Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

how to work with x509 certificate bundles with openssl

Is it possible to work with x509 certificates in a pkcs7 bundle file? I need to sign all certificates in a bundle with extra x509 extensions. e.g. (if they were a single x509 crt file) openssl x509 -CA corp-ca.crt -CAkey corp-ca.key -randserial…
gcb
  • 344
  • 1
  • 4
  • 18
0
votes
0 answers

Not receiving any response from SMTP server after successfully connected via openssl or telnet

I am trying to set up my postfix using Gmail smtp relay server. I have set it up in other servers without issues, but I am having difficulty getting it to work in my work network. I tested if there is a network blockage by using telnet…
ricardo3889
  • 1
  • 2
0
votes
1 answer

OpenSSL Error: lib(128):capi_rsa_priv_enc:function not supported in client Auth

My scripts to sign file via API was working properly fine when my previous server setup was Ubuntu 20.04 and openssl version is 1.1.1b. But after upgrade, I am getting this issue. Client environment is same before and after the server…
Manish Pandey
  • 1
  • 1
0
votes
1 answer

Cannot enable OCSP stapling

Windows Server 2022 Apache x64 2.4.57 OpenSSL 3.0.8 My Apache SSL conf has this: SSLUseStapling On SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(65536)" SSLStaplingStandardCacheTimeout 3600 SSLStaplingErrorCacheTimeout 600 But…
MonkeyZeus
  • 260
  • 1
  • 12
0
votes
0 answers

How to sign a certificate for s/mime and generate pkcs12 store with existing CA?

I want to create a certificate store file in pkcs12 format to use in thunderbird for s/mime signing and encrypting. I already run a mail and web server that use certificates signed by a CA certificate that I have created. I want to sign the mail…
FalcoGer
  • 136
  • 7
0
votes
0 answers

How can i disable the TLS handshake with 128-Bit-Key from the browser with my apache2 settings?

When I load a website on an apache2 with ssl and look at the settings of the certificate in the browser, it is always a 128-bit key length, only want 256-bit and above to be allowed. I have that in virtualhost and try different:
Z0OM
  • 1
  • 1
  • 4
  • 20
0
votes
0 answers

Apache SSL not working - server took too long to respond

I am trying to get Apache (2.4.41, Ubuntu) to work with SSL and am not having luck. Whenever I visit the site in my browser, I get the error "This site can't be reached: my-domain took too long to respond." I have a valid certificate and key, though…
Jeff
  • 135
  • 3
0
votes
1 answer

Remove old Cipher Suites

I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little more. The problem is, there are old TLS1.0 and…
Rever_2019
  • 3
  • 1
0
votes
1 answer

Enable TLSv1.1 on httpd 2.4.56 running on Docker

I am trying to modernize the infrastructure of a HTTP web service. I want to update the web server to something more recent and secure, but I have to maintain compatibility with some legacy devices in the field that are unable to connect using…
Marco Benetti
  • 1
0
votes
0 answers

RPMBUILD Apache with mod_ssl - Not seeing/using new version of openssl

I am having issues attempting to get Apache with mod_ssl to see/use the new version of openssl which is 3.1.0. In my httpd.spec file I have specified --with-ssl=/opt/openssl/openssl3.1.0. rpmbuild -ba httpd.spec completes without error and builds…
Hosting wiz
  • 13
  • 2
0
votes
1 answer

SSL error "unexpected eof while reading" on same server as the originating request

First, I'm aware of the SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading error stemming from OpenSSL 3 reintroducing a feature to prevent truncation attacks. The question I have is why I'm seeing this error when I'm…
oucil
  • 557
  • 6
  • 21
0
votes
1 answer

openssl functions randomly returns warning: command substitution: ignored null byte in input

I try to encrypt some loads, here is a minimum working example (is RSA private key) to_be_signed="2f93992bb1db9cab0b3b8fc2de0a2863" #to_be_signed="7d6d2a584a227574e1c113aab56ea490" # Sign poly_1305 with private key signature=$(openssl dgst \ …
philippe
  • 2,303
  • 4
  • 32
  • 53
0
votes
0 answers

Trouble Adding Public-Key Certificate to CAcerts

I am trying to add some public-key certificates to my CAcerts file. In the past I have done it by modifying the keystore directly as such: keytool -keystore /etc/pki/java/cacerts -importcert -alias mail.mysite.com -noprompt -file myCert.pem I have…
shepster
  • 161
  • 1
  • 2
0
votes
0 answers

Remote Desktop Gateway (RDG) Public CA certificate not trusted on external connection

Currently moving RDG role from "nene-server" to "NTRDG01, but when trying to connect externally to the gateway, getting certificate error:External error on gateway over https. This was weird because I uploaded a re-keyed certificate from 123reg but…
JackWrighty
  • 1
  • 1
0
votes
1 answer

How to support TLS 1 and TLS 1.1 with haproxy 2.4 and OpenSSL 3?

I am trying to support TLSv1.0 and TLSv1.1 with haproxy 2.4.18 (and OpenSSL 3.0.2) on Ubuntu 22.04. I have followed Mozilla SSL Configuration Generator, "Old" configuration, slightly modified, adding :@SECLEVEL=1 and ssl-min-ver TLSv1.0 …
Óscar
  • 101
  • 2
1 2 3
99 100