Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
33
votes
4 answers

Is the alert “SSL3_READ_BYTES:sslv3 alert bad certificate” indicating that the SSL failed

While running the below command openssl s_client -host example.xyz -port 9093 I get the following error: 139810559764296:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1259:SSL alert number…
kris433
  • 433
  • 1
  • 4
  • 5
33
votes
3 answers

Nginx configured with http2 doesn't deliver HTTP/2

I have a problem with my Nginx configuration. I upgraded to nginx 1.9.6 to test http/2 but it does not work on my server. I used ubuntu 14.04.2 LTS This is the nginx -V output : nginx version: nginx/1.9.6 built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI…
throrin19
  • 383
  • 1
  • 3
  • 8
32
votes
2 answers

Difference between ca-bundle.crt and ca-bundle.trust.crt

On CentOS 6.5, in /etc/pki/tls/certs I have: ca-bundle.crt and ca-bundle.trust.crt With different file sizes. Which should I use as the trust path for nginx proxy_ssl_trusted_certificate.
Justin
  • 5,328
  • 19
  • 64
  • 84
31
votes
1 answer

Which permissions should I set to dhparam.pem?

I am generating Diffie-Hellman parameters for the ssl_dhparam directive in the SSL configuration of nginx. The file dhparam.pem is created with the command openssl dhparam 2048 -check -out dhparam.pem. Which permissions should I set to this file? Is…
Eric Bréchemier
  • 1,435
  • 2
  • 12
  • 8
31
votes
3 answers

Non-interactive creation of SSL certificate requests

Is there a way to create SSL cert requests by specifying all the required parameters on the initial command? I am writing a CLI-based web server control panel and I would like to avoid the use of expect when executing openssl if possible. This is a…
dotancohen
  • 2,590
  • 2
  • 25
  • 39
30
votes
1 answer

openssl keeps giving me "unknown option" errors

I'm trying to create an SSL cert for the first time. I have no idea how this works and am simply following some instructions provided to me. first command works fine: openssl genrsa -des3 -out privkey.key 2048 then the second command is giving me…
PetroleumJelliffe
  • 413
  • 1
  • 4
  • 5
29
votes
1 answer

What does "tlsv1 alert unknown ca" mean?

I am trying to do a curl request using a client certificate like so: curl -E my.pem https://some.site And I get the following error message: curl: (35) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca What does this mean? Is…
grasevski
  • 401
  • 1
  • 4
  • 5
29
votes
2 answers

Is it possible to set a timeout on openssl's s_client command?

I've got a script which uses openssl's s_client command to pull certificates for a big set of hosts. Some of these hosts will inevitably be unreachable because of a firewall. Is it possible to set the s_client timeout to something much shorter…
Justin Ainsworth
  • 393
  • 1
  • 3
  • 5
28
votes
2 answers

Curl: unable to get local issuer certificate. How to debug?

I’ve got an odd problem. Updated my LAMP dev machine (Debian) to PHP 7. Afterwards I cannot connect to a specific TLS encrypted API via Curl anymore. The SSL cert in question is signed by thawte. curl https://example.com gives me curl: (60) SSL…
Rob
  • 383
  • 1
  • 3
  • 6
28
votes
8 answers

My server is still vulnerable to heartbleed even after I update OpenSSL

I have an Ubuntu 12.04 server. I have updated the OpenSSL package in order to fix the heartbleed vulnerability. But I am still vulnerable even, even though I have restarted the web server, and even the whole server. To check my vulnerability I…
user3301260
  • 383
  • 1
  • 3
  • 5
27
votes
1 answer

OpenSSL: how to setup an OCSP server for checking third-party certificates?

I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice. I have extracted…
StackedCrooked
  • 1,387
  • 3
  • 13
  • 22
25
votes
2 answers

Why openssl ignore -days for expiration date for self signed certificate?

I have a bash script that generates a self-signed certificate and works perfectly fine: #! /bin/bash # Generate self signed root CA cert openssl req -nodes -x509 -days 358000 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj…
Alireza
  • 583
  • 4
  • 9
  • 27
25
votes
6 answers

Can't compile nginx with SSL support, OpenSSL not found

I'm trying to compile nginx from source with the SSL module enabled. When I run this command: ./configure --with-http_ssl_module it does its usual checks to see if everything is installed correctly, and then this pops up: checking for OpenSSL…
James Linton
  • 377
  • 2
  • 5
  • 7
22
votes
14 answers

error while loading shared libraries: libcrypto.so.1.1

When I run "openssl" I am getting an error as below : openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory" This happened after I attempted to update OpenSSL according to this…
mayasl
  • 329
  • 1
  • 2
  • 4
22
votes
2 answers

Why are md5 passwords hashed differently?

I've been wondering for a while, why does running "echo 'helloworld' | openssl passwd -1 -stdin" yield different results every time?If I put any of the hashes in my /etc/shadow I can use them as my password and login to my system, how does it…
Peter
  • 1,102
  • 3
  • 18
  • 32
1 2
3
99 100