Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. ssl certificates
    Log in to post

    • Gmail issue adding external email account to send.
      IT Discussion • google smtp ssl certificates gmail tls exim4 exim • • dbeato  

      1
      1
      Votes
      1
      Posts
      518
      Views

      No one has replied

    • P

      Where can I learn more about SSL certs?
      IT Discussion • ssl certificates certificate authority • • Pete.S  

      12
      2
      Votes
      12
      Posts
      153
      Views

      P

      @black3dynamite said in Where can I learn more about SSL certs?: This is 5-part article about setting up your CA is pretty good. https://devcentral.f5.com/s/articles/building-an-openssl-certificate-authority-introduction-and-design-considerations-for-elliptical-curves-27720 Blog posts on Altaro. https://www.altaro.com/hyper-v/public-key-infrastructure/ https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/ https://www.altaro.com/hyper-v/windows-ssl-certificate-templates/ https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/ https://www.altaro.com/hyper-v/view-revoke-manually-approve-certificates/ Thanks! I've started to read the info.
    • Let's Encrypt Windows Server
      IT Discussion • windows server 2016 lets encrypt ssl certificates • • WLS-ITGuy  

      20
      1
      Votes
      20
      Posts
      325
      Views

      @scottalanmiller said in Let's Encrypt Windows Server: @WLS-ITGuy said in Let's Encrypt Windows Server: @JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP? What would be the concern? Curious more than anything.
    • Exchange 2016 Let's Encrypt Setup
      IT Discussion • lets encrypt ssl certificates exchange 2016 microsoft exchange win-acme • • dbeato  

      28
      1
      Votes
      28
      Posts
      7524
      Views

      EMC shows it is assigned to all services and the schedule task is there. Calling this a win.
    • Namecheap site - cert expired
      IT Discussion • ssl certificates namecheap • • bbigford  

      14
      4
      Votes
      14
      Posts
      512
      Views

      I just got a 2 year cert from NameCheap the other week. No issues at all anywhere, didn't even notice that cert was expired.
    • Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt
      IT Discussion • windows windows server ssl lets encrypt ssl certificates iis acme ssl wildcard • • scottalanmiller  

      19
      5
      Votes
      19
      Posts
      8717
      Views

      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE. Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy? One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO. Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process. It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one. Got it thanks. Looks like a bit of a learning curve then. It's not bad. I find learning the LE pieces easier than learning to do it the old fashioned way And with LE it is "learn once and ignore", rather than "learn once, forget, do again in a year or two all over again."
    • Wild Card SSL - Unifi/UNMS
      IT Discussion • ssl certificates unifi controller unms • • hobbit666  

      8
      2
      Votes
      8
      Posts
      1897
      Views

      @dbeato @JaredBusch thanks for the info. If I get time might give it a go over the weekend. Otherwise job for Monday morning
    • Resolved-Exchange 2010 - UCC SSL Cert Renewal WTF
      IT Discussion • ssl ssl certificates exchange 2010 ucc req • • wrx7m  

      12
      1
      Votes
      12
      Posts
      1627
      Views

      T

      I had the same problem: Microsoft includes a command-line utility with Certificate Services called certutil. This utility performs various operations on certificate files, including converting them to and from base64 format. Note that this command is run on your certificate server, which, in your environment, may be different from your Exchange server. If so, you need to copy the binary .req file to the certificate server, or make it accessible via a shared network folder or removable storage device. Open a command prompt on the certificate server and navigate to the folder where your binary .req file is, then type the following command: certutil -encode yourbinaryinputfile yourasciioutputfile Example: certutil -encode der.exchange.example.com.req pem.exchange.example.com.req You can then open the output file in Notepad and confirm that it is in the correct format to upload to your certifying authority.
    • SOLVED Certbot Apache plugin broken in Fedora 26
      IT Discussion • linux ssl apache lets encrypt fedora 26 ssl certificates tls certbot fredora • • brianlittlejohn  

      20
      2
      Votes
      20
      Posts
      3783
      Views

      @zachary715 said in Certbot Apache plugin broken in Fedora 26: @scottalanmiller said in Certbot Apache plugin broken in Fedora 26: I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice. Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread. It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately. Edit: Or too slow..
    • IIS and LetsEncrypt
      IT Discussion • ssl lets encrypt ssl certificates iis • • Obsolesce  

      3
      1
      Votes
      3
      Posts
      1352
      Views

      @NashBrydges Oh this is awesome! Gonna be giving that a go on Monday or Tuesday.
    • 14,766 Let's Encrypt SSL Certificates Issued to PayPal Phishing Sites
      IT Discussion • lets encrypt ssl certificates phishing • • Ambarishrh  

