Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
4
votes
1 answer

How to get HAProxy to route TCP based on SNI (using openssl s_client to test)?

I want to use HAProxy to terminate TLS-encrypted TCP connnections and to pass the unencrypted TCP traffic to various backends based on the Server Name Indication used to initiate the TLS connection. I have 3 services running on a backend server,…
John
  • 263
  • 1
  • 2
  • 11
4
votes
3 answers

openssl keeps creating v1 certificate instead of v3

Hell everyone, so i'm trying to create a self signed certificate for my domain and for some reason openssl keeps creating V1 certificates for my server instead of V3 and that is causing browsers to not give me the "green lock" when im there. Any…
Ghaith Haddad
  • 73
  • 1
  • 3
  • 6
4
votes
4 answers

Forcing Dovecot 2.3.4.1 to use TLSv1.2

Since the new Debian Buster update, I have some issue with TLSv1.3. Issue: my iOS mail client could not connect to my mail server (12.2) and I do not want to upgrade right now, so I try to find a way to disable TLSv1.3 with dovecot. The current…
ochbob
  • 41
  • 1
  • 1
  • 2
4
votes
1 answer

what does connected(00000005) and verify return:1 in openssl s_client command

I am trying to test icinga2 client and server connectivity with openssl command and I am using a command like following line in client openssl s_client -CAfile /var/lib/icinga2/certs/ca.crt -cert /var/lib/icinga2/certs/.crt -key …
Murat Suluhan
  • 43
  • 1
  • 3
4
votes
1 answer

Intermediate certificate not in keystore even though I added it

I was tasked to set up an ssl in a server, this server uses wildfly, so I have to make a keystore that contains all of the certificates that I got, the server certificate, the intermediate and the keyfile. First I chained up the server cert and the…
logax
  • 129
  • 3
  • 14
4
votes
0 answers

Is there a way to create a PEM file using PowerShell and only PowerShell?

I'm looking for a way to create an AES-128 key in PEM format (Base64 encoded text file) using PowerShell. All the examples I can find assume the user has OpenSSL installed. The equivalent OpenSSL command would be: openssl genrsa -aes128 -out…
Mike Christensen
  • 965
  • 1
  • 11
  • 21
4
votes
2 answers

TLS v1.3 active despite not being enabled in Nginx config

Relevant config: ssl_protocols TLSv1.2; When I test the server at SSL Labs, the test reports that TLS 1.3 is available and lists the default ciphers and other results as if TLSv1.3 were included in my config. Ubuntu Server 18.04.1, OpenSSL 1.1.1 11…
Paul
  • 3,037
  • 6
  • 27
  • 40
4
votes
1 answer

TLS1.3 not working on nginx 1.15.2 with OpenSSL 1.1.1-pre9

Despite having the latest nginx and OpenSSL does not yield TLS1.3 on my server (www.baldeonline.com for reference) even though it is enabled in my configuration files. Furthermore, my instance of nginx was compiled with OpenSSL 1.1.1-pre9 installed.…
Alex Baldwin
  • 311
  • 2
  • 9
4
votes
1 answer

How to debug curl? gnutls_handshake failed -unexpected TLS packet (OpenSSL)

How can I debug curl error further when Apache error.log is not showing any? (35) gnutls_handshake() failed: An unexpected TLS packet was received. curl -v https://example.com * Rebuilt URL to: https://example.com/ * Trying 127.0.0.1... *…
Markus
  • 171
  • 1
  • 1
  • 6
4
votes
1 answer

OpenSSL equivalent of libreswan IPSEC

I have the following ipsec commands that generate certificates, but I dont have ipsec installed so looking for the openssl equivalent. Can anyone please help? Create certificate authority cert ipsec pki --gen --type rsa --size 4096 --outform pem >…
Christian
  • 796
  • 3
  • 13
  • 31
4
votes
1 answer

Internal Network CA: "Invalid Common Name" or Invalid Cert on everything (except Internet Explorer and Windows' Certificates mmc snapin)

We run an internal Certificate Authority powered by an Ubuntu 16.04 server and an OpenSSL backend for internal resources, on a mixed Windows / Linux environment. This CA is used with some internal websites in an attempt to provide valid, trusted…
Thomas Ward
  • 787
  • 2
  • 7
  • 18
4
votes
3 answers

How to make it work Certificate pinning (HPKP) and self signed certificate in a local network?

I need to use SSL in a local network and I want to avoid browser invalid certificate error. My idea is to generate self signed certificate and then use Certificate Pinning (HPKP) so to tell browser only this certificate can be trusted? I currently…
Peter Stegnar
  • 571
  • 2
  • 10
  • 22
4
votes
2 answers

Can't secure sub domain with SSL

I am trying to secure a sub domain: bitbucket.kl.company.com The certificate is for *.company.com. So I get an error: bitbucket.kl.company.com uses an invalid security certificate. The certificate is only valid for the following names:…
eeijlar
  • 323
  • 3
  • 7
4
votes
1 answer

How to check apache for SNI (Server Name Indication ) availability?

I have a centos 7 server. I switched from apache 2.4.6 to apache 2.4.25 using IUS repository (https://ius.io/). My goal is to support multiple SSL certificates with a single IP. I have installed: Apache/2.4.25…
GeorgeKaf
  • 175
  • 1
  • 1
  • 7
4
votes
2 answers

Nginx logs: client closed connection while SSL handshaking

CentOS 7.2 Nginx 1.13.0 PHP 7.1.4 My error logs has a lot of the below lines 2017/05/16 06:32:05 [info] 18838#18838: *10061 client closed connection while SSL handshaking, client: 120.188.122.190, server: 0.0.0.0:443 What exactly is the meaning of…
Sanjay
  • 63
  • 2
  • 8
1 2 3
99 100