Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
6
votes
2 answers

OpenSSL extension for PHP in Ubuntu?

I'm not sure how to recompile PHP with OpenSSL? I've been looking around the OpenSSL PHP page and the OpenSSL tutorials but I don't see any openssl.so or php-openssl.so around my server? Is there a simple package on apt-get channel so I can install…
MacMac
  • 2,061
  • 10
  • 31
  • 38
6
votes
1 answer

How do I find SSL enabled ports or SSL instances on Linux RHEL 5.3

I am trying to do an audit of SSL enabled ports/services running on our Linux RHEL 5.3 servers . I am trying to find which ports on our servers are SSL enabled. I am not sure how to find this .I need to know how to check which ports are using SSL…
Dominiqs
  • 167
  • 3
  • 7
  • 12
6
votes
1 answer

IIS 6.0 SSL handshake error

Hi all I installed a trusted certificate in an IIS 6.0 server. I have the port 443 opened in the firewall and I verified the server is listening on that port. However when verifying using openssl I get the following error $ openssl s_client -connect…
victor hugo
  • 588
  • 3
  • 8
  • 16
6
votes
1 answer

How to self-sign an SSL certificate for a specific domain?

I've followed these steps to create and sign my own SSL certificate: openssl genrsa -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt In Firefox, I…
hanna
  • 61
  • 1
  • 2
6
votes
4 answers

Installing 2 versions openssl simultaneously

I need to install 2 different versions of OpenSSL simultaneously. I am currently using Amazon EC2 with the Amazon 32-bit AMI, which currently runs OpenSSL 1.0.0a. I have an old piece of software that I need to run that requires OpenSSL.0.9.6.…
OldSpiceArcticForce
  • 93
  • 1
  • 1
  • 4
6
votes
1 answer

Upgrade openssl/mod_ssl on Mac OS X Server?

Context: I'm trying to set up an SVN server on a Mac OS X Server 10.6.7, and I'm running into the “SSL error parse tlsext” issue. I've tried changing the SSLProtocol option as described, but then I just get the "bad decompression" error. The other…
amrox
  • 133
  • 1
  • 7
6
votes
2 answers

Is it possible to use SSL without a domain name?

I am using a server with Debian, Apache 2 and OpenSSL installed. Is it possible to use SSL without a domain name for an internal network?
Z0q
6
votes
1 answer

HAProxy not passing SSL traffic in TCP mode (unknown protocol)

I've got a HAProxy LB solution setup and working correctly. All HTTP traffic on port 80 is being passed through succesfully. I'm now trying to get SSL traffic to work (in TCP mode and on just one server for now) however I keep getting the following…
outeredge
  • 391
  • 1
  • 2
  • 7
6
votes
3 answers

OpenVPN OpenSSL entry 22: invalid expiry date

I attempted to generate some OpenVPN keys for a new employee the other day. Same procedure as normal. Nothing has changed in this area for months. During the certificate generation I get the following error: Using configuration from…
Jake Wilson
  • 8,814
  • 29
  • 97
  • 125
6
votes
3 answers

OpenSSL 0.9.8k or higher on CentOS 5?

I need to upgrade OpenSSL on my CentOS server to 0.9.8k or higher, however the latest version in the official CentOS repositories is 0.9.8e, much too old. Is there a 3rd party repository I can use that has newer versions of OpenSSL libraries? If…
davr
  • 1,729
  • 3
  • 14
  • 25
6
votes
7 answers

OpenSSL x509 Purpose flag "Any Purpose" What is this?

Looking at the details of a certificate using the following: openssl x509 -noout -text -purpose -in mycert.pem I find a bunch of purpose flags (which I've discovered are set by the various extensions attached to a certificate). One of these purpose…
Nick
  • 203
  • 1
  • 2
  • 3
5
votes
1 answer

How do I sign a new FreeIPA Server's internal CA with my organizational internal CA?

My organization has an internal Certificate Authority (CA) which we have already generated many internal certificates and have installed on machines. I am setting up a FreeIPA LDAP/Kerberos server and after the initial install, it has generated an…
Josh
  • 9,190
  • 28
  • 80
  • 128
5
votes
1 answer

openssl verify error 2 at 1 depth lookup:unable to get issuer certificate

Openssl is telling me it can't verify my concatenated cert. I downloaded the intermediate cert from the issuer (AlphaSSL) and concatenated that with my domain cert I purchased (domain cert first, then the AlphaSSL intermediate cert) as instructed by…
L. Blanc
  • 151
  • 1
  • 1
  • 2
5
votes
1 answer

How to extract public key from a .der file in SubjectPublicKeyInfo format?

I have a public key that appears to be in the SubjectPublicKeyInfo format. I say "appears" because the only thing I know about this key that it loads a Java application using X509EncodedKeySpec which, according to documentation is used for loading…
Ya.
  • 175
  • 1
  • 1
  • 6
5
votes
1 answer

How to inherit the commonName to the subject alternative name

On my pc with Windows 10 installed, I have to use OpenSSL. I have downloaded the version 1.0.2n and following this guide: Creating an SSL Certificate with Multiple Hostnames I modified the openssl.cfg configuration file (located in…
Luca Sepe
  • 153
  • 1
  • 4
1 2 3
99 100