      7
      1
      Votes
      7
      Posts
      1075
      Views

      There is a blacklist that all CA's have on high dollar domain names to prevent major fraud. LE cannot issue for something.microsoft.com or something.bestbuy.com for example. But the sub domain names used in these PayPal examples are all outside of that. They are all on valid (ish) TLD.
    • FreePBX, SelfSigned Certs, & Let's Encrypt
      IT Discussion • freepbx ssl lets encrypt ssl certificates • • AdamF  

      18
      1
      Votes
      18
      Posts
      6261
      Views

      Yeah, that's a really awesome feature.
    • Let's Encrypt is now used around 4.86%
      News • ssl lets encrypt ssl certificates • • Ambarishrh  

      14
      1
      Votes
      14
      Posts
      2475
      Views

      @scottalanmiller said in Let's Encrypt is now used around 4.86%: Yeah, probably a lot less than a year before LE rules the roost. Maybe four more months? In a year it will have significant dominance, I am guessing. More likely about this time next year because they did not come out of beta until March
    • Camp image proxy to prevent mixed content warnings
      Platform and Category Issues • ssl ssl certificates images mixed content • • JaredBusch  

      1
      0
      Votes
      1
      Posts
      793
      Views

      No one has replied

    • Websockets and Cloudflare
      Platform and Category Issues • nodebb ssl cloudflare ssl certificates websocket • • JaredBusch  

      2
      0
      Votes
      2
      Posts
      1090
      Views

      @JaredBusch said: Here you go @scottalanmiller. Add a sub domain to handle the Websockets. https://community.nodebb.org/topic/7930/using-cloudflare-with-nodebb Thanks. That's been mentioned a few times over there but a how-to has been missing and when I'd asked about it the topics all went silent. Will look into this.
    • Setting up LetsEncrypt on a CentOS 7 NginX proxy
      IT Discussion • centos 7 how to nginx encryption ssl lets encrypt real instructions ssl certificates proxy • • JaredBusch  

      13
      7
      Votes
      13
      Posts
      8401
      Views

      @travisdh1 said in Setting up LetsEncrypt on a CentOS 7 NginX proxy: @JaredBusch said in Setting up LetsEncrypt on a CentOS 7 NginX proxy: @aaronstuder said in Setting up LetsEncrypt on a CentOS 7 NginX proxy: Any updates to this? Use Certbot never this method. keep your life simpler. Yeah. If the old way is working, that should keep working. However, certbot is easier to use. When my system came up for renew after certbot was out, I installed certbot and renewed that way. everything is in the same pace. nothing had to be changed in the config files.
    • Let’s Encrypt will enter Public Beta on December 3, 2015
      IT Discussion • encryption lets encrypt ssl certificates • • JaredBusch  

      6
      3
      Votes
      6
      Posts
      1535
      Views

      @MattSpeller Thanks for the writeup for us noobs.
    • Need a SSL with 4 Subject Alternate Names
      IT Discussion • ssl ssl certificates godaddy • • JaredBusch  

      14
      1
      Votes
      14
      Posts
      2705
      Views

      @Dashrender said: @JaredBusch said: @Dashrender said: Does Let's Encrypt give SAN certs? I was under the impression that it's for single one off type situations where people don't have the cash to purchase their own cert, most likely being used by someone self hosting (or single site/server hosting). If it is free, there is no reason not to get 4 or 5 certs instead of a SAN for most things. Stupid question time (cause I don't know) can you install multiple certs on the same server? I don't know about apache, but with NGINX each virtual host can have it's own.
    • John McAfee is Back and is Selling SSL Certs
      News • ssl certificates • • mlnews  

      1
      1
      Votes
      1
      Posts
      576
      Views

      No one has replied

    • A

      Where do you buy your SSL certs from?
      IT Discussion • ssl ssl certificates godaddy comodo verisign • • Alex Sage  

      10
      1
      Votes
      10
      Posts
      3126
      Views

      We get from rapidssl https://www.rapidssl.com/ (single domain- $49, wild card $199) or network solutions
    • Next Change for SSL Certificates
      IT Discussion • google ssl ssl certificates symantec • • scottalanmiller  

      5
      2
      Votes
      5
      Posts
      1813
      Views

      @thecreativeone91 said: @scottalanmiller said: @thecreativeone91 said: So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked. No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing. But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert.. That's a completely different piece of security. If you hijack DNS you completely bypass it.