As @Inkeliz has already spoken, the question is that the certificate sent by the server is actually not a certificate, but a certificate chain. The certificate itself is not signed directly by the certifying agency, but by an intermediary agency. However, the browser only knows the certifying agencies, so it is necessary to create a current of public keys until it reaches the signature of the root certificate.If you need more details, there is https://www.ibm.com/support/knowledgecenter/pt-br/SSFKSJ_8.0.0/com.ibm.mq.sec.doc/q009940_.htm , which explains in more detail the TSL security process.

I did the following test:I used an application to query status of SEFAZ MG in the homologation environment with .NET Framework 2.0 without changing the protocol to TLS 1.2.I opened Wireshark and activated a packet filter for TLS 1.2 protocol this way:ssl.record.version == 0x0303 The result was that no package was displayed, i.e. it did not transmit with protocol TLS 1.2.Then I changed the code to use TLS 1.2. In .NET 2.0, you do not have the constant in the enumeration, but you can do the equivalent as follows:System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; When running the application with this change, Wireshark displayed packages account a SEFAZ IP with the TLS 1.2 protocol. Conclusion: This is the only necessary change.

Follow this translated answer from another question in the https://stackoverflow.com/questions/2292495/what-is-the-difference-between-a-cer-pvk-and-pfx-file: :What is the difference between a cer, pvk and pfx file?Windows uses the extension . cer for an X.509 certificate. These can be in "binary" (ASN.1 DER), or can be encoded with Base-64 and have an applied header and footer (_). Windows will also recognize. To verify the integrity of a certificate, you must check your signature using the public key of the issuer ... which is, by your time, another certificate.Windows uses .pfx for a file PKCS #12. This file may contain a variety of cryptographic information, including certificates, certificate chains, root authority certificates and keys private. Your content can be encryptedly protected (with passwords) to keep private keys and preserve the integrity of the root certificates.Windows uses .pvk for a private key file. I don't have sure that default (if any) Windows follows for these. We hope Keys PKCS #8 coded.You should never reveal your private key. These are contained in files .pfx and .pvk.Generally, you only exchange your certificate (. cer) and certificates any intermediate broadcasters (i.e. certificates of all yours CA'sexcept the CA root) with other parts.

Good afternoon I was with this problem so I entered the (seudominio.com/)wp-admin/options.php and changed the "woocommerce_force_ssl_checkout" function from "no" to "yes"

If the endpoint is an https it is not good to just seal the properties and add the DLLs.It is necessary to inform the component which component responsible for managing SSL. Necessary to inform the property IOHandler the TIdHTTP

I found the mistake. If you get a bug like this all you have to do is find a VPN from the country where the FTP is located.Example: My FTP is in Germany because with a VPN you change the ip to a German and it would be solved

The OP says: I've managed to make it work. SOLUTION: Download the latest versions of all the PEAR modules.

Solid. The problem was that there were two "Connectors" specified in the server.xml file when there was only one.The server.xml file would remain:<?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> &lt;Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" redirectPort="80"&gt; &lt;SSLHostConfig&gt; &lt;Certificate certificateKeyFile="ssl/private.key" certificateFile="ssl/certificate.crt" certificateChainFile="ssl/ca_bundle.crt" type="RSA" /&gt; &lt;/SSLHostConfig&gt; &lt;/Connector&gt; &lt;Engine name="Catalina" defaultHost="localhost"&gt; &lt;Realm className="org.apache.catalina.realm.LockOutRealm"&gt; &lt;Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/&gt; &lt;/Realm&gt; &lt;Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"&gt; &lt;Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &amp;quot;%r&amp;quot; %s %b" /&gt; &lt;/Host&gt; &lt;/Engine&gt; </Service> </Server>

I was able to solve the problem, but it wasn't a mistake with the security certificate, I don't know why I threw that mistake. The detail was that my route was wrongly written.I was like that.[Route("api/[controller]")] when he must be like this[Route("[controller]")] That's why when you enter the site https//:dominio/api/Datos I didn't find it since I detected it this way. https//:domain/api/Datos. The mistake was actually a 404, but I don't know why I'm a certified error.

