Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
0 answers

root CA not installed but certificate is succesfully validated

I have installed a certificate issued by Digicert on one of my web server. I then use another server of mine as a client to curl on my new certificate which is validated successfully. While i was trying to get my self familiar with the whole…
giomanda
  • 1,754
  • 4
  • 21
  • 30
0
votes
0 answers

Arguments to make OpenSSL run faster

Is there a way to run openssl.exe faster? For example you can run gzip with the argument --fast. Is there anything like that for openssl? If not is there an encryption type that is known to be faster - not concerned if the speed means I sacrifice…
sazr
  • 109
  • 1
  • 3
0
votes
0 answers

Build Nginx with ssl module

Currently I am installing a new server with Nginx. Additionally I want to add the Google Pagespeed Module and SSL support. However it seems my Nginx build does not recognize it is build with the ngx_http_ssl_module. These are the steps I took to…
Thomas Van der Veen
  • 101
  • 1
  • 3
0
votes
2 answers

curl unable to get local issuer certificate

I'm in charge of a web server running apache which hosts around 15 differente sites. Now one site needs to communicaten with the other, our devs trying to connect to it via curl using PHP. This doesn't work. I tried to debug it on the command line…
user333222
0
votes
0 answers

Token slot_id order changes when restarting

Hello and thanks for taking the time to read this. Issue: I have 4 token devices with the same model and the same name, I rely on the slot id (and the serial) to identify wich one to use. After 5 months working without issue we had to restart the…
LordNeo
  • 113
  • 1
  • 1
  • 6
0
votes
1 answer

SSL on an EC2 instance without a load balancer

I don't have a lot of experience configuring SSL for a site so there's a good chance I'm missing something, but how does one configure SSL for an EC2 without going through a load balancer? This is for a server that is used to communicate with a…
Ryan Grush
  • 181
  • 9
0
votes
1 answer

How to resolve Openssl Package error while installing nginx

I tried to install nginx in a RHEL 7.2 machine, and i got an error, Error: Package: 1:nginx-1.10.2-2.el7.x86_64 (epel) Requires: libcrypto.so.10(OPENSSL_1.0.2)(64bit) You could try using --skip-broken to work around the problem You could try…
Dinesh SC
  • 33
  • 1
  • 2
  • 6
0
votes
1 answer

OpenSSL: convert from pfx with SANs intact

I work at a place where the CA and all certificates are initially provided in .pfx format. I am able to successfully convert the pfx to key/pem or key/crt depending on my need. When testing this week, I discovered that the conversion process doesn't…
Mountainerd
  • 306
  • 2
  • 12
0
votes
1 answer

Already install nginx to use OpenSSL 1.0.2 for ALPN?

I would like to use HTTP/2 and to fully use its capabilities. ALPN is bundled in OpenSSL 1.0.2, but NGINX doesn't seem to use it. Seems like OpenSSL is already 1.0.2l and I upgraded nginx to 1.13.6 but it still uses OpenSSL 1.0.1t. # openssl…
Dimitar Petrov
  • 121
  • 2
0
votes
1 answer

65536bit long certificate self-signing using openssl fails

I created my privatekey & certificate request using openssl req -new -newkey rsa:65536 > server.cert.csr. This took some minutes and produced 2 files. Then I decrypted my private key using openssl rsa -in privkey.pem -out server.cert.key Now I want…
feedc0de
  • 269
  • 1
  • 2
  • 9
0
votes
1 answer

Your Connection Is Not Secure - How To Add A CA Certificate To Browser

I just added a NAS (network attached storage) to my LAN and I'd like to access it via HTTPS. Everything works, except that when I browse to it, chrome responds with "Not Secure" in the address bar, and there's a strikethrough line in the "https"…
Andrew
  • 175
  • 2
  • 7
0
votes
1 answer

Openvpn setting up new CA.cert, server key on old setup

I mistakenly deleted keys folder with ca.cert, server.key and dh2048.perm. I have multiple clients located various places which are still connecting with server. I want to generate new set of ca.cert,server.key and dh2048.perm and client keys…
DarshanJoshi
  • 1
  • 1
0
votes
1 answer

Can MySQL with OpenSSL run in FIPS mode?

I have a build of OpenSSL that uses the FIPS Object Module for FIPS-validated cryptography. Certain applications such as Tomcat support the use of this specialized FIPS OpenSSL. You compile against the OpenSSL crypto libraries and then set an option…
Graph Theory
  • 103
  • 3
0
votes
1 answer

HTTPD + OpenSSL - Long time to connnect to port 443 then ssl_handshake_failure

I know that ssl_handshake_failure is a generic error, however this is my last resort, since I've been investigating this issue for three weeks. I'm deploying Apache HTTPD server on an AIX Server. AIX does not have standard repository so I've…
vinicius.olifer
  • 5
  • 7
0
votes
1 answer

Allow Internal CA to sign CSR

So as it says, how am I supposed to allow Internal CA to sign CSR? This would be for scenarios where you cannot easily replace a private key for a client so the preferred process uses CSR's instead. Is it even possible?
Tyler Dee
  • 3
  • 1
1 2 3
99 100