Adding basicConstraints without openssl.cnf I couldn’t see how to avoid using it entirely but using the default config and commenting out anything you set by commandline seems efficient enough. Utilize -addext which can be used multiple times Given an already-existing privkey.pem and with the caveat that e.g. /etc/ssl/openssl.cnf does not have conflicting instructions, the following … Read more
it is not a bug in EF Core 7.0, instead it is improved security. Microsoft suggest following 3 solution, which ever applies to you. install a valid certificate. Add TrustServerCertificate=True to the connectionstring Add Encrypt=False to the connectionstring Old behavior SqlClient connection strings use Encrypt=False by default. This allows connections on development machines where the … Read more
Not a definite answer but too much to fit in comments: I hypothesize they gave you a cert that either has a wrong issuer (although their server could use a more specific alert code for that) or a wrong subject. We know the cert matches your privatekey — because both curl and openssl client paired … Read more
Yes, of course. server { listen 80; listen 443 ssl; # force https-redirects if ($scheme = http) { return 301 https://$server_name$request_uri; } } Here is my post, name “Nginx Configuration for HTTPS” which contains more info.
Although this question was more specifically about IP addresses in Subject Alt. Names, the commands are similar (using DNS entries for a host name and IP entries for IP addresses). To quote myself: If you’re using keytool, as of Java 7, keytool has an option to include a Subject Alternative Name (see the table in … Read more
When the server sends the “Server Hello” message, it can include a session identifier. The client should store it and present it in the “Client Hello” message of the next session. If the server finds the corresponding session in its cache and accepts to resume the session, it will send back the same session identifier … Read more
Custom domains on GitHub Pages do support HTTPS / SSL: GitHub Pages has supported custom domains since 2009, and sites on the *.github.io domain have supported HTTPS since 2016. Today, custom domains on GitHub Pages are gaining support for HTTPS as well, meaning over a million GitHub Pages sites will be served over HTTPS. https://blog.github.com/2018-05-01-github-pages-custom-domains-https/ … Read more
After hours of debugging, I eventually found the problem; as I was messing around with the configuration of my XMPP server, I had re-generated the SSL certificates for the XMPPd. Since I was using self-signed certificates, this would cause an SSL error. Because I had visited that same URI over HTTPS before, I’d already manually … Read more
Yes, compression can be used over SSL; it takes place before the data is encrypted so can help over slow links. It should be noted that this is a bad idea: this also opens a vulnerability. After the initial handshake, SSL is less of an overhead than many people think* – even if the client … Read more