HTTPS is HTTP-within-SSL (SSL is now known as TLS). The SSL layer provides security for data in transit in the following sense: Eavesdroppers on the line cannot make (much) sense out of what they observe (confidentiality). The client has some strong guarantee that it talks to the server it believes it is talking to, not an impersonator (authenticity). Any alteration of data while it travels from client to server or back will be reliably detected by the recipient (integrity). HTTPS does not do anything beyond the security of the data transfers. If your Web site does dumb things with the received data, e.g. allowing an SQL injection attack to happen, then HTTPS will in no way prevent it. Additional cryptographic algorithms would not help either. Cryptography, as a rule, provides some features which are very convenient for building up security, but they don't suffice. Piling up algorithms won't make your site "arbitrarily secure" in the same way that adding extra engines will make your car faster, especially if it does not have wheels. A car with no wheel will not go far, even if it has the biggest engine ever, and even if you then add an extra engine. Similarly, HTTPS will not grant automatic protection against everything, and it is not a matter of "not enough algorithms applied". Also, careless application of multiple cryptographic algorithms has been known to degrade performance (very often) and also to degrade security (less often, but often enough to be a concern). In the car analogy, an extra engine can make your car slower if you plug it backwards, making it oppose the movement from the main engine.

Google is not using HSTS enforcement. Neither in preloading nor headers. The preloaded HSTS entry in Chrome is set to "OPPORTUNISTIC" which basically means "unenforced", though it contains a set of allowed certificate hashes to prevent MITM. Google's redirect to https depends on browser detection criteria, such as user-agent. I don't know precisely what criteria they check, but for example browsing google.com using Links does not redirect to https, and searching over unencrypted channels is still allowed, though browsing from Chrome will redirect (with a 302) to https. Furthermore, many URLs on the domain are not redirected to https no matter what browser you use. For example: http://www.google.com/services/ Their reason for not requiring SSL is not explicitly documented anywhere, but it probably has to do with the fact that doing so might "break things" -- albeit poorly-written things, most likely. The current trajectory seems to point toward migrating all of Google over to SSL, but they're doing so one piece at a time. My best guess would be to expect HSTS enforcement within 5 years. The cache-control difference reflects the fact that Google's homepage is static, while Twitter's is constantly updated with new tweets. Google allows the browser to (privately) cache the search box splash page for a limited time, but twitter requires a reload in order to fetch the latest batch of deep philosophical insights from all your Twitter friends. As for cache-related information disclosures; I'm not aware of any. The Google homepage contains no personal information unless delivered over HTTPS (in which case you get that bar at the top), which limits disclosure potential.

A certificate is signed, which means that not a single bit can be changed in it without breaking the signature. Certificates are immutable. When you want to "change the key" or "change the validity dates", then you need a brand new certificate. Renewal is a business concept; at the X.509 level there is a certificate, and then there is another one, and both live independently of each other. A certificate contains a name and a public key. The same public key may appear in several certificates; there is no technical rule that forces a new key pair generation whenever a new certificate is issued. There can be legal or business rules, though: a CA is supposed to follow its published certification policy, and that policy may mandate a new key pair for a certificate renewal. We may note that when a CA wants to "renew" a certificate without changing the public key, then it can do it by itself: the CA already knows everything which goes into the new certificate. Thus, that kind of renewal can be done automatically without needing to talk to the certificate owner at all. Not all CA do that. For each public key, there is a corresponding private key. The private key, formally, is the knowledge of the mathematical elements which allow to run the "private key operations" (signature generation, asymmetric decryption). Mathematically, this knowledge can be encoded in various ways. In RSA, the public key is a pair of big integers: the modulus n the public exponent e The modulus is a product of two big prime integers p and q. The private key is, really, the knowledge of p and q. However, in practice, the private key is encoded as several big integers: the modulus n the public exponent e p q the private exponent d dp = d mod p-1 dq = d mod q-1 1/q mod p The "private exponent" is a value d such that e·d = 1 modulo both p-1 and q-1. It so happens that there are several (actually, infinitely many) possible values for d, for a given public key (n,e). This is what others have pointed out: you can have "several" private keys for the same public key. However, I may argue that all these private keys are in fact several representations of a unique "true" private key, which is the knowledge of p and q. All these so-called private keys will compute the same things for the same inputs, and produce the same outputs. Really, there is only one private key. (Mathematically, looking for equivalent values for dp and dq has been employed to gain some performance on some low-power architectures, namely smart cards; the trick is that making dp slightly longer can imply a performance improvement if the longer value has a lower Hamming weight.) So I'd say that you can forget this notion of "changing the private key without changing the public key". It adds only confusion. Finally, the public key of a SSL server is in the server's certificate, which is public and sent to the client. If the client remembers the last certificate used by a given server, then it can certainly report when that certificate is changed, and what has changed exactly. In particular whether the public key is the same as previously, or another one. There is a Firefox add-on for that. Note that certificates which change are a normal occurrence on the Web, not only for renewals (CA who sell certificates like it a lot when they can sell more certificates, and that's a primary driver for the short life times of existing server's certificates) but also for multi-frontends: when a server is hosted on several machines with load-balancing, each machine may have its own certificate, distinct from the certificates of other frontends.

