Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
8
votes
5 answers

Puppet's automatically generated certificates failing

I am running a default configuration of Puppet on Debian Squeeze 6.0.4. The server's FQDN is master.example.com. The client's FQDN is client.example.com. I am able to contact the puppet master and send a CSR. I sign it using puppetca -sa but the…
gparent
  • 3,601
  • 2
  • 24
  • 28
8
votes
4 answers

How to change libcurl SSL backend from gnutls to openssl on Ubuntu server

I am getting gnutls specific errors in my Tornado webserver while processing Google OpenID SSL responses. One of the suggestions I got from Tornado mailing list is to try OpenSSL backend instead of gnutls. But it doesn't seem to be straightforward…
Jayesh
  • 337
  • 1
  • 4
  • 12
8
votes
5 answers

Recover an SSH private key?

I have an RSA key (generated by PuTTYgen) that's set up for logging in to a bunch of machines via SSH. Or rather, i HAD such a key. (The computer it was on crashed, to the point that a reinstall of XP was required. The private key file is…
cHao
  • 473
  • 1
  • 3
  • 10
8
votes
2 answers

SAN certificate with URI fragment

I need to generate a TLS certificate with a SAN URI where the URI has a fragment (has a hash '#'). But when I try to generate a certificate using openssl, the fragment gets stripped. # generate key and CSR for client certificate openssl req -nodes…
Rich Remer
  • 205
  • 1
  • 7
7
votes
2 answers

Convert DER .cer format to Base64 .CER

I have exported my certificates in DER encodig (with the extension .cer). Is there a way to convert those certificates in Base-64 encoding (with the same extension)? Thanks
Warok
  • 185
  • 1
  • 2
  • 6
7
votes
3 answers

Perfect SSL Labs score with nginx and TLS 1.3?

I have created an nginx config that got a perfect score on Qualsys SSL Labs using only TLS v1.2, and I'd like to try and get a perfect score using both TLS v1.2 and v1.3. Consider this snippet of the version of the nginx.conf that is part of the A+…
Gojira
  • 479
  • 2
  • 6
  • 11
7
votes
1 answer

What is causing SSL-"shutdown while in init" error on dovecot?

At one of my systems I can see from time to time error messages like: TLS: SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init What might causes these errors?
frlan
  • 573
  • 1
  • 8
  • 27
7
votes
1 answer

SSL certificate working in chrome but not openssl s_client or curl

Google chromes update to version 58 started invalidating my self signed certificates a few days ago. It was complaining about missing subjectAltNames. I did some research and tried a couple of suggestions (which wouldn't work) but then found this…
Jason Joslin
  • 191
  • 1
  • 7
7
votes
1 answer

Converting PEM to PKCS12 using intermediate certificate

I'd like to convert a PEM(+key) certificate to a *.p12 file. I know this is how I do it when I don't have an intermediate certificate: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt How do…
Ztyx
  • 1,385
  • 3
  • 14
  • 28
7
votes
7 answers

Trying to mitigate Logjam on Apache 2.2.16

I am trying to follow the instructions located here to mitigate for the logjam vulnerability, however I keep getting the following error from appache: Syntax error on line 18 of /etc/apache2/sites-enabled/000-default: Invalid command…
June Lewis
  • 291
  • 2
  • 3
  • 8
7
votes
1 answer

OCSP stapling with nginx

I'm having trouble with OCSP stapling in nginx. So I start up the openssl ocsp daemon, and then I visit my site. Then it says Invalid request. I am using a private PKI and CA. SSL key: 8192bit DH key 2048bit root@wilhelm:/etc/ocsp# openssl ocsp…
Wilhelm Erasmus
  • 193
  • 7
7
votes
2 answers

MySQL SSL: bad other signature confirmation

I am trying to enable SSL connections for MySQL-- SSL will show as enabled in MySQL, but I can't make any connections due to this error: ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation I am running the…
SJL
  • 183
  • 1
  • 1
  • 3
7
votes
1 answer

Haproxy 1.5.3 / OpenSSL - Creating PEM

I have an HAProxy Server set up with the line: bind *:443 ssl crt /etc/ssl/domain.com/domain.com.pem I have the following files: /etc/ssl/domain.com/domain.com.key /etc/ssl/domain.com/domain.com.csr I have purchased a certificate from Geotrust which…
Aeisor
  • 351
  • 2
  • 3
  • 7
7
votes
2 answers

How to find out if an OpenSSL certificate was created by a certain private key?

I have an OpenSSl certificate. I also need the private key. I was told it is located somewhere on the server, and true enough, I found multiple SSL key files. Before I try them all by brute force: Is there a way I can find out on terminal if a…
k0pernikus
  • 4,170
  • 4
  • 17
  • 17
7
votes
2 answers

How to check multiple CRL lists with nginx client authentication?

I have a custom easyrsa setup with a root and three CAs signed by the root. (Three different sub-cas depending on the user type), like this: RootCA +----- AdminUserCA +----- EmployeeCA +----- ClientCA I have authentication working with the…
ErebusBat
  • 935
  • 4
  • 12
  • 21
1 2 3
99 100