What is CA certificate, and why do we need it?

A CA certificate is a digital certificate issued by a certificate authority (CA), so SSL clients (such as web browsers) can use it to verify the SSL certificates sign by this CA. For example, stackoverflow.com uses Let’s Encrypt to sign its servers, and SSL certificates sent by stackoverflow.com mention they are signed by Let’s Encrypt. … Read more

SSLHandshakeException: Received fatal alert: handshake_failure when setting ciphers on tomcat 7 server

Well, I got this issue solved. It appears that by creating a self-signed certificate, using keytool, without providing -keyalg parameter makes the key-pair algorithm default to DSA. None of my ciphers suite included DSA algorithm. In that case, although the client and the server had intersection between their cipher-suites, neither was suitable for the key … Read more

How to connect to database with SSL in google apps script?

I can confirm that I can connect to a MySQL database with SSL within Google Apps Script. It’s important to note useSSL=true is indeed necessary I was able to get it working by following the example at https://issuetracker.google.com/issues/36761592#comment18 (relevant snippet repeated below): var conn = Jdbc.getConnection(‘jdbc:mysql://<ip address>/<db name>?useSSL=true’, { user: ‘<user>’, password: ‘<pass>’, _serverSslCertificate: ‘—–BEGIN … Read more

Generating client side certificates in browser and signing on server

Yes, it’s possible. There are no cross-browser solutions, though. For Internet Explorer, you will have to use some ActiveX controls using X509Enrollment.CX509EnrollmentWebClassFactory or CEnroll.CEnroll, depending on whether it’s running on Windows XP or Vista/7. This will generate a PKCS#10 certificate request (which you may need to wrap between the traditional delimiters. For the rest, you … Read more

curl: Unknown error (0x80092012) – The revocation function was unable to check revocation for the certificate

I’ve been using curl through a mitm proxy for pen-testing and getting the same issue. I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this: curl “https://www.example.com” –ssl-no-revoke -x 127.0.0.1:8081 The -x parameter passes the proxy details – you may not need this. … Read more

Self-signed SSL Cert or CA? [closed]

There’s a common misconception that self-signed certificates are inherently less secure than those sold by commercial CA’s like GoDaddy and Verisign, and that you have to live with browser warnings/exceptions if you use them; this is incorrect. If you securely distribute a self-signed certificate (or CA cert, as bobince suggested) and install it in the … Read more

SSL Certificate add failed when binding to port

I had the same error. The first time it occurred, as Micheal said, I had to move the certificate under Certificates(Local Computer) –>Personal –>Certificate folder. I had the same error when I imported the same certificate on another machine. The reason was that I was using certmgr.msc to import the certificate. . The window opened … Read more