redirect as @Terry mentioned is ok, but will not work if users use bookmarks and you want to make them available also in HTTPS: dont forget to use HSTS-Headers Solution using .htaccess only (untested) (see apache-wiki) you can skip the %{HTTP_HOST} - condition if you use a - config for each virtual host and no catchall/regex-servernames --- first solution RewriteCond %{HTTP_HOST} sub\.abc\.com RewriteCond %{HTTPS} !=on RewriteRule ^/(.*)$ https://sub.abc.com/$1 [r=301,L] --- 2nd solution RewriteCond %{HTTP_HOST} sub\.abc\.com RewriteCond %{SERVER_PORT} ^443 RewriteRule ^/(.*)$ https://sub.abc.com/$1 [r=301,L] Solution using Rewrite-Rule and with working deep links / server-config (prefered by official docs): ServerName sub.abcd.com RewriteRule ^/(.*) https://sub.abcd.com/$1 [R=301,L] ServerName sub.abcd.com Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Strictly speaking, the server can send an arbitrary number of certificates to the client, as part of its Certificate message. However, as the standard says: The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Therefore, a really compliant server cannot send a choice of certificates to the client, and cannot expect clients to use any other certificate than the first one they send. For signature algorithm support, there is a standard TLS extension specified in section 7.4.1.4.1, by which the client can tell to the server, early in the handshake (in the ClientHello, which is the very first message of the procedure), which hash functions and signature algorithms it supports. This allows a server who owns, for instance, both a RSA-signed certificate and an ECDSA-signed certificate, to send one or the other, depending on what the client supports. This is typical of how things go in TLS: the client suggests, the server chooses. (In practice, support for this extension is not yet widespread. But, also in practice, everybody uses RSA and supports RSA.)

There is no known bad side-effect to sharing the same DH parameters with other people / servers. This is in fact the common case in elliptic-curve DH, because generating your own curve is substantially more difficult than generating your own prime modulus for classical DH, and usual implementation of elliptic curves are tied to a specific curve or a small set of curve (because this is easier and more efficient to write that way). There has been some theoretical concern about how an attacker might invest a lot of work into "breaking" discrete logarithm modulo a specific prime and then reusing the intermediate calculations to quickly break many DH instances which work modulo that specific prime. In that sense, reusing common DH parameters might imply an extra power of nuisance for the attacker. But this kind of cost sharing does not work for all DL-breaking algorithms, and this also assumes that the attacker could break DL modulo the prime, i.e. that the prime was too short or "special form". This would be a much more pressing reason not to use that prime: not that it is shared, but that it is weak. Thus, using existing, shared DH parameters is not a problem as long as you can make sure that the said parameters have not been specially "cooked" to allow for a fast(er) break. This usually means that the generating algorithm has been fully specified and can be verified to have been faithfully followed (e.g. see these ones). Using custom DH parameters should work with all clients, because there is no implementation advantage to tying an implementation to a specific modulus (contrary to elliptic curves). As long as your modulus fits in the size requirements of a specific implementation, things ought to be fine (some older implementations have trouble with sizes beyond 1024 bits; other won't like a modulus whose size is not a multiple of 32 or 64 bits).

