Lines Matching refs:server
16 <li><a href="#SelfSigned">Self-signed server certificate</a></li>
51 <p>In a typical SSL usage scenario, a server is configured with a certificate containing a
53 and server, the server proves it has the private key by signing its certificate with <a
57 doesn't prove anything about the server other than that the server knows the private key that
60 server is not to be trusted.</p>
65 is essentially a server configuration change. This is especially problematic if the server
75 in each release. Similar to a server, a CA has a certificate and a private key. When issuing
76 a certificate for a server, the CA <a
78 the server certificate using its private key. The
79 client can then verify that the server has a certificate issued by a CA known to the platform.</p>
83 server you want. To address this, the certificate issued by the CA identifies the server
89 tool's {@code s_client} command looks at Wikipedia's server certificate information. It
95 the command asks for the subject, which contains the server name information,
111 <p>Assuming you have a web server with a
152 <li><a href="#UnknownCa">The CA that issued the server certificate was unknown</a></li>
153 …<li><a href="#SelfSigned">The server certificate wasn't signed by a CA, but was self signed</a></l…
154 <li><a href="#MissingCa">The server configuration is missing an intermediate CA</a></li>
158 connection to the server secure.
177 uses to validate certificates from the server
231 that your server certificate come from a trusted issuer.</p>
238 traffic through a proxy of their own that pretends to be your server. The attacker can then
243 always make your app trust the issuer of the server's certificate, so just do it.</p>
247 <h3 id="SelfSigned">Self-signed server certificate</h3>
250 due to a self-signed certificate, which means the server is behaving as its own CA.
255 this time trusting the server certificate directly. This has all of the
269 CAs don't sign server certificates directly. Instead, they use their main CA certificate,
272 trust only root CAs directly, which leaves a short gap of trust between the server
275 this, the server doesn't send the client only it's certificate during the SSL handshake, but
276 a chain of certificates from the server CA through any intermediates necessary to reach a
295 <p>This shows that the server sends a certificate for <em>mail.google.com</em>
300 <p>However, it is not uncommon to configure a server to not include the necessary
301 intermediate CA. For example, here is a server that can cause an error in Android browsers and
313 <p>What is interesting to note here is that visiting this server in most desktop browsers
314 does not cause an error like a completely unknown CA or self-signed server certificate would
320 example, they might have their main HTML page served by a server with a full certificate
327 <li>Configure the server to
328 include the intermediate CA in the server chain. Most CAs provide documentation on how to do
342 section. The focus of this section is the second part: making sure the server you are
358 <p>One reason this can happen is due to a server configuration error. The server is
360 that match the server you are trying to reach. It is possible to have one certificate be used
365 <em>*.android.com</em>, and others. The error occurs only when the server name you
370 server for more than one hostname with HTTP, the web server can tell from the HTTP/1.1 request
372 HTTPS, because the server has to know which certificate to return before it sees the HTTP
376 hostname to the server so the proper certificate can be returned.</p>
382 virtual host on a unique port so that it's unambiguous which server certificate to return.</p>
386 hostname of your virtual host, but the one returned by the server by default.</p>
391 server without your knowledge.</p>
486 someone other than the owner of the server or domain.</p>
507 supports the notion of client certificates that allow the server to validate the identity of a
543 as the attack engine itself which can be deployed as a router, VPN server, or