My customer uses a self signed certificate for an application to work. To be able to work, I have to install the root certificate they used to sign the certificate.
Is it possible to configure a root certificate so it only validates towards one domain ?
I am using Windows and have been given a .cer file. How can I view the details of it?
We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently.
Now, when Exchange tries to deliver mail to the client's server, it logs the following:
A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list.
Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best.
The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority.
Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.
I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer anything like that and that she didn't think it was possible anyway.
Can anyone tell me if this is possible, and if browsers support this?
I am responsible for maintaining two Debian servers. Every time I have to do anything with security certificates, I Google for tutorials and beat away until it finally works.
However, in my searches I often come across different file formats (.key, .csr, .pem) but I've never been able to find a good explanation of what each file format's purpose is.
I was wondering if the good folks here at ServerFault could provide some clarification on this matter?