Security: if you don't do stupid things like using a 512-bit RSA key, these cipher suites are all equally secure: they are all very far in the "cannot break it" zone. So that's a meh. You cannot say that one is more secure than any other. With an exception though: the "ECDHE" suites use an ephemeral key pair for actual encryption; since the corresponding private key is never stored in a file, this grants a nifty property known as Perfect Forward Secrecy. Basically it makes communications immune to attackers who steal a copy of the server private key after the fact. PFS looks good in technical audits. Performance issues exist only after having been duly measured. As Knuth said: Premature optimization is the root of all evil. So you should not ask such questions; you should try it out and measure. In any case, answer will depend a lot on the context: involved machines, bandwidth, usage patterns... Short answer: won't matter. Long answer: The "GCM" cipher suites use GCM; the non-GCM cipher suites use AES in CBC mode and an extra HMAC (here, with SHA-384). Performance issues depend on the involved systems: On small 32-bit systems (embedded ARM...), the MAC part of GCM will be expensive, but so will SHA-384 (because 64-bit computations...); I'd guess a tie. On PC, AES cost will dominate; ... except on very recent PC with AES-NI, where AES is very fast, and so is GCM. So the GCM cipher suite should, usually, be a better bargain. However, it takes a lot of bandwidth, or a very small CPU, to actually notice the difference. Even without AES-NI, a normal server has enough juice to do SSL at full gigabit bandwidth, with CPU to spare. For the asymmetric cryptography part: The ECDHE suites imply on the server an (elliptic-curve) Diffie-Hellman and a signature for each full handshake, whereas the ECDH cipher suites require only the elliptic-curve Diffie-Hellman, and half of that one is already done. ... But a normal PC will crunch through thousands of those per second and per code, so this very rarely matters. ... Especially since normal SSL clients reuse SSL sessions, which means that the asymmetric cryptography occurs only for the first ever connection of the day from a given client. ECDSA signatures are faster than RSA signatures. ... Depending on key sizes, of course. ... But for verification, this is the other way round. ... And, again, it takes an awful lot of new clients per second for this to actually matter. A normal PC will do hundreds of 2048-bit RSA signatures per seconds, thousands of 256-bit ECDSA signatures per second. ECDSA signatures are shorter than RSA signatures, so this saves a bit of network (but, again, only a few dozen bytes per full handshake). DHE and ECDHE cipher suites also imply a few dozen extra bytes per full handshake. DHE is like ECDHE but without the elliptic curves. You need it to use bigger mathematics to achieve the same security levels (2048-bit modulus instead of a 256-bit curve point), so it is like RSA vs ECDSA: a bit bigger, a bit slower, won't matter in practice. So, really, you will not make a useful distinction based on security or even performance. In fact, you are already making a fashion statement, by insisting on AES-256 (instead of AES-128) and SHA-384 (instead of SHA-256). You may as well keep it on and bring it to its logical conclusion: use as much GCM and elliptic curves as possible ! This will grant brownie points from impressionable auditors.

My guess is that the DH parameters used for your DHE cipher suites use a 1024-bit modulus. (I must say that this "scoring" is completely arbitrary and not very rational; awarding 128-bit symmetric keys a grade lower than the one for 256-bit symmetric keys makes sense only if 128-bit keys can be considered somehow "breakable" in the foreseeable future, which is a rather preposterous assertion.)

(This is a software configuration issue, I sense a relocation to superuser.se coming up...) There are two pre-requisites for this configuration to work: Openssl-1.0.1 (yes) httpd-2.2.23 (no!) Sadly, the SSLProtocol documentation doesn't state the require httpd version (though it is noted in the comments section, right at the bottom of the page). The code is a little convoluted: it iterates over the list of protocols it's aware of, and eliminates those that you didn't enable. This explains the behaviour you see. The code up to and including httpd-2.2.22 does not parse "TLSv1.1" or later (see modules/ssl/ssl_engine_init.c and modules/ssl/ssl_private.h).

SSL and certificates don't actually know what a "domain" is. When a client (e.g. Web browser, or an application which calls a Web service) connects to a SSL server, it will look at the server's certificate (as sent by the server itself) and will accept it only if the certificate contains the intended server name. If the client wants to talk to https://www.example.com/foo.html, then the client will require that the certificate contains www.example.com. A "domain certificate" is a fancy name for a certificate which contains the name *.example.com, also known as wildcard certificate. The client will consider it as good enough if the intended server name is anything.example.com for any value of anything. No part the whole thing has any awareness of the "domain" as a whole. Server foo.example.com will not mind that bar.example.com uses or does not use SSL, regardless of any certificate contents; and any client connecting to foo.example.com will be interested only in what it finds in the certificate sent back by that server; and it will be interested only in whether foo.example.com appears as a name in the certificate, as such or under the guise of a wildcard name.

Your objective is to drive in a screw, and you want to use a hammer because you have one handy and it's easy to use. I'm afraid the most likely outcome is a sore thumb. TLS is fundamentally about point-to-point security. It is only attached to the connection, not to the data. Email, on the other hand, is fundamentally designed to bounce through multiple hops. While the hops do leave a stamp tracing their actions, you would be dependent on the hosts to not be malicious (each hop can fake the whole message including the stamps of its predecessors), to not be fooled (e.g. into misauthenticating their predecessor), and to leave the stamps that you expect. You can give the recipient confidence that the message was transmitted securely by delivering a signed, encrypted message produced by the sender. TLS is not useful for this. RFC that can help you include RFC 3156, RFC 4880 (OpenPGP Message Format), RFC 5750 and RFC 5751 (S/MIME). In other words: use PGP or S/MIME.