Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
5
votes
1 answer

Unable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificate

I ran into an interesting problem. We have a PHP script that contacts a LTL shipper (https://facts.dohrn.com/). That script has been failing because it can't validate the SSL certificate. I went to the site and found they were using a GoDaddy SHA2…
Machavity
  • 846
  • 10
  • 26
5
votes
2 answers

Wget, self signed cert and --no-check-certificate not working

I recently installed a self signed SSL cert on one of our nginx webservers. If I attempt to wget a file with --no-check-certificate I receive the errors below. You can reach the site with a browser, the browser will recognize that it is self signed,…
Minelr G
  • 95
  • 1
  • 1
  • 7
5
votes
2 answers

SSL routines:SSL23_WRITE:ssl handshake failure, nginx on CentOS 7

First of all, what do I have: OpenSSL 1.0.1e-fips 11 Feb 2013 nginx version: nginx/1.6.2 CentOS Linux release 7.0.1406 (Core) and, for testing purposes, a self-signed certificate: openssl req -x509 -sha256 -newkey rsa:2048 -keyout private_key.pem…
user185481
5
votes
1 answer

OPENSSL Save x509 certificate of a website

I can see the certificate with this command openssl s_client -host {HOST} -port 443 -prexit -showcerts How can I save the x509 cert of the website in a PEM - File?
user3653164
  • 153
  • 1
  • 1
  • 3
5
votes
2 answers

Curl with custom certificate

I 'd like curl to work with sites signed by goDaddy: If I call curl mypage.com/bla I am getting a certificate verification error. I tried getting the ca certificate with this snippet: echo | openssl s_client -connect mysite.com:443 2>&1 | sed -ne…
ProfHase85
  • 501
  • 3
  • 6
  • 15
5
votes
1 answer

Update openssl in debian squeeze

There is this CVE-2014-0224 bug in openssl so I would like to update my affected # openssl version OpenSSL 0.9.8o 01 Jun 2010 But there is no update for squeeze. I read the it is already fixed in squeeze-LTS. What I am supposed to do? Will there be…
PiTheNumber
  • 345
  • 2
  • 5
  • 18
5
votes
1 answer

Openssl hangs after client hello

I've got the following strange SSL connection error: openssl s_client -ssl3 -connect host:443 -msg CONNECTED(00000003) >>> SSL 3.0 Handshake [length 0087], ClientHello 01 00 00 83 03 00 53 70 cb 57 f8 66 46 4d ad 9f 12 f9 03 32 11 b9 58 f8…
Andrei Mikhaltsov
  • 3,027
  • 1
  • 23
  • 31
5
votes
1 answer

SSL verification error with git (on github) on Ubuntu 14.04

I'm trying to clone the atom repository that just went fully open-source and I've run into some trouble. Attempting to git clone the repository is producing an SSL error: wug@wugputer:/src/test$ git clone https://github.com/atom/atom.git Cloning…
Wug
  • 151
  • 1
  • 5
5
votes
4 answers

Is there a way, to manually check for openssl CVE-2014-0160 vulnerability?

Is there a way for one to check some of internal services against CVE - CVE-2014-0160 (preferably using openssl CLI)? I CANNOT test everything just by using: Test your server for Heartbleed (CVE-2014-0160).
alexus
  • 13,112
  • 32
  • 117
  • 174
5
votes
2 answers

What is the purpose of openssl passwd

I'm reading "Reliably Deploying Rails Applications" Regarding defining users to be set up by Chef, it says: “Next we need to define users, inside data_bags/users copy the file deploy.json.example to deploy.json. Generate a password for your deploy…
joshua.paling
  • 1,225
  • 2
  • 11
  • 13
5
votes
1 answer

Squid SSL transparent proxy - SSL_connect:error in SSLv2/v3 read server hello A

I am trying to setup a SSL proxy for one of my internal servers to visit https://www.googleapis.com using Squid, to make my Rails application on that server to reach googleapis.com via the proxy. I am new to this, so my approach is to setup a SSL…
larryzhao
  • 205
  • 4
  • 8
5
votes
1 answer

Extract certificate chain from .pfx

I have a .pfx file that I exported from Windows Server 2008. It includes the private key and certificate chain. Using openssl I've been able to extract the private key and public certificate but I also need the full certificate authority chain. How…
Rory Fitzpatrick
  • 183
  • 1
  • 2
  • 9
5
votes
2 answers

"Unable to locally verify the issuer's authority" for GeoTrust SSL CA

I am having troubles connecting to an SSL site (not mine) from the command-line. The certification path goes "GeoTrust Global CA" > "GeoTrust SSL CA" > "*.131500.com.au". The server recently replaced their certificate, (valid from May 13 2013),…
Martin
  • 185
  • 1
  • 2
  • 5
5
votes
2 answers

Unable to verify the first certificate (RapidSSL/GeoTrust/Ubuntu)

Have been trying to get Ubuntu to recognize the GeoTrust SAN certificate, no luck. Browsers work fine. Help? $ openssl s_client -showcerts -connect artsyapi.com:443 CONNECTED(00000003) depth=0 businessCategory = Private Organization,…
dB.
  • 153
  • 1
  • 1
  • 6
5
votes
1 answer

How to secure both root domain and wildcard subdomains with one SSL cert?

I am trying to generate a self-signed SSL certificate to secure both example.com and *.example.com. Looking at the answers to this and this questions, there seems to be an equal number of people agreeing and disagreeing whether this could be done.…
Question Overflow
  • 2,103
  • 7
  • 30
  • 45
1 2 3
99 100