Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
6
votes
2 answers

MySQL SSL error, only when connecting from windows/osX

I am using openssl to generate ssl certificates that I am using to connect to mysql with SSL encryption. This works fine while I am connecting from the local host environement (even when I connect over the servers public IP, I have also connected…
Josh Moore
  • 263
  • 3
  • 6
  • 14
6
votes
3 answers

openshift : unable to write 'random state'

I am trying to generate a CSR using openssl on openshift. I have been encountering this when I run the command using SSH. openssl genrsa -des3 -out myApp.key 2048 Generating RSA private key, 2048 bit long…
R.W
  • 161
  • 1
  • 1
  • 4
6
votes
1 answer

how can I use openssl to download my ldap cert over port 389 instead of 636 (TLS)?

I've used to use the following command to download my server SSL certs from LDAP in order to add them to tomcat/java keystores: openssl s_client -connect 10.140.136.192:636 Since LDAP SSL (port 636) has been deprecated, I don't have port 636…
Server Fault
  • 3,714
  • 12
  • 54
  • 89
6
votes
2 answers

How to fix Logjam vulnerability with MySQL

Since the latest openssl upgrade on my Debian server, my mysql clients are unable to connect and give the following message SSL connection error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small I guess this is to prevent…
Lætitia
  • 2,085
  • 22
  • 33
6
votes
1 answer

How to install the latest version of OpenSSL on Ubuntu?

I see that the latest security patches are not yet available from apt-get install openssl on Ubuntu 14.04. What steps do I need to take in order to install the latest OpenSSL without conflicting with my previous installation through apt-get?
Andrew
  • 3,453
  • 9
  • 33
  • 36
6
votes
2 answers

Wildcard certificates with short hostnames?

I'm trying to generate a certificate with the following subjectAltName: hostname *.hostname hostname.mydomain.local *.hostname.mydomain.local I generate the CSR via OpenSSL and then get the certificate from Microsoft Active Directory Certificate…
Jakov Sosic
  • 5,267
  • 4
  • 24
  • 35
6
votes
2 answers

In nginx error log: "SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback"

We recently changed our nginx config to support TLSv1.2 as well as a number of more secure ciphers. Since the change, our nginx error logs have been filled with the following errors: 2015/01/28 23:55:57 [crit] 16898#0: *18712916 SSL_do_handshake() …
EricR
  • 213
  • 1
  • 3
  • 10
6
votes
2 answers

Sendmail messages rejected from Microsoft when using TLS

I'm going to preface this with a statement that I am no expert in sendmail. I rarely use it, but in this situation I have to for my client. Background: A client of mine has a mail server running Debian 7.7, Sendmail 8.14.4, and OpenSSL 1.0.1e. It…
Eric J
  • 63
  • 1
  • 1
  • 4
6
votes
1 answer

Allow users to install certificates in their home directory?

Usually SSL certificates are installed system-wide (e.g. in /etc/ssl/certs). Is it possible to configure OpenSSL in a way that allows user to put certificates in their home directory (for example in ~/.ssl/certs)? A use-case could be a user that…
David Costa
  • 628
  • 6
  • 21
6
votes
3 answers

Extract key from JKS keystore to use with apache2 and tomcat

I have a keystore in JKS format and I want to use that with apache2. How can I export the key and the certificates (that i already chained) out the JKS in a easy way? I found many answers out there but seems that no one has my problem... (or the…
CappyT
  • 183
  • 2
  • 3
  • 12
6
votes
1 answer

Why do I get different openssl versions?

I'm trying to check if I running the latest OpenSSL version, my main concern is the heartbleed bug. I tried 2 commands: openssl version yum info openssl openssl version output OpenSSL 1.0.1e-fips 11 Feb 2013 yum info openssl output Installed…
CoCoMonk
  • 163
  • 1
  • 4
6
votes
3 answers

Haproxy SSL handshake failure

I have a problem with one specific client which hits my haproxy load balancer. The error message in the haproxy logs:] incoming_ssl/1: SSL handshake failure The client in question seems to be some Apache Java client or ActiveMq server - either way,…
simonmorley
  • 119
  • 1
  • 1
  • 5
6
votes
1 answer

error: Cannot find OpenSSL's centos 6.3 (install php)

I have a problem during the intallation of php 5.3.27. When I launch the. / Configure I get this error and does not complete the installation. Configuring extensions checking size of long... (cached) 8 checking size of int... (cached) 4 checking…
user201202
  • 61
  • 1
  • 1
  • 2
6
votes
1 answer

Should I include the root CA cert when making a chained cert

I am using Godaddy cert, normally I would concat the cert and make into a chained cert cat www.example.com.crt sf_bundle.crt > chained.cert And in my nginx.conf, ssl_certificate chained.cert In the browser I see the chain as…
Howard
  • 2,135
  • 13
  • 48
  • 72
6
votes
1 answer

Does openssl always encrypt the private key?

When using openssl 0.9.8 to create a new self-signed cert+key, there is a -nodes parameter that can be used to tell openssl to not encrypt the private key it creates. For example: openssl req -x509 -nodes -days 365 \ -subj…
Stéphane
  • 456
  • 1
  • 7
  • 16
1 2 3
99 100