Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
65
votes
6 answers

Heartbleed: are services other than HTTPS affected?

The OpenSSL 'heartbleed' vulnerability (CVE-2014-0160) affects webservers serving HTTPS. Other services also use OpenSSL. Are these services also vulnerable to heartbleed-like data leakage? I'm thinking in particular of sshd secure SMTP, IMAP etc…
Flup
  • 7,978
  • 2
  • 32
  • 43
61
votes
9 answers

How to split a PEM file

Note : This is not really a question because I already found the answer but since I didn't find it easily here I will post it so that it can benefit others. Question : How to read a concatenated PEM file as the one used by apache/mod_ssl directive…
Cerber
  • 1,221
  • 1
  • 13
  • 23
59
votes
4 answers

Connecting to HTTPS with netcat (nc)

I'm working on a homework assignment for my college course. The task is to fetch web pages on HTTPS using nc (netcat). To fetch a page over HTTP, I can simply do the following: cat request.txt | nc -w 5 80 In request.txt I have an HTTP…
Oto Brglez
  • 792
  • 1
  • 5
  • 9
55
votes
8 answers

How to remove Private Key Password from pkcs12 container?

I extracted certificate using Chrome's SSL/export command. Then provided it as input to openvpn - in the config for openvpn: pkcs12 "path/to/pkcs12_container" When calling openvpn ~/openvp_config it asks for a password for private key (wich I…
Ayrat
  • 653
  • 1
  • 5
  • 6
50
votes
3 answers

stop apache from asking for SSL password each restart

Using instructions from this site but varying them just a little i created a CA using -newca, i copied cacert.pem to my comp and imported as trusted issuer in IE. I then did -newreq and -sign (note: i do /full/path/CA.sh -cmd and not sh CA.sh -cmd)…
user274
42
votes
1 answer

Can not get rid of `net::ERR_CERT_COMMON_NAME_INVALID` error in chrome with self-signed certificates

There are numerous question on the web where people are having difficulty setting up self signed certificates for use on internal network. Just to link a few: Getting Chrome to accept self-signed localhost certificate Chrome accept self-signed…
Ashesh
  • 525
  • 1
  • 4
  • 7
42
votes
4 answers

Fingerprint of PEM ssh key

I have a PEM file which I add to a running ssh-agent: $ file query.pem query.pem: PEM RSA private key $ ssh-add ./query.pem Identity added: ./query.pem (./query.pem) $ ssh-add -l | grep query 2048 ef:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX…
Unknown
  • 1,341
  • 2
  • 13
  • 19
37
votes
3 answers

Import of PEM certificate chain and key to Java Keystore

There are plenty of resources out there about this topic, but none I found which covers this slightly special case. I have 4 files; privatekey.pem certificate.pem intermediate_rapidssl.pem ca_geotrust_global.pem And I wish to import them into a…
Trollbane
  • 473
  • 1
  • 5
  • 4
37
votes
10 answers

How to solve `configure: error: Cannot find OpenSSL's `?

Im trying to recompile PHP, but ./configure fails at : configure: error: Cannot find OpenSSL's I have LibSSL 1.0.0, LibSSL 0.9.8, LibSSL-Dev, OpenSSL installed. --with-openssl=/usr/include/openssl when I try with --with-openssl tells…
CappY
  • 513
  • 1
  • 6
  • 11
36
votes
3 answers

ssh on windows - Corrupted MAC on input

I've installed OpenSSH on Windows. I can successfully connect to my remote server via ssh with Putty from this Windows machine. But when opening a PowerShell, and trying ssh my_user@1.2.3.4 I've got the error: debug3: send packet: type 5 …
Raoul Debaze
  • 521
  • 1
  • 4
  • 6
36
votes
3 answers

SSL routines:SSL23_WRITE:ssl handshake failure

I'm trying to use OpenSSL to connect to an SSL server. When I run: openssl s_client -connect myhost.com:443 The following SSL client configurations work just fine: Windows (OpenSSL 0.9.83e 23 Feb 2007) Linux (OpenSSL 0.9.8o 01 Jun 2010) Linux…
Jaakko
  • 427
  • 2
  • 5
  • 14
36
votes
6 answers

How to enable TLS 1.1 and 1.2 with OpenSSL and Apache

In light of a growing number of security issues, such as the newly announced Browser Exploit Against SSL/TLS (BEAST), I was curious how we could go about enabling TLS 1.1 and 1.2 with OpenSSL and Apache to ensure that we will not be vulnerable to…
John
  • 2,276
  • 7
  • 44
  • 60
35
votes
4 answers

Are self-signed SSL certificates secure?

I want to have a secure connection, when I log into my webmail, phpMyAdmin, etc. Therefore I signed my own SSL certificates with OpenSSL and told Apache to listen on port 443. Is this in fact secure? Are all my passwords really sent through a safe…
cherrun
  • 749
  • 2
  • 11
  • 17
34
votes
4 answers

How to generate .key and .crt file from JKS file for httpd apache server

I have the mycert.jks file only. Now i need to extract and generate .key and .crt file and use it in apache httpd server. SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key…
Sohan
  • 759
  • 1
  • 6
  • 12
34
votes
1 answer

Generate .key and .crt from PKCS12 file?

How exactly would I generate a .key file and a .crt file from a .p12 file?
Fela Maslen
  • 1,243
  • 2
  • 12
  • 19
1
2
3
99 100