Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
0 answers

SSL cert questions - PFX to .key , .crt, and. csr for ACM

I'm a long time lurker but I can't figure something out and wondered if someone can offer guidance. I am following AWS's tutorial on how to convert pfx to .crt and .key but I have a question. When removing the password for the privatekey, openssl…
SrNewbieEngineer
  • 11
  • 3
0
votes
0 answers

openssl - how to check which keys were used to encrypt a file

I'm troubleshooting some keys and I want to check with the community if you know how to print out the certs used to encrypt a file using openssl.
s_arabov
  • 1
0
votes
0 answers

Why does this try to use the wrong path?

The nginx tries to access the key at /etc/nginx which is wrong, because nginx or openssl allows to use variables. Did I use/set it wrong? server { listen 80 default_server; listen [::]:80 default_server; index main.html…
rubynt
  • 1
0
votes
1 answer

I want to use openssl pkcs12 to convert lots of pem files into pfx files - but is it possible to pass in a password via the command line?

I want to use openssl pkcs12 to convert lots of pem files into pfx files - but is it possible to pass in a password via the command line? I have quite a lot of pem files: So I want to enter a password into Powershell once that is then used to pass…
Paul H
  • 277
  • 2
  • 4
  • 9
0
votes
0 answers

openssl PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY

Very new to SSL installation in Tomcat 8.5. OS: CentOS 7 I have SSL certificates from GoDaddy and have the private key used to generate the certificates. This private key was shared in a .txt file and I copied it into a .key file to distinguish it…
Vishnu
  • 1
  • 1
  • 2
0
votes
1 answer

HAPROXY ingress controller setup using mTLS with configmap with just the ingress load balancer because it's ssl offloaded. No need for backend check

I was able to achieve ssl offloading with Haproxy. So great product and appreciate that capability! With that said, I need to doing mutual TLS but am a little confused on how that will work with the ingress controller configmap. Going through this…
Christian Matthew
  • 155
  • 4
0
votes
0 answers

Understanding openssl. Where is the cert file?

I am using the command ... openssl s_client -showcerts -connect reds-cluster-01:443 And I get the output: depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN =…
Red Cricket
  • 470
  • 2
  • 8
  • 21
0
votes
0 answers

x509 Client Authentication with self signed CA and intermediate certificates

I have a apache webserver with a public official x509 server certificate. Also i do want to use client authentication with a self signed CA - signed -> intermediate certificate - signed -> client certificate Also i added the…
Dr.Blue
  • 1
0
votes
0 answers

How to configure server for client certificate authentication?

I have seen some service providers that use certificates for client authentication, so that any browser without the certificate will be rejected. However, the browsers with trusted certificates could access their portals without login. How exactly…
Thomas G. Lau
  • 252
  • 2
  • 9
0
votes
0 answers

SSL Certificate Not Being Recognized On Mozilla Firefox (MAMP Server)

I’m currently using an SSL certificate on a MAMP server that I made myself via OpenSSL. I’m running the MAMP server on an Apple Mac that’s running Monterey 12.4. I have no problems running the website that I’ve created via the MAMP server with the…
Richard
  • 1
0
votes
0 answers

vsftpd: configure TLS session ticket lifetime

We've installed a vsftpd server on Ubuntu 20.04 with SSL enabled. While it works with FileZilla and other clients, a custom-developed Go app is complaining about the TLS session ticket lifetime hint value: time="2022-09-20T10:13:21.309Z" level=info…
Maxxer
  • 302
  • 5
  • 21
0
votes
1 answer

Let's encrypt certificates fail to verify, throw errors in a Node.js web app

I've recently started getting issues with my Let's Encrypt certificates. On the web browser I don't get any issues for the certificate, but when I run an Java web app thru NGINX using the certificate and I try to connect using axios npm package from…
Munchkin
  • 133
  • 1
  • 1
  • 11
0
votes
0 answers

Cross-compiling Libssl-dev for ARMV5. How do I make these versions align with each other?

While I am on a x86-64 machine, I need to cross-compile for an embedded GNU linux distro that uses and ARMV5. During compilation I am getting No such file or directory on #include So I will need the source for opensll. Clear…
Ksenia Semenova
  • 51
  • 3
0
votes
0 answers

different ssh versions and behaviors, public key failing

I got 2 Ubuntu machines, a new A and old B. The ssh configuration files are identical, but versions are different, as expected: → ssh -v localhost A: OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022 B: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL…
alexakarpov
  • 103
  • 5
0
votes
1 answer

Check bit length of ssl certificates for both, RSA and elliptic curves

We're using a script based on acme.sh to generate our SSL certificates. acme.sh also supports elliptic curves. I wonder, how to check the keylength for both, RSA and elliptic curve certificates. I need to know the keylength (e.g. 256 for ec or 2048…
Powerriegel
  • 385
  • 1
  • 6
  • 16
1 2 3
99 100