Super User
Super User

Questions tagged [ssl]

SSL refers to Secure Sockets Layer, a security protocol that has been replaced by Transport Layer Security (TLS). TLS is still commonly referred to as SSL.

The SSL protocol provides privacy and integrity of data between two applications that communicate over the Internet. This occurs through the authentication of the parts involved and the number of data transmitted between them. This protocol helps prevent intermediaries between the two ends of the communication have unauthorized access or falsifying the data transmitted.

The site server being accessed sends a public key to the browser, used by this call to send a secret, randomly created. Thus, it is established to exchange encrypted data between two computers.

It is based on the TCP protocol suite TCP / IP and utilizes the concept introduced by Diffie-Hellman in the 70s (public key cryptography) and Phil Zimmermann (PGP creator of the concept).

1853 questions
450
votes
9 answers

How to save a remote server SSL certificate locally as a file

I need to download an SSL certificate of a remote server (not HTTPS, but the SSL handshake should be the same as Google Chrome / IE / wget and curl all give certificate check fail errors) and add the certificate as trusted in my laptops Windows'…
Kimvais
  • 4,908
411
votes
23 answers

How do I list the SSL/TLS cipher suites a particular website offers?

How can I retrieve a list of the SSL/TLS cipher suites a particular website offers? I've tried openssl, but if you examine the output: $ echo -n | openssl s_client -connect www.google.com:443 CONNECTED(00000003) depth=1 /C=ZA/O=Thawte Consulting…
Jeremy Powell
  • 7,289
275
votes
7 answers

What is the difference between a certificate and a key with respect to SSL?

Whenever I try to understand anything about SSL I always have a hard time keeping track of what "key" and "certificate" refer to. I fear many people use them incorrectly or interchangeably. Is there a standard difference between a key and a…
drs
  • 2,953
129
votes
8 answers

How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?

My work place intercepts SSL connections, looks at their contents, and then passes the data to and from my machine and remote hosts - a kind of man-in-the-middle attack. This is not uncommon in corporate or enterprise environments. Now I have a…
Richard
  • 3,501
  • 2
  • 23
  • 26
94
votes
11 answers

How to create my own certificate chain?

I would like to set up my own OCSP Responder for testing purposes, and this requires me to have a Root certificate with a few certificates generated from it. I've managed to create a self-signed certificate using openssl, and I want to use it as the…
StackedCrooked
  • 3,141
92
votes
5 answers

Can the telnet or netcat clients communicate over SSL?

I would like to test client connections with IMAP over SSL, HTTPS, and other secure text-based Internet protocols over SSL/TLS, the same way I would using telnet or netcat if they were not tunneled over a secure protocol. Is there a way to get…
user553702
  • 1,451
86
votes
7 answers

How to force Chrome to save passwords on self-signed or broken SSL?

I have searched for a way to do this and never found a good answer, though there have been tickets created in the past (#142818 & #405549). Apparently, the chromium devs never created a chrome://flags override for "broken" SSL with password saving.…
B. Shea
  • 1,388
83
votes
2 answers

Why do some websites show the company name next to the URL?

Some websites show the company name next to the URL (in Chrome) and some don't. How do I set this up for my website? Is there a reason why or why I wouldn't want to do this?
William Entriken
  • 2,304
73
votes
5 answers

Add permanent SSL certificate exception in Chrome (Linux)

I have a problem with a website that has an SSL certificate which doesn't correspond to the website domain. Chrome gives me a warning for this website (and rightly so), which I have to ignore manually. Every time I restart Chrome, I need to ignore…
raphink
  • 3,871
69
votes
12 answers

Why won't OS X trust GitHub's SSL certificate?

When I go to any github.com page in Chrome, I get a big ugly error: You attempted to reach github.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server…
Trevor Dixon
  • 916
65
votes
3 answers

Can I use another port other than 443 for SSL communication?

I have an application that communicates via SSL, however, Port 443 is already in use by an IIS instance on that same server. Can I use another port other than 443 for SSL communication?
dandaman12
  • 937
  • 1
  • 6
  • 9
60
votes
3 answers

"Private key is missing or invalid when importing a certificate" in Google Chrome

I want to test my web app on https localhost. Unfortunately it seems impossible to remove certificate warning from chrome. First, I generated the certificate like this: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout…
Maciej Kravchyk
  • 713
55
votes
6 answers

Enable TLS 1.1 and 1.2 for Clients on Java 7

Java 7 disables TLS 1.1 and 1.2 for clients. From Java Cryptography Architecture Oracle Providers Documentation: Although SunJSSE in the Java SE 7 release supports TLS 1.1 and TLS 1.2, neither version is enabled by default for client connections.…
jww
  • 12,722
54
votes
2 answers

OpenSSL CA keyUsage extension

I want to set up a chain of certificates, with a self signed 'root' CA at the top that signs sub CAs, which can then sign client and server certificates. When setting up openssl.cnf, I noticed a keyUsage parameter, which apparently needs to be set…
Robin McCorkell
  • 1,176
53
votes
4 answers

How to configure Chrome to ignore SSL warning on specific URLs?

I guess there no need to introduce the "Privacy error" page in Chrome that appears whenever one uses SSL to access an uncertified website that has no signed certificate (red "X" on the lock icon). I use SSL to access numerous personal locations…
voronoi
  • 941
1
2 3
99 100