Questions tagged [ssl]
SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.
7,815 questions
Score of 0
0 answers
6 views
Step-CA (Smallstep) with 6 intermediate CAs, Badger/CNPG and passthrough HAProxy — is this architecture correct for production?
Context
I'm operating a PKI based on step-ca (Smallstep), version 0.30.2, to issue short-lived certificates:
SSH (user and host)
TLS/X.509 (internal services)
The CA sits behind its own ...
Score of 5
1 answer
912 views
Does any CA still issue certificates compatible with Starfield Class 2 Certification Authority?
I have a fleet of legacy IoT devices that trust only the root certificate:
Starfield Class 2 Certification Authority
I need to host a temporary HTTPS endpoint for a one-time firmware update, but the ...
Score of 1
1 answer
137 views
Dovecot closes client connection after successful login, so IMAP session fails
Trying to bring up a Dovecot 2.4.3 installation on my publicly accessible home server. I had a working 2.3.x installation and have followed all the migration advice on the dovecot website. Eventually, ...
Score of 0
1 answer
322 views
How can I setup double nginx reverse proxy?
I want to use double nginx reverse proxy:
client <--> first nginx reverse proxy <--> second nginx reverse proxy <--> web server
1st nginx server IP: 111.222.333.444. Second nginx ...
Score of 1
0 answers
161 views
Updating dynamically a resource record using DoT
I am trying to update resource records on a primary DNS bind9 server from a client using nsupdate.
There is no issue when using the default 53 port.
An issue appears when using DoT (DNS over TLS) over ...
Score of 0
0 answers
149 views
FreeRADIUS RadSec TCP connections plateau around ~500 per instance
We are benchmarking RadSec (TCP/TLS) connections against a single FreeRADIUS instance and observing a consistent connection ceiling.
FreeRADIUS (version 3.2.8)
Running in Kubernetes (single pod)
~...
Score of 1
1 answer
378 views
Mutual TLS Abruptly Stopped Working on Tomcat 9 and 11 Servers
I’m troubleshooting a sudden and inconsistent failure of client certificate prompts across multiple Java web applications running in a test/development environment. These applications run on two ...
Score of 0
1 answer
436 views
Unable to enable TLS 1.1 on Windows Server 2022 Datacenter Azure Edition
I am in the process of migrating my ASP.NET framework application (running in IIS) onto a Microsoft Azure virtual machine. I have run into a problem.
TSL version 1.1 is officially deprecated. ...
Score of 4
2 answers
674 views
TLSA/DANE via Let’s Encrypt wildcard certificate in Plesk on domain with external DNS
Disclaimer: I am not a professional server admin, but I’m all we have at the company where I work. Please gear answers to novice level.
I manage a domain with multiple subdomains. The DNS for the ...
Score of 0
1 answer
177 views
How to go about debugging Pleroma federation issues?
TL/DR
I'm seeing ssl_verify_hostname:verify_cert_hostname in my logs and my posts dont reach foreign servers. I know of no way how to debug that.
longer story
what I did to get here
I've been running ...
Score of 0
0 answers
250 views
Java certificate failures with Rundeck and LDAPS
I am attempting to connect a Rundeck container (Server A) to an OpenLDAP container (Server B) via LDAPS.
While standard CLI tools work perfectly (LDAPTLS_REQCERT=never ldapsearch -H ldaps://ldap-...
Score of 0
1 answer
711 views
How to use certbot certificates for exim TLS? How to set permissions?
I have certbot that keep a valid certificate and key in its folder /etc/letsencrypt/archive/
The cert is public (644) and key is restricted to root (600).
I'm wondering how can I let exim read as TLS ...
Score of 3
2 answers
434 views
Docker TLS verification works on one server, fails on another identical server with "certificate signed by unknown authority": An Unexplained Mystery
I'm facing a truly bizarre Docker TLS issue that has exhausted all standard debugging methods. I have two Rocky 9 systems, and a Docker pull operation with a self-signed registry works on one but ...
Score of 0
1 answer
204 views
RapidSSL wildcard - Issuer of this certificate could not be found
I imported it into the Exchange server. But there is a warning for the certificate as follows.
Issuer of this certificate could not be found
Issued by : RapidSSL TLS RSA CA G1
Issuer:
CN = RapidSSL ...
Score of 0
0 answers
148 views
I have a issue in a websocket connection: - net::ERR_CONNECTION_TIMED_OUT when a i want to access to Route in openshift
First and foremost, thank you for taking the time to read my question.
I'm encountering a
net::ERR_CONNECTION_TIMED_OUT error
with a Janus SSL WebSocket connection and would greatly appreciate any ...