Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
7
votes
5 answers

"Issued certificate not yet valid." with wget?

I am getting the following error when using wget to fetch a file: Issued certificate not yet valid. To connect to www.atlassian.com insecurely, use ‘--no-check-certificate’. Testing with openssl returns a similar message: Verify return code: 9…
AXE Labs
  • 1,549
  • 5
  • 19
  • 24
7
votes
3 answers

Dovecot error: ssl enabled, but ssl_cert not set

I've been trying to get Postfix and Dovecot set up for days and I think I have resolved all problems except for one that just came up. When I try to restart Dovecot I get the following error message: doveconf: Fatal: Error in configuration file…
Steve
  • 71
  • 1
  • 2
  • 4
7
votes
1 answer

Openssl error 19: “Self signed certificate in certificate chain” when keyed by GoDaddy

Can someone help me understand how to verify that my SSL cert is installed properly (or troubleshoot why it isn't)? I installed GoDaddy SSL certificate on my Apache server. Some users are still reporting issues (Some versions of IE say "This page…
Ben Allfree
  • 71
  • 1
  • 1
  • 2
7
votes
2 answers

Can't make httpd use correct SSL

I have a signed CA, issued by my university. I generated my CSR using their public key file as so: openssl genrsa -out myservername.key 2048 (new key) openssl req -new -key myservername.key -out myservername.csr I sent them the CSR, they sent me…
monkeymatrix
  • 167
  • 1
  • 2
  • 7
7
votes
3 answers

Error when trying to start Apache after installing SSL cert

I am trying to install an SSL certificate, and I get the following errors: AH02241: Init: Unable to read server certificate from file /path/my.crt SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag SSL Library Error:…
chris
  • 3,993
  • 6
  • 28
  • 37
7
votes
3 answers

How do you specify the key size of a Certificate Signing Request?

I'm trying to generate a CSR with godaddy. I used the following commands to create the certificate: openssl req -new -nodes -keyout server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt But when I…
Kevin K
  • 183
  • 1
  • 1
  • 4
7
votes
2 answers

No common encryption algorithm(s) (ssl_error_no_cypher_overlap)

My clients are reporting this error. I cannot reproduce it. What's more, I cannot detect any flaws: http://www.digicert.com/ http://www.ssltest.net/ https://www.ssllabs.com/ssldb/ all report dev.anuary.com to have a valid cert. I've Google(ed) for…
Gajus
  • 851
  • 5
  • 16
  • 28
7
votes
1 answer

Choosing the encryption algorithm used by OSX ssh-keygen

I have several users that use SmartCVS on OSX to interact with our CVS repository. We use the cvs :ext: (SSH2) method to access the repository, which is stored on a remote linux system. We use ssh key authentication, and require that users encrypt…
EEAA
  • 109,363
  • 18
  • 175
  • 245
6
votes
1 answer

pkcs12: import password and PEM password

Why does openssl is requesting me two passwords in order to get -info of a pkcs12 key? It's requesting me Import Password and PEM Pass Phrase: ➜ front git:(master) ✗ openssl pkcs12 -info -in front.p12 Enter Import Password: MAC: sha1, Iteration…
Jordi
  • 261
  • 1
  • 7
  • 15
6
votes
0 answers

Remotely Monitoring RDP Certificate

We use OpenSSL on a CentOS 6 server to monitor the certificate on servers for RDP. To do this we use: openssl s_client -connect SERVER01:3389 -prexit This has worked flawlessly until 4 days ago, when it suddenly stops showing that a cert is used and…
neildeadman
  • 684
  • 4
  • 20
  • 34
6
votes
1 answer

OpenSSL keeps telling me 'unable to get local issuer certificate'

I'm using CentOS, which has OpenSSL 1.0.2k-fips installed, and I've built and installed version 1.1.0g alongside it as part of a HTTP2 install outlined here: https://www.tunetheweb.com/performance/http2/ I've been using the 1.1.0g fine, but lately I…
kasimir
  • 203
  • 1
  • 3
  • 11
6
votes
1 answer

openssl certificate chain lost when converting from pem to der

I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem It has 2 certificates in the chain: keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l 2 When I convert it to .der using openssl x509 -in…
ArticIceJuice
  • 83
  • 1
  • 1
  • 4
6
votes
2 answers

Is it possible to generate openssl configuration file from an existing x509 certificate?

I am looking for a way to restore openssl configuration from an X509 certificate (or a csr). I know it's possible to look at the certificate and manually reconstruct the config file but it's unreliable and requires too much labor :P. Any…
cyc115
  • 163
  • 6
6
votes
5 answers

IMAP connection with Dovecot keeps failing (time-out)

* TLDR ; if you have connection problems, not only make sure you have added the required rules to your firewall, but also make sure ($ iptables -L -v) that the rules are in the correct order! * It's been a few days now, and I can't figure out why…
TomDogg
  • 113
  • 1
  • 8
6
votes
1 answer

OpenSSL - Add Subject Alternate Name (SAN) when signing with CA

How can I add a Subject Alternate Name when signing a certificate request using OpenSSL (in Windows if that matters)? I've generated a basic certificate signing request (CSR) from the IIS interface. Now, I'd like to add several subject alternate…
mechgt
  • 73
  • 1
  • 1
  • 6
1 2 3
99 100