Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

OpenSSL: --keyout option: create .key or .key.pem files?

The tutorial I'm following to create and sign certificates bounces between creating .key and .key.pem files with the -keyout option. For example: master-ca.key.pem and openvpn-ica.key and again vpn-server.key.pem. Does it matter and is there a…
SmokeyTehBear
  • 1
  • 1
  • 2
0
votes
1 answer

Apache doesn't accept the key for a certificate when that certificate is bundled with its issuer

I am setting up a Certificate Authority for an intranet. There is a root certificate which will be installed on all the network machines, an intermediate certificate signed by the root, and a http server certificate signed by the intermediate. I…
spraff
  • 549
  • 4
  • 8
  • 18
0
votes
1 answer

Getting Certificates from Java Keystore

I used Java Keytool to generate domain.csr, domain.keystore and domain.cer. I need to secure the domain using SSL for which I need domain.crt and domain.key. How can I get these two? Are domain.jks and domain.keystore both same? What is difference…
saurg
  • 113
  • 1
  • 2
  • 4
0
votes
1 answer

Can NGINX TLSv1.3 support the use of different cipher/hash/MAC for different server of same IP address?

I have two different domains - thisdomain.com and portal.thisdomain.com. But only one public-facing IP address. Each domains have their own SSL certificates but share same Intermediate CA. Using the same IP address (and NGINX HTTP server has SNI…
John Greene
  • 899
  • 10
  • 30
0
votes
1 answer

freeradius gives "no shared cipher" for windows 10 client

I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but when I try to hook up a windows 10 pc I'm getting a…
Alexander Sergeyev
  • 253
  • 1
  • 2
  • 10
0
votes
4 answers

Apache2 - SSL pages load in Chrome but not Safari

I'm having this unusual SSL issue with Safari. Basically I have a Debian server running Apache 2 (2.4.10) with OpenSSL 1.0.1t on a private network. I've set up an SSL virtual host in the normal way and I'm using a web server certificate signed with…
jeonatl3
  • 103
  • 1
  • 2
0
votes
1 answer

Upgrade OpenSSL (mod_ssl) on WIndows Apache 2.2.18 to v1.1.0b

I am running Apache 2.2.18 on my work machine and have a dedicated IP and paid SSL certificate. Since this server should be secure, I only use HTTPS when I access it. To do a test I went to ssllabs.com so see what the result for my web server would…
Kaboom
  • 103
  • 1
  • 1
  • 4
0
votes
1 answer

Squid Enable SSL not working

So I've compiled Squid myself with the following options: Squid Cache: Version 3.3.8 configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'…
Exventis
  • 3
  • 1
  • 5
0
votes
1 answer

How to test for SSLv2Hello support with openssl s_client?

I have Tomcat with TLS1 and SSLv2Hello enabled under sslEnabledProtocols but I'd like to test whether SSLv2Hello client hello upgrade actually works. I could not find anything in openssl s_client documentation on how to do a SSLv2hello connection to…
cen
  • 109
  • 1
  • 2
0
votes
2 answers

nginx permission denied to self signed certificate files for ssl configuration on CentOs

Very similar to this question but the solutions there did not solve my problem. I am trying to reverse proxy port 8443 to port 4000 with a self signed certificate. I generated my certificate like this openssl req -newkey rsa:2048 -sha256 -nodes…
RusinaRange
  • 11
  • 1
  • 5
0
votes
1 answer

Batch parameters for installing OpenSSL 1.0.1?

I have a group of prereq programs that need to be installed on multiple computers. I have automated everything with a single batch file except for OpenSSL, which still requires a user to go through the GUI installer prompts. Are there any parameters…
thomasjbarrett
  • 33
  • 1
  • 5
0
votes
0 answers

Centos openssl vulnerability high OpenSSL Running Version Prior to 1.0.1t

I have run a security check and it came back with 6 high vulnerabilities. OpenSSL Running Version Prior to 1.0.1t OpenSSL Running Version Prior to 1.0.1t OpenSSL Running Version Prior to 1.0.1o OpenSSL Running Version Prior to 1.0.1o OpenSSL Running…
user1503606
  • 121
  • 2
0
votes
1 answer

FreeNAS jail: Updating OpenSSL for certbot

I am using FreeNAS 9.3. Having created a jail for the purpose, I am trying to get nginx working together with certbot. The basic problem is the following: From what I gather this is because the base or host system of FreeNAS is using this version…
Hoax
  • 101
  • 2
0
votes
1 answer

Asterisk sslv3 alert handshake failure

I am using Ubuntu v14.04.3 LTS and Asterisk 13.3.2. When i try to call to my extension from a sipml5 client to just play a demo-congrats audio, my call gets disconnected instantly. When i check asterisk log, i get following error [2016-08-24…
Ijas Ahamed
  • 111
  • 6
0
votes
1 answer

OpenSSL dgst: Error opening signature file

I'm attempting to verify a trust-store that's contained in a .zip file. I've been able to validate it within my workstation (which has ubuntu with OpenSSL 1.0.1f 6 Jan 2014). openssl dgst -ecdsa-with-SHA1 -verify <(openssl x509 -sha1 -in…
saterHater
  • 103
  • 3
1 2 3
99 100