Convert x509/PEM SSL Certificate to PFX/P12 from Linux to Windows

OpenSSL is used for many things other than running encryption on a website. It is also used for the generation of CSR keypairs, and more importantly within this article converting.

The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions adapt these Italic name examples to your own files names for openssl commands.
Note: .pem, .cer, crt. are all the same type of x509/pem certificate only with different extensions.

Nginx no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking

Chances are this is not the first website you’ve come to after breaking SSL on your Nginx box, but I promise it will be the last. The problem is actually a very simple one, and the Nginx error log tells you verbatim what is wrong with the config, although nginx -t will yield success. Nginx reads and runs the sites in alphabetical order, therefore this issue can be fixed by finding and fixing the site config which is listening on port 443 and using ssl without any ssl certificate declarations which is causing your site further down the alphabetical line to fail HTTPS. In my case it was a Nginx site config called stub_status.conf causing SSL to fail in sysinfo.io.conf even though I did have SSL correctly setup.

PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2

With Edward Snowden’s shocking revelations that the NSA has for years been working to crack and subvert VPN encryption technologies, together with the fact that it is becoming increasingly obvious that most such technologies have been developed and certified by the US government’s National Institute of Standards and Technology (NIST), may therefore be considered suspect.

SSTP Windows VPN Client Error: The revocation function was unable to check revocation

If you are deploying SSTP VPN for Windows clients and get the error: “The revocation function was unable to check revocation because the revocation server was offline.”, you are most likely using your own internal PKI and the certificate used for SSTP does not have a Certificate Revocation List (CRL) accessible from the outside, so the client machine is failing checking whether or not the certificate has been revoked from the CA. If you simply want to bypass this, you can edit the registry on the client:

Using Let’s Encrypt with IIS on Windows

et’s Encrypt is a new open source certificate authority that promises to provide free SSL certificates in a standardized, API accessible and non-commercial way. If you’ve installed SSL certificates in the past, you’re probably familiar with the process of signing up for a certificate with some paid for provider and then going through the manual process of swapping certificate requests and completed requests.

    Advertisment ad adsense adlogger