Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
10
votes
2 answers

How to create TLS SHA256 certificate request

One of our business partners is requesting us to use a TLS SHA256 certificate to connect to their APIs. I am not sure how to generate these requests. I have used openssl in the past to create these requests but it generated an SSL certificate using…
Jeff
10
votes
4 answers

openssl s_client shows alert certificate unknown but all server certificates appear to be verified

I am troubleshooting errors establishing a secure connection to an EPP server. I issue the command below and see that all of the server certificates are verified, but still I get an error (highlighted in bold). Is there still a problem validating…
shampoopy
  • 103
  • 1
  • 1
  • 4
10
votes
1 answer

openssl invalid CA certificate

I'm setting up server-to-server OpenVPN with a PKI infrastructure, and cannot make it work. I suspect it's something in the certificate chain, but I'm at a loss to explain how. I have an offline Root CA, and a certificate hierarchy. The CA's are…
Michael Hart
  • 113
  • 1
  • 1
  • 8
10
votes
4 answers

Encrypt temporary password using public ssh key

I manage a virtual office and our staff uses both SSH keys and passwords for authentication. If one of our staff forgets his password, is there a way to encrypt a temporary password using his public RSA ssh key so I can send it to him via…
David M. Syzdek
  • 338
  • 2
  • 12
10
votes
3 answers

Stunnel won't work with SSLv3 from some hosts

WARNING: SSLv3 is obsolete. Consider disabling it altogether. I'm trying to set up Stunnel to server as SSL cache. Everything was smooth, and mostly it works as designed. Then I encountered errors in log files: SSL_accept: 1408F10B:…
Sergey
  • 948
  • 5
  • 10
  • 22
10
votes
5 answers

SSL connection hangs as client hello (curl, openssl client, apt-get, wget, everything)

I've run into a problem on my Debian VPS (a xen domU) regarding SSL. Namely almost all SSL connections hangs at client hello. For example: # curl -vI https://graph.facebook.com About to connect() to graph.facebook.com port 443 (#0) Trying…
Niklas B
  • 421
  • 1
  • 3
  • 8
9
votes
1 answer

Odd error while using openssl

When I use openSSL and a config file to sign a intermediate certificate I constantly get the same error. The errors are: 140736005481480:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/Volumes/Project -…
Matthew N
  • 203
  • 1
  • 2
  • 4
9
votes
1 answer

What is the ~/.rnd file in openssl and how to generate a new private key with it?

When I tried to run the following command to issue a new private key, which I use to host my web app via SSL: openssl genrsa -out example.key 2048 the following error occured: unable to write 'random state' e is 65537 (0x10001) After digging out…
Blaszard
  • 352
  • 2
  • 6
  • 14
9
votes
2 answers

Does Nginx use the hardware AES support of Intel Core i7 or other similar architectures?

I am trying to use Nginx as a reverse proxy with features like load balancing and SSL offload, and I need to buy the proper hardware. In some cases I need a high throughput SSL offload, and I am wondering if Nginx uses the hardware AES features of…
Ehsan Mahdavi
  • 155
  • 1
  • 2
  • 9
9
votes
1 answer

Meaning of ssl_ciphers line on nginx.conf

What is the meaning of the following line from an nginx.conf file? ssl_ciphers HIGH:!aNULL:!MD5; I know the ssl cipher is specifying which algorithm to use to secure the server communication and I'm assuming !aNULL and !MD5 is specifying to not…
nobody
  • 201
  • 1
  • 2
  • 7
9
votes
2 answers

How to install a vulnerable version of OpenSSL on a Linux server?

I'd like to compile and install a Heartbleed-vulnerable OpenSSL version on a server I'm setting up for a team web security challenge (since these are not available for install from Ubuntu's repository for obvious reasons). I downloaded and compiled…
mittelmania
  • 209
  • 2
  • 10
9
votes
2 answers

How do I work out my certificate chain order manually?

Lets say I start with a certificate. Using openssl I can print it out like this: openssl x509 -in cert.pem -text -noout And I'll get some output such as Validity, Issuer and Subject along with Authority Key Identifier and Subject Key…
hookenz
  • 14,472
  • 23
  • 88
  • 143
9
votes
3 answers

openssl req -key server.key -out server.csr taking ages to complete

I am trying to generate my own self-signed ssl certificate with openssl so I can test them out on a dev server on nginx before I buy one. I have created the server.key but when I run the command openssl req -key server.key -out server.csr it just…
Oliver Bayes-Shelton
  • 366
  • 1
  • 3
  • 11
8
votes
1 answer

Generate CSR including certificate template information with OpenSSL

I'm generating a CSR with OpenSSL using the following configuration file: [ req ] default_bits = 2048 default_keyfile = usercert.key distinguished_name = req_distinguished_name attributes = req_attributes prompt …
Chris
  • 334
  • 1
  • 3
  • 12
8
votes
1 answer

Self signed ssl I created for localhost cannot be trusted even though I have already imported it to chrome

I am creating https server side that I am using to practice OAuth to Instagram which requires https. I generated a certificate using ssl by running the script from the following link:…
alexW
  • 81
  • 1
  • 2
  • 4
1 2 3
99 100