Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
12
votes
3 answers

openssl: generate certificate request with non-DNS subject alternative names

To create a certificate request containing subject alternative names (SANs) for a host, with openssl, I can use a config file like this (snipped): [req] req_extensions = v3_req [ v3_req ] subjectAltName = @alt_names [alt_names] DNS =…
Paolo Tedesco
  • 1,296
  • 7
  • 16
  • 23
12
votes
1 answer

How to use Chrome's CRL sets (or some master CRL list) as a CRL file?

I am looking for a master CRL list. The closest thing I have found is the Chromium project's CRLSets. I used crlset-tools to get the crlset (crlset fetch > crl-set) and then dumped the serial numbers (crlset dump crl-set) so I see something like…
test
  • 317
  • 1
  • 3
  • 7
12
votes
1 answer

OpenVPN: self-signed certificate in chain

I am trying very-unsuccessfully to use TunnelBlick (an OS/X OpenVPN 2.2.1 client that is known-good) to connect using certificates. Here is the (sanitized) error message I receive: 2012-01-11 11:18:26 TLS: Initial packet from **.**.**.**:1194,…
user106701
  • 121
  • 1
  • 1
  • 3
12
votes
3 answers

Generate self signed SSL certificate for apache

I want to create self signed certificate for the website. The old certificate expired few days ago. There are more than one NameVirtualHosts hosted on systems. The commands I am using to create certificate are taken from one tutorial website and…
Saurabh Barjatiya
  • 4,703
  • 2
  • 30
  • 34
11
votes
3 answers

Why is ALPN not supported by my server?

I'm currently running a Ubuntu 16.04.1 LTS server using NGINX 1.11.9 and openssl 1.0.2g. According to everything I've read, these versions should support ALPN, yet when I run a test on KeyCDN's HTTP/2 Test tool, I get "ALPN is not supported" And…
Godwin
  • 401
  • 1
  • 4
  • 14
11
votes
3 answers

Connecting to PostgreSQL with SSL using OpenSSL s_client

I am trying to connect to my PostgreSQL server on AWS using SSL from the OpenSSL s_client on XP. I can connect to a third party using this s_client. On both the server and XP, I am using openssl version 0.9.8.k. When I try to connect to my server,…
Mitch
  • 291
  • 1
  • 4
  • 7
11
votes
2 answers

openssl - What is the public key default MD

In openssl.cnf default_md (use public key default MD) is set to default. How can I find out what the default is without generating a certificate? Is there a file I can check where it lists the default?
abalone
  • 211
  • 1
  • 2
  • 5
11
votes
1 answer

apache ssl - unable to get local issuer certificate

Somehow just today suddenly my seafile client throwed this error. I don't believe its a seafile issue, because my openssl throws the exact same error: user@nb-user:~$ echo |openssl s_client -connect…
Dionysius
  • 223
  • 1
  • 2
  • 8
11
votes
5 answers

Roundcube & Postfix SMTP: SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c

I have a Postfix / Dovecot / Roundcube setup that I use personally, as well as provide to other users. I am attempting to transfer this entire setup to a new box, but having some issues. Mail receiving is working fine, (only tested internally,…
1n5aN1aC
  • 145
  • 2
  • 2
  • 9
11
votes
3 answers

How to uninstall MariaDB and re-install MySQL? MySQL install turns into MariaDB install

I recently upgraded my CentOS system via the desktop. Mistake! I had MariaDB, phpMyAdmin working just fine before - but after the upgrade they stopped. I frantically googled and tried to follow some tutorials about MariaDB MySQL reinstall until I…
Suma
  • 111
  • 1
  • 1
  • 3
11
votes
2 answers

Which openvpn cipher should I use?

From both a performance and security standpoint, which cipher should I use with openvpn? According to http://openvpn.net/index.php/open-source/documentation/howto.html#security , the default is Blowfish, and the recommendation/example is to use…
Daniel S. Sterling
  • 1,584
  • 2
  • 11
  • 13
11
votes
2 answers

How can I verify/read an IIS7 SSL renewal CSR with OpenSSL

I have the privilege of handling ~5 SSL CSRs per week, checking their validity before passing them off to our CA for action. I use OpenSSL on an Ubuntu machine to check that they are valid, testing things like the correct OU name, a sensible CN, key…
Jim Cheetham
  • 311
  • 2
  • 8
10
votes
1 answer

Generate subdomain certificate from valid wildcard certificate

Giving the nature of SSL certificates and keys which can be chained, can I (myself) generate a certificate for a subdomain based on the main domain certificate and key which are issued for wildcard subdomains? The practice here is that I have to…
Tala
  • 267
  • 1
  • 3
  • 9
10
votes
4 answers

How can I use openssl to get results from HTTP GET requests?

I need to use openssl to perform some HTTP GET requests in a shell script. The line I'm using to do this right now is shown below. This is parsing the content of an XML response of the following…
conorgriffin
  • 459
  • 1
  • 6
  • 25
10
votes
3 answers

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Like every other admin, I"m working through the Logjam fix. I've upgraded to Apache 2.4.12 and openssl 1.0.2a on my centos 6.6 box. When I start apache, I'm seeing this error message returned: Invalid command 'SSLOpenSSLConfCmd', perhaps…
ryanlraines
  • 101
  • 1
  • 1
  • 3
1 2 3
99 100