I was under the impression that I could run it on any machine, but a guy from our hosting company is saying that the csr has to be generated on the server hosting the site. Can anyone clear this one up for me? Thanks. ...
I want a SSL certificate for my web site that will not only be accepted without warning by all popular browsers (at least accepted by Firefox and Internet Explorer), but also give my visitors the green address bar. Which certificate authority is selling the least expensive extended validation SSL certificates? ...
I am not able to access localhost https pages in firefox3. It gave the error 'Can't connect securely because the SSL protocol has been disabled. (Error code: ssl_error_ssl_disabled)' I enabled all the SSL2 related preferences through about:config and the error changed to 'Data Transfer Error The browser connected successfully, but t...
Do end users really care if a SSL EV certificate is from VeriSign, Thwate, DigiCert, or etc.? A certificate from VeriSign can cost up to 3x the cost from DigiCert for the same basic features. VeriSign is probably the most recognizable brand name though. I've had many discussions with people about this topic, but I've never seen any real...
I'm working on deploying a small community site. User registration requires nothing more than a username, email address, and password. I'm not even asking for a name, and certainly not storing any sensitive data. Should I still invest in an SSL certificate? Would it be considered terrible practice to transmit a user's password without o...
We need to set up a secure certificate on an Apache reverse proxy. We've been advised that we need to use a virtual host directive. I've looked these up in the O'Reilly book bit can't find any examples that pick up https specifically. Does anyone have any examples of config snippets to do this? ...
I may be barking up the wrong tree... However, what I have is a MySQL server that accepts connections only from a client with a valid SSL cert (see this link). This works great for example with Rails. I have my database on one server, and a Rails app that connects using the client certificate. Maybe not the fastest, but it works. The co...
Not a programming question per se, but interesting for people who do commercial web development. How do you track all of your clients' hosting, domain registration, and SSL certificate expiry dates? Do you just keep a spreadsheet or is there some useful piece of software for this? I've searched extensively and can't find a usable piec...
Our ssl certificate recently expired, so we were issued a new one by the CA. Unfortunately, when biztalk uses this certificate to access a server, the server rejects it, giving us a 403.17 error (Expired or not yet valid). So I checked the dates of the certificate and it seems okay. But to really check if the certificate was working, w...
Here is the code to add a pfx to the Cert store. X509Store store = new X509Store( StoreName.My, StoreLocation.LocalMachine ); store.Open( OpenFlags.ReadWrite ); X509Certificate2 cert = new X509Certificate2( "test.pfx", "password" ); store.Add( cert ); store.Close(); However, I couldn't find a way to set permission for NetworkService t...
Our Windows CE 5.0 application has a problem with our wildcard SSL certificate (*.domain.com) - it won't accept it as valid. I understand that Windows Mobile 6.0 has support for wildcard certificates (earlier versions don't) and that is built on WinCE 5 which suggests it should be possible to change WinCE 5 to accept wildcard certificat...
Hello, I recently purchased a security certificate for a website valid for www.example.com but not for *.example.com (wildcard version - more expensive) The problem i have now is that although users can type http://example.com , the secure version (ssl enabled pages) https://example.com raises the invalid certificate exception - which is...
Hi there, I am going to switching SSL onto a Rails site of mine pretty soon and was wondering if anyone has thoughts or suggestions as to who is the best provider? Does anyone have any happy stories or horror regarding certain vendors?? Thanks Kent ...
I'm developping a software which will be deployed using clickonce (on the website foo.com), and which will then connect to my server using WCF with an encrypted transport So I need an SSL certificate which will : Identify my foo.com website has really being my website Identify the exe I deploy using clickonce as being genuine Identify...
I am attempting to setup our servers to allow traffic over SSL. I am aware that SSL does not work with Name Virtual Host, but we have all of our apache servers on virtual machines with dedicated private IPs. We have a primary virtual machine that has mod_proxy setup to route traffic to the appropriate vms. However, in order to route h...
I'm trying to connect to an API that uses a self-signed SSL certificate. I'm doing so using .NET's HttpWebRequest and HttpWebResponse objects. And I'm getting an exception that: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. I understand what this means. And I understand...
Hi, is there a way to convert from a .key file to a .pfx file? thank you. EDIT: I only have the .key file but my hosting provider says that I could convert it to .pfx with just that file. ...
A friend of mine asked me why we pay so much for SSL certificates if everyone could theoretically issue one. Why indeed? And how do we judge if the little lock in the browser is really trustworthy? ...
I'm in the process of creating a CSR, and I wonder which is arguably the best length for my RSA key. Of course, 384 is probably too weak, and 16384 is probably too slow. Is there a consensus on the key length one should use, depending on the certificate lifetime? Edit : Like most people, I want my key to be reasonably strong. I'm not...
I have one self signed rootcacert.pem which is going to expire next month. Due to specific reason I have extended the validity of this rootcacert using the command : openssl x509 -in rootcacert.pem -days 365 -out extendedrootcacert.pem - signkey rootcakey.pem -text So I get the new root ca as extendedrootcacert.pem. Using new root ca,...