Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

Signing wildcard cert for a subdomain

I want to use my issued wildcard certificate to generate an SSL cert for a subdomain E.g. *.bar.com -> foo.bar.com Reason being I want to attempt to prevent some XSS weaknesses caused by multiple application running on the same domain. I don't know…
Daniel Pilch
  • 141
  • 4
0
votes
0 answers

Multiple SSL certificates in Apache with clients using different certificates

Our setup is like this. SOAP services are exposed and clients send requests to SOAP endpoints. Each node provides the SOAP services. There can be one or more (maximum 6) nodes as a cluster. Multiple clients can contact the system. A load balancer…
Nerdyme
  • 1
0
votes
3 answers

Generating a CSR fails with 'routines:RSA_sign:digest too big for rsa' - for heroku

I tried generating a CSR by following Heroku instructions. Specifically openssl genrsa -des3 -out server.pass.key 2048 openssl rsa -in server.pass.key -out server.key openssl req -nodes -new -key server.key -out server.csr # input data here I get…
GregPK
  • 117
  • 1
  • 3
0
votes
1 answer

OpenSSL able to negotiate a cipher that isn't supported

We have to be a little limited with out cipher selection for various reasons, and one of the ciphers we can't use is AES256-GCM-SHA384. We can prove that that cipher is available with this command: $ openssl s_client -cipher AES256-GCM-SHA384…
GraduateOfAcmeU
  • 179
  • 7
0
votes
1 answer

Enforcing RC4 cipher and testing enabled ciphers with OpenSSL

I am trying to enable and enforce RC4 cipher on Apache 2.4 and I checked the http://httpd.apache.org/docs/trunk/ssl/ssl_howto.html It says RC4 cipher can be enabled in one of the below two ways: 1. SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5…
OTUser
  • 73
  • 3
  • 11
0
votes
2 answers

How to handle passwords in a script: in-memory VS on-file

I have a script that runs on a VPS in a cheap cloud provider. The scenario is: I trust my provider, but I prefer to make his life hard if he ever wants to steal my key. All the interested folders in the hard disk are encrypted (truecrypt or…
Michael
  • 101
  • 2
0
votes
2 answers

Self signed certificates create problems on NGinx/PHP

I just upgraded my Debian 7, Nginx 1.6.2, PHP 5.4.39 to Debian 8, Nginx 1.6.2, PHP 5.6.9. There is a CRM running on that server where we used to send emails via PHP, EspoCRM and that's using ZendFramwork2 E-Mail (sending via server 2 - sending via…
Chris
  • 145
  • 1
  • 2
  • 9
0
votes
1 answer

ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Ubuntu

I'm running wordpress on a Digitalocean VPS with cloudflare installed. My ssl was working perfectly till a few days ago when a buch of clients informed me they received the following error when visiting the site (on chrome, it works on…
Jonathan
  • 276
  • 3
  • 13
0
votes
1 answer

How to stop Cyrus from serving root certificate?

Since changing the certificate for my cyrus instance I get the following warning whenever I sign with cyradm: cyradm --user cyrus --authz cyrus localhost verify error:num=19:self signed certificate in certificate chain which is an OpenSSL error…
GhostLyrics
  • 101
  • 5
0
votes
1 answer

Nginx reverting to sslv3

I'm using nginx as a reverse proxy and I'm trying to turn off sslv3 support. I have found various answers both on here and other various sites. They all suggest all I need to do is add something like the following to the default http block in my…
Drifter104
  • 3,773
  • 2
  • 25
  • 39
0
votes
0 answers

OpenSSL 1.0.2.a and Centos5.7

I have an old version of Centos (5.7) and I would like to enable TLS 1.2 due to Google Chrome warning about TLS 1.0 I tried to update with yum but I can see that no OpenSSL 1.x could be installed upon this version of Centos. So I've downloaded it…
DonCallisto
  • 111
  • 6
0
votes
1 answer

OpenSSL shows usage for openssl pkcs12 -export command on Windows?

Am trying to generate a pcks12 file on Windows. I don't see what is wrong with my command run as administrator on Windows 7 64-bits. All input files exist. Alternately I get a usage or error "unable to load private key 5712:error:0906D06C:PEM…
Bert
  • 11
  • 1
  • 1
  • 1
0
votes
1 answer

PHP cURL call returning error 56 with NSS error -12195

I have an internal server (internal to my network) to which I make a REST API call from my external server. I don't know if it helps but the external server is running php 5.3.6 with cURL 7.19.7. To make it safer (other than a Firewall box that…
Dentra Andres
  • 31
  • 1
  • 6
0
votes
1 answer

How to find Certificate signing request information?

I need to update certificates for the Apache servers (Linux Servers RHEL6) and it appears our team doesn't know the correct information for the CSR. Is there a way to find the correct information from the server? Output from the server…
user67186
  • 115
  • 3
0
votes
1 answer

TLS/SSL mail server Certificate installation for Postfix/Dovecot Mail Server Setup

I have tried to setup a my own web-server with mail server, (I am not a linux export just following some tutorials), webserver setup with Nginx,PHP-fpm and MySQL seems to be successful, then i moved on to the mail server setup with postfix and…
mahen3d
  • 4,342
  • 14
  • 36
  • 57
1 2 3
99 100