Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
4
votes
1 answer

How to remove the CA root certificate from a pfx file in Windows?

On a windows 2012 R2 and a Windows 10 machine there is a pfx file which contains the certificate chain for the server. I created this file using Windows MMC certificate export tool. The choices were export all certificates in the chain if possible…
ciso
  • 217
  • 3
  • 14
4
votes
1 answer

How to issue SSL certificate with SAN extension?

I have a pair of Root CA keys. How to issue a new SSL certificate with SAN (Subject Alternative Name) extension? I tried this openssl genrsa -out ssl.key 2048 openssl req -new -config ssl.conf -key ssl.key -out ssl.csr openssl x509 -req -sha256…
dizel3d
  • 171
  • 1
  • 1
  • 6
4
votes
1 answer

openssl secure renegotiation (not supported)

I'm running a web service implemented on Ubuntu 14.04 LTS server. I'm debugging TLSv1 connection breaking after some time between a client using openssl version 0.9.7m and a server using openssl 1.0.1f. I don't have access to the client side myself,…
talamaki
  • 143
  • 1
  • 1
  • 6
4
votes
2 answers

Cannot complete SSL handshake with one server from GCE Ubuntu 16.04.1 image (but works everywhere else)

I'm trying to connect to swift.ca-ns-1.clouda.ca:8443 via SSL. I can connect to this server from multiple other machines including other fresh 16.04.1 boxes (not on GCE), and I connect to it from other GCE instances that are not Ubuntu 16.04.1, but…
Brandon
  • 141
  • 1
  • 1
  • 4
4
votes
1 answer

Error in converting crt certificate to pem

I generated a CA certificate using easyRSA and I intend to use it with FreeRadius to use starttls, now I found that the FreeRadius uses pem format for certificates, but in my case the cert is in binary format, therefore I tried to use the following…
Mohammed Noureldin
  • 541
  • 1
  • 11
  • 25
4
votes
1 answer

(Self-signed) certificate with wildcards for localhost IPs (127…)

Is there a way to create a (self-signed) certificate that will cover all localhost IPs such as the full range for 127? I tried both 127.* and 127.*.*.* but neither worked; I still got SSL error pages warning me that the the page (e.g., 127.2.3.4)…
Synetech
  • 948
  • 1
  • 12
  • 27
4
votes
1 answer

ssl certificate self signed instead of valid

I've purchased a valid certificate: For example this site validates it: https://sslanalyzer.comodoca.com/?url=www.example.com But when I test it with openSSL, like this: openssl s_client -showcerts -connect https://www.example.com:443 I get …
Aleksandar Pavić
  • 412
  • 2
  • 8
  • 18
4
votes
4 answers

'openssl verify' outputs 'unable to get local issuer certificate'

In /etc/ssl, when I do sudo openssl verify mywebsite.pem I get a message stating mywebsite.pem: OU = GT46830179, OU = See www.rapidssl.com/resources/cps (c)15, OU = Domain Control Validated - RapidSSL(R), CN = *.logitapp.com error 20 at 0…
Daniel
  • 189
  • 1
  • 2
  • 5
4
votes
4 answers

Upgrading OpenSSL in CentOS 5.3

I want to use one IP to host many domains with individual SSL certificates (requires SNI). In CentOS 5.3, the latest version of OpenSSL I can find an RPM for is 0.9.8e, which does not support SNI. I want to upgrade to 0.9.8k but I can't find an RPM.…
Lin
  • 2,909
  • 7
  • 27
  • 25
4
votes
0 answers

Building NTP with OpenSSL

I am trying to build the latest version of NTP (4.2.8p3 released on 2015/06/29) with OpenSSL support. I can definitely build NTP but when I try to use ntp-keygen to create a new certificate it tells me that the parameters are unknown. I use this…
Guillaume B
  • 41
  • 5
4
votes
3 answers

remove empty passphrase from ssl key using openssl

I have an openssl key file encrypted with an empty passphrase. I'm trying to remove the passphrase using this command openssl rsa -in ca.key -out ca.key.clear I then try to enter the empty passphrase when it asks for the current passphrase, but I…
Matthew Sharp
  • 200
  • 3
  • 8
4
votes
2 answers

Add SSL certificate after curl error: "unable to get local issuer certificate"

I'm trying to access a partners SOAP API, for that goal I made a CSR and received a CRT. I've made a PEM file with my key and the CRT: cat mycert.crt mykey.key > mycertandkey.pem When I try to hit the service with curl: curl --verbose --cert…
Ixio
  • 173
  • 1
  • 2
  • 8
4
votes
1 answer

Openssl: Generate CSR for private key read from stdin

I am tring to get openssl to generate a CSR for an existing private key using the windows binary of OpenSSL. Normally the command line for this would be: openssl.exe req -new -sha256 -out test.csr -key privkey.pem However for security reasons I'd…
leepfrog
  • 488
  • 2
  • 9
4
votes
1 answer

nginx: How to log TLS error (if unsupported ciphers / protocol)

I'm in the progress of switching to 100% https. Server is running nginx+libressl. Before going https:100% I'm interested in seeing which clients would no longer be able to connect to my site. E.g. As I do not support SSL3. I checked nginx error…
Florian Schneider
  • 303
  • 3
  • 8
4
votes
1 answer

How do I change the expiration of CRLs with OpenSSL?

I am currently experimenting with my self signed CA. But in order for my devices to work I need a valid CRL. I set the CDP to one of the CDN hosting providers. As I have only 5 certificates issued I have little chance of getting one of them revoked,…
manatails
  • 127
  • 2
  • 3
  • 9
1 2 3
99 100