SSL Certificates

Use OpenSSL to manage PKCS #12 archive.

Match certificate and its intermediate counterpart by using X.509 key identifier extension.

Use openssl utility to display and verify the certificate chain for a specific domain.

Match certificate and its private key by comparing the modulus of the certificate to the modulus of the private key.

Use openssl command-line utility to display TLS server extensions.

Use essential openssl utility to quickly determine if your web-server still supports deprecated TLS 1.0 protocol.

Create custom data field to define multiple domain names and service apply rule to verify those SSL certificates.

Check locally stored SSL certificate using essential utilities like openssl and curl. This knowledge is especially useful when you want to prepare an SSL certificate for a load balancer.

Create a certificate signing request and use it to generate an SSL certificate. I strongly suggest reading my two earlier blog posts about self-signed SSL certificates and private keys as these contain useful information. I will describe three different ways to generate a certificate signing request.

Generate private key for an SSL certificate and verify its consistency.

Use openssl command-line utility to calculate and display days till the certificate expiration.

Use openssl command-line utility to display common name, certificate issuer, alternative names, start/end dates.

I described a simple way to generate self-signed SSL certificate using command-line two weeks ago. So, today I will share very useful trick for MacOS users which is a shell script to import self-signed certificate to macOS system keychain using command-line.

Today I will show you how to quickly generate ready to use self-signed SSL certificate for nginx HTTP server using command-line. It is a very handy ability that will allow you to perform various tasks locally or in home laboratory without touching dedicated certificates.

I am using Let’s Encrypt certificates for several services with great success. It is easy, reliable and very straightforward service. I will share with you my personal setup used to secure AWStats statistics page as a simple example.

This weekend, I have spent some time investigating SSL certificate-based authentication and implementing it in Kolab web-based user interface. This topic is fascinating but definitely too broad to be briefly described in a single blog post, so do not look at it as a complete solution, but treat it only as a proof of concept.

Certificate could not be verified error.

Getting an SSL certificate from Gandi is a straightforward task.