludge.home. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) My virtual host config file looks like this. <IfDefine SSL> <VirtualHost *:443> ServerName sludge.home SSLEngine on SSLCertificateFile /usr/local/apache/cert/server.crt SSLCertificateKeyFile /usr/local/apache/cert/server.pem SSLProtocol -SSLv2 SSL CipherSuite HIGH:!ADH:!EXP:!MD5:!NULL DocumentRoot "/usr/local/apache/htdocs" ServerAdmin [email protected] <Location /> AuthType Digest AuthName "private area" AuthDigestDomain / AuthDigestProvider file AuthUserFile /usr/local/apache/passwd/digest_pw Require valid-user </Location> <Directory /usr/local/apache/htdocs/bugz> AddHandler cgi-script .cgi Options +Indexes +ExecCGI DirectoryIndex index.cgi AllowOverride Limit FileInfo Indexes </Directory> <Directory /usr/local/apache/htdocs/bugzilla> AddHandler cgi-script .cgi Options +Indexes +ExecCGI DirectoryIndex index.cgi AllowOverride Limit FileInfo Indexes </Directory> <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> <Directory "/usr/local/apache/htdocs"> Options Indexes FollowSymLinks Allow Override None Order allow,deny Allow from all </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> </VirtualHost> </IfDefine> A telnet to this server reveals that server is sending plain HTML back. Further more it seems as though mod_ssl is not loaded/working even though when I httpd -l it shows up as being statically compiled in. I have exhausted most avenues I can think of.

    Read the article

  • Why apache doesn't restart after configuring SSL?

    - by poz2k4444
    I've installed apache2 and then configure it to work with SSL following this and this tutorials, the problem becomes when I try to restart the service, the following error throws: (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443 no listening sockets available, shutting down Unable to open logs the output of netstat -anp | grep 443 just display firefox listening and anything else, how could I solve this and get the service running?? The ouput of ps -Af|grep <firefox PID> is: root 1949 1 11 18:42 tty1 00:20:55 /opt/firefox/firefox-bin root 2025 1949 4 18:43 tty1 00:08:39 /opt/firefox/plugin-container /root/.mozilla/plugins/libflashplayer.so -greomni /opt/firefox/omni.ja 1949 true plugin after closing firefox and then cheking again for port 443 the output is: tcp 0 0 10.32.208.179:38923 74.125.139.155:443 TIME_WAIT - tcp 0 0 10.32.208.179:45706 74.125.139.113:443 TIME_WAIT - tcp 0 0 10.32.208.179:40456 74.125.139.156:443 TIME_WAIT - tcp 0 0 10.32.208.179:56823 69.171.227.62:443 FIN_WAIT2 - unix 3 [ ] STREAM CONNECTED 12443 1721/dbus-daemon @/tmp/dbus-8ee35rmOOS Seeing the error logs, which are not at the time when I'm doing this, the last errors are: [Tue Oct 02 18:41:54 2012] [error] Init: Unable to read server certificate from file /etc/apache2/ssl/sever.crt [Tue Oct 02 18:41:54 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Tue Oct 02 18:41:54 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

    Read the article

  • Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?

    - by jackweirdy
    In the HTTPS/SSL section of chrome://chrome/settings, I see the following: What does this mean, and is there something wrong? I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites. From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site. My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication. NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs. What I'd like to know is: Is this correct? - The big red boxes make me think no Is this malicious or benign? What can I do to resolve this problem? (If indeed it is a problem) Thanks :)

    Read the article

  • Why is my RapidSSL Certificate chain is not trusted on ubuntu?

    - by olouv
    I have a website that works perfectly with Chrome & other browser but i get some errors with PHP in CLI mode so i'm investigating it, running this: openssl s_client -showcerts -verify 32 -connect dev.carlipa-online.com:443 Quite suprisingly my HTTPS appears untrusted with a Verify return code: 27 (certificate not trusted) Here is the raw output : verify depth is 32 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=27:certificate not trusted verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 So GeoTrust Global CA appears to be not trusted on the system (Ubuntu 11.10). Added Equifax_Secure_CA to try to solve this... But i get in this case Verify return code: 19 (self signed certificate in certificate chain) ! Raw output : verify depth is 32 CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify error:num=19:self signed certificate in certificate chain verify return:1 depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 Edit Looks like my server does not trust/provide the Equifax Root CA, however i do correctly have the file in /usr/share/ca-certificates/mozilla/Equifax...

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >