Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

Legality of using Squid with --enable-ssl in production

Background: I am building a server application, deploying on Debian. I want to use Squid's accelerator modes to cache the resources generated by my server. Squid will most likely run on the same box as the application. Since I want to serve my…
hmhswovl
  • 11
  • 2
0
votes
1 answer

SSL Certificate Domain Name Mismatch

Retina is complaining that the SSL certificate running on my Tomcat server does not return the fully qualified domain name (fqdn) but rather the IP. I connected to my Tomcat server on port 443 using the command: openssl s_client -connect :443…
Engineer2021
  • 601
  • 8
  • 25
0
votes
2 answers

What's the difference between a certstore and a keystore?

I'm specifically using openssl in RHEL. What's the difference between a certstore and a keystore?
bitcycle
  • 155
  • 1
  • 9
0
votes
2 answers

compile ntp without ssl

I need to deploy ntp to a very space-critical pxe-imaging-system. (Yes, each KB matters.) Footprint needs to be as small as possible, so I want to compile ntp without linking openssl. According to the manual this is should be possible: If…
Zulakis
  • 4,153
  • 14
  • 48
  • 76
0
votes
1 answer

How to set up https only on one directory of VirualHost

I have VPS with several sites and applications, and I want to run MySQL administration tool over https to avoid possibility of man-in-the-middle attack, since I often have to use mysql root password. Now, it would not be problem at all if I had…
Miloš Đakonović
  • 682
  • 3
  • 9
  • 28
0
votes
1 answer

OSX doesn't recognize certificate's signing authority

I have my own root certificate that I have imported into my OSX 'login' keychain and told it to trust across the board. I am now creating a certificate for S/MIME. I create the CSR in Keychain Access and then sign it with the root key and…
pr1001
  • 225
  • 2
  • 9
0
votes
2 answers

what does "openssl FIPS mode(0) unavailable" mean?

I compiled and installed strongswan ipsec vpn successfully, as demonstrated by the fact that the service starts successfully: as3:~# ipsec restart Stopping strongSwan IPsec... Starting strongSwan 5.0.4 IPsec [starter]... as3:~# When I run…
fisherman
  • 101
  • 1
0
votes
1 answer

new user and problems with ssh key configuration (pub vs pem files)

We access our ubuntu server from outside over ssh this way : ssh -i securityTier.pem -l someUsername serverDnsName I need to create new user which will use separate *.pem file. So far i created : sudo useradd new-user sudo - su new-user ssh-keygen…
martin85
  • 115
  • 1
  • 7
0
votes
3 answers

Generate pfx certificate from pem rsa

I have a PEM RSA private key generated with opendkim: # dkim-genkey -t -s code001 -d domain.com and for use it with exchange, i need to convert it to pfx with this command: # openssl pkcs12 -export -in code001.private -nodes -out code001.pfx…
Ricardo Fraile
  • 93
  • 1
  • 4
0
votes
1 answer

Verify client certificate CN in Tomcat(APR)

I'm running a tomcat installation with the APR libraries installed (with the OpenSSL HTTPS stack that comes with it). What I'm trying to do is to lock a specific HTTPS connector down to users of a specific certificate. Adding client certificate…
Petter Nordlander
  • 103
  • 1
  • 5
0
votes
1 answer

openssl Subject Public Key Info: RSA Public Key: (1024 bit) vs Public Key: (1024 bit)

I have a couple of certificates whose format seem pretty similar except for one thing I have checked the details of the cert by using the following openssl command openssl x509 -in certname -text In one of the certificates, the Subject Public Key…
user93353
  • 287
  • 1
  • 6
  • 17
0
votes
1 answer

Generate a .p7b file from .bin and .der file

I'm using Debian and I'm trying to join on a file with a certificate. I try to file.bin + cert.der => file.p7b. To do so, I've tried with openssl command: openssl pkcs7 -in cert.der -in file.bin -out file.p7b But it gives me an error: unable to…
cgasp
  • 171
  • 1
  • 14
0
votes
1 answer

Setting up SSL: Recompiling Apache with mod_ssl

I've got an old machine running Ubuntu 12.04 32bit in my office to host our internal wiki and bugzilla sites. We're also testing our new php app with it and I'm trying to get SSL working with a self signed certificate on it so that we can test…
eljaydub
  • 117
  • 3
  • 6
0
votes
2 answers

Generating SAN SSL Certificate that works for firefox and chrome

I am trying to generate a SSL certificate that after being signed by my own CA will work for multiple domains. My openssl configuration file looks like this: [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions =…
d_inevitable
  • 209
  • 1
  • 7
  • 19
0
votes
1 answer

Renewing an SSL cert process mapped out. Sanity check?

Most documentation on initial SSL setup is pretty good, but what about a renewal for an existing SSL? I really dont want to fix anything that doesnt need fixing. I cant exactly test this out on a staging site. Do I need to generate a new rsa key for…
user656002
  • 31
  • 1
  • 4
1 2 3
99 100