Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
5
votes
1 answer

Nginx Embedded Variables - How do you get the domain name used in a request?

When using multiple domain names for one server, how do you get the domain name currently being used in a request? I'm using the embedded variables for Nginx in it's configuration file. I've set up OpenSSL and have a redirect that works fine for my…
Forrest Wilkins
  • 153
  • 1
  • 1
  • 7
5
votes
0 answers

How to add a friendly name in a x509 certificate or pkcs#7 with OpenSSL

I would like to know if it is possible to insert a friendly name in a generated certificate, or in a p7 file. I found that is possible with a p12 file with -name option, but it seems to be impossible with a certificate or a p7... For information,…
agentn
  • 51
  • 1
  • 2
5
votes
2 answers

How to verify signature on a file using OpenSSL with custom engine

Update Dec 28, 2017 – 3: The author of OpenSSL DSTU module kindly provided patch to OpenSSL+DSTU implementation with a fix for the issue, and assisted further. I was able to accomplish what I need first with this command: ./apps/openssl smime…
oldhomemovie
  • 231
  • 2
  • 5
5
votes
2 answers

Create Code Signing Certificate on Windows for signing PowerShell scripts

According to this guide I tried to create a certificate for signing PowerShell scripts: CD C:\OpenSSL-Win32\bin REM Create the key for the Certificate Authority. 2048 is the bit encryptiong, you can set it whatever you want openssl genrsa -out…
Antineutrino
  • 153
  • 1
  • 1
  • 4
5
votes
1 answer

OpenSSL error while loading CRLnumber

I am unable to generate a CRL. I am probably missing something in the configuration file. The error I get is "openssl error while loading crl number." Crl config section: [ CA_default ] # Directory and file locations. dir =…
Moutabreath
  • 53
  • 1
  • 1
  • 7
5
votes
2 answers

nginx with 384-Bit Ecc Certificate and openssl but curve secp256r1 not usable

Im using nginx 1.11.7 with Openssl 1.1.0c on Debian 8 and have a self signed ecc certificate with 384 Bit Key for testing purposes. I would like to use the curves X25519, secp384r1 and secp256r1. Nginx starts normally with X25519 and secp384r1…
Henrik N.
  • 103
  • 1
  • 5
5
votes
2 answers

Openssl: Extract root certificate from certificate chain?

I am fetching a certificate chain with openssl s_client -showcerts -connect host.whatever:443
Mike Stan
  • 53
  • 1
  • 1
  • 5
5
votes
2 answers

Disable RC4 cipher for Apache 2.2

I'm currently running Apache 2.2 on a Centos 6.7 machine. I need to disable the usage of the RC4 cipher under openSSL. Here is my current SSL config: SSL Protocol support: # List the enable protocol levels with which clients will be able to #…
vondiggity
  • 53
  • 1
  • 1
  • 4
5
votes
0 answers

Invalid key length error when trying to connect phpmyadmin to remote MySql over SSL

I get these error messages when logging in to phpmyadmin instance Error during session start; please check your PHP and/or webserver log file and configure your PHP installation properly. Also ensure that cookies are enabled in your…
Anadi Misra
  • 527
  • 2
  • 9
  • 23
5
votes
2 answers

Testing an SMTP server with SSL?

I want to be sure a SSL/TLS connection is really being made to my SMTP Server on port 465. (The Server is running on Ubuntu 14.04) Using:- openssl s_client -connect example.co.uk:465 I get the responses shown below... Notice I get the…
jradxl
  • 171
  • 1
  • 1
  • 5
5
votes
1 answer

Keeping track of SSH private keys without comments

SSH public keys support comments (which simply consist of text appended to the end of the key), which makes it easy to identify an otherwise unidentifiable id_rsa.pub file. You can use the comment to store information such as who the key belongs to,…
Frogging101
  • 53
  • 1
  • 7
5
votes
2 answers

how to create a SSL certificate chain from my own CA?

I use my own CA to create SSL certs for services in my infra. These certs are signed directly by my CA. It comes to me that this is likely a weak strategy, as if the cert was to be compromised, I need to create new ones from the one CA. If the CA…
MrE
  • 418
  • 1
  • 6
  • 14
5
votes
1 answer

Postfix SSL-Intermediate-CA

I got a thawte Wildcard SSL-Cert for for *.my.example.com. Now I would like to use it for my mailserver (hostname: test.my.example.com). I edited the /etc/postfix/postfix_default.pem and included key, cert and ca in this file. Unfortunately…
MyFault
  • 913
  • 3
  • 15
  • 36
5
votes
2 answers

Can I upgrade OpenSSL version used by apache without recompiling the server but just mod_ssl?

I have an Apache server on a Unix machine: Apache/2.2.29 (Unix) OpenSSL/0.9.8zg I would like to upgrade the OpenSSL version to 1.0.2, which is the version currently installed on my system: machine:/ user$ openssl version OpenSSL 1.0.2d 9 Jul…
user3019105
  • 151
  • 1
  • 1
  • 3
5
votes
1 answer

Any way for openssl to generate private key with 400 (-r--------) permissions from the start?

I use openssl to generate private keys and CSRs in a script. The script needs to generate the key first, then call chmod 400 whatever.key to change the permissions of the private key to something more secure. Is there any way to eliminate the…
thomasrutter
  • 2,527
  • 1
  • 25
  • 34
1 2 3
99 100