Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
8
votes
1 answer

openssl: Allow usage of insecure client certs

I have an application which has been distributed looooong ago. That application offers https interface to clients with client certificate authentication. By the time the application was released, providing 1024 bits key length certificates was…
alxgomz
  • 1,630
  • 1
  • 11
  • 14
8
votes
2 answers

How do I issue multiple certificates for the same Common Name?

I am creating a Certificate Authority for an intranet. I have generated a root and intermediate CA and successfully signed a server certificate using the intermediate CA. The server certificate has CN=mysite.com. In the future this server…
spraff
  • 549
  • 4
  • 8
  • 18
8
votes
1 answer

Use LetsEncrypt certs with Neo4j

How can one use the certificate files generated by LetsEncrypt together with a Neo4j instance? The files generated by LetsEncrypt are: cert.pem chain.pem fullchain.pem privkey.pem I've tried conversion via OpenSSL with no luck so far, using…
Michael Johansen
  • 233
  • 1
  • 2
  • 12
8
votes
1 answer

nginx: No client certificate CA names sent

I have nginx and want it to verify client certificates. So I bought commercial certificate for server, and non-commercial for clients. Basically I've generated client certificates with easy-rsa scripts. Connecting with client certificates validation…
adontz
  • 337
  • 5
  • 12
8
votes
4 answers

OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx

I have exported an existing certificate+key from an ASA 5510: asa5510(config)# crypto ca export MYTRUSTSTORE pkcs12 MYPASSWORD Saved the output in a file (vpn-cisco.pkcs12), and now I am trying to pull the cert and the key into separate files like…
dyasny
  • 18,802
  • 6
  • 49
  • 64
8
votes
1 answer

How to enable certain SSL cipher while having disabled the group?

I would like to enable the SSL cipher EDH-DSS-DES-CBC3-SHA (also known as TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) in my nginx SSL environment to support IE8 on Windows XP. The base SSL ciphers for nginx…
burnersk
  • 2,056
  • 5
  • 27
  • 39
8
votes
2 answers

In response to the OpenSSL Poodle vulnerability should I disable SSLv3?

OpenSSL just announced another new vulnerability in it's memory routines. You can read all about it here: https://www.openssl.org/news/secadv_20141015.txt The workaround is to disable SSLv3. Will this disable HTTPS on our website completely? What…
Oxon
  • 265
  • 2
  • 6
8
votes
3 answers

Is it possible to enable TLS v 1.2 in Debian squeeze

I am currently running a Debian Squeeze server with Apache. My OpenSSL version is 0.9.8, and I would like to get up to a version capable of running TLS v 1.2. So far my research shows that this is not possible, but I feel like I am missing…
June Lewis
  • 291
  • 2
  • 3
  • 8
8
votes
3 answers

Do I have to update my snakeoil certificate after updating openssl (heartbleed)?

I just updated my debian wheezy server to the newest version of the openssl package which has the heartbleed bug fixed. I do support SSL on my server, but only with a snakeoil certificate. I was just wondering if there is actually any security…
Preexo
  • 194
  • 7
8
votes
2 answers

OpenSSL always shows "unsupported" for all subjectAltName "otherName" UTF8 values

It seems like OpenSSL is broken when trying to read back subjectAltName/otherName/UTF8 values that were written by itself: The relevant openssl.cnf configuration (using an official but random OID): [alt_names] DNS.1 = www.foo.com DNS.2 =…
Dustin Oprea
  • 560
  • 2
  • 8
  • 19
8
votes
1 answer

Verify that an SSH command has not been embedded in a certificate?

From man 8 sshd with regards to the Authorized Keys File Format and the command="command" option: Note that this command may be superseded by either an sshd_config(5) ForceCommand directive or a command embedded in a certificate. Using ssh-keygen…
Monica For CEO
  • 330
  • 1
  • 17
8
votes
3 answers

openssl client authentication error: tlsv1 alert unknown ca: ... SSL alert number 48

I've generated a certificate using openssl and place it on the client's machine, but when I try to connect to my server using that certificate, I error mentioned in the subject line back from my server. Here's what I've done. 1) I do a test…
JoJoeDad
  • 231
  • 1
  • 2
  • 4
8
votes
1 answer

extracting raw ASN.1 parts from X.509 certificate

I'd like to extract raw hex ASN.1 data from X.509 certificate. I know, that I can do this by using DER format and hexdumping it. I'm interested in particular parts like "subject", "issuer" and their raw hex ASN1 data.
mighq
  • 355
  • 1
  • 3
  • 11
8
votes
4 answers

Can I use Active Directory as a CA for creating test SSL certificates for IIS?

We have an internal test version of our website, which is available (via internal DNS zones) as www.mysite.com.test I'd like to create an SSL certificate for www.mysite.com.test, so that our testers don't get an invalid certificate warning (the…
Dylan Beattie
  • 576
  • 3
  • 9
  • 24
8
votes
3 answers

Nginx serving content from the wrong "virtual host" while accessing with https

I have a server running both Nginx and Apache in a proxy setup, Nginx serves the static content and Apache the dynamic content which works really well. This setup is currently hosting two versions of the same site, lets call them production.com and…
Lars
  • 578
  • 2
  • 8
  • 18
1 2 3
99 100