Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
0 answers

how to read ssh_host_rsa_key

I have a vanilla install of ubuntu 22.04 with openssh-server installed. /etc/ssh/ssh_host_rsa_key is automatically created. I can "cat" the file to…
rupert160
  • 133
  • 1
  • 7
0
votes
1 answer

How to create certificate using OpenSSL from powershell without user prompt for passphrase?

I'm setting up a development VDI, and need to automate creations of some certificates for accessing https://{foo}.local (127.0.0.1) websites duing dev and testing. I'm only allowed to use OpenSSL and powershell and it must be unnattended, need to…
snowcode
  • 103
  • 5
0
votes
0 answers

CentOS 7.8.2003 (Core) : Failed to restart Openssl.service: Unit not found

Im using CentOS 7.8.2003 (Core) Recently the Openssl doesn't work anymore but it worked before. when I tried to do this sudo service Openssl start or sudo service Openssl start It says service Openssl unit not found I tried also to sudo service…
praful
  • 1
  • 1
  • 1
0
votes
1 answer

Postgres SSL server certificate upgrade / renew with openssl

I have inherited a Company Postgres Server with SSL clients. Its around 100 users so far. Two Problems: My Ca Cert (root.crt) expires next year and it seems to be still TlsV1.0. So an upgrade(renew) is urgently needed. What I should avoid is making…
aufmschlauch
  • 1
  • 2
0
votes
1 answer

Understanding SSH Public Key Auth Ciphers

I have a technical recommendation for SSH that states we should only use the following algorithms for Public Key authentication. Unfortunately the guide does not mention the exact names of ciphers as they are used in OpenSSH an I have difficulty…
John Nemo
  • 17
  • 3
0
votes
1 answer

Wrong version of OpenSSL shown when using PowerShell script "OpenSSL version"

I was following a video tutorial on installing OpenVPN Server on Windows Server 2019 and for that I needed to install OpenSSL. I downloaded and successfully installed version 3.0.1, but as soon as I run the script openssl version, it shows OpenSSL…
wolfus
  • 1
  • 2
0
votes
1 answer

TLS 1.0 expiry [ERR_SSL_VERSION_OR_CIPHER_MISMATCH] on Apache 2.2.8

I have some legacy web appliations running over Apache 2.2.8 and openssl 0.9.7a. I have start receiving ERR_SSL_VERSION_OR_CIPHER_MISMATCH on latest browsers. Multiple virtual hosts configured on the Apache and I do not want to upgrade the Apache…
W.I
  • 1
0
votes
0 answers

Private key is not generating from .p12 file

I generated my .p12 file using the below command keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12 The above command successfully generated a 7 KB .p12 file. After this, i tried generating my private…
node_saini
  • 101
  • 2
0
votes
0 answers

How to install TLS Cert (SAN?) on RHEL server behind a proxy?

I have a couple of RHEL server "clusters" - I'd call these loosely-coupled; they run artifactory and artifactory itself binds them together, rather than being coupled at an OS level - which have had new TLS certs issued by our internal CA (these are…
Lex Woodfinger
  • 1
0
votes
0 answers

HTTPS POST-Request fails in connection with Content-Length

A PHP application posts XML data with curl; nothing fancy, the output looking like (c/p, but identifiers and passwords changed): Host: foreign.host.example Authorization: Basic dGVzdDpnZWhlaW0= User-Agent: ourhost HTTP-connector/1.0 Accept:…
SlowFox
  • 11
  • 2
0
votes
0 answers

gnutls_handshake() failed: An unexpected TLS packet was received

I am facing this issue when triggering curl to a target application hosted in ubuntu 20. curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received,Below is the curl version in source. curl 7.47.0 (x86_64-pc-linux-gnu)…
Sarath S
  • 101
0
votes
0 answers

Openssl s_client shows CONNECT_CR_SRVR_HELLO only when -servername option provided

I have an HTTPS-enabled centOS7 server setup with GitLab/nginx, with an A record registered on a payed DNS and certificate verified by Let's Encrypt. (I will use gitlab.example.com here). The domain name has been tested to be accessible at least via…
cr001
  • 195
  • 2
  • 8
0
votes
1 answer

Is it possible to generate a certificat with CN contains only asterisk

I am developing a web server for a local device. The device will be accessed locally and not from outside using local ip address. I generated a certificate using openssl with CN=* in order to avoidethe hostname check. But this return another…
MOHAMED
  • 151
  • 7
0
votes
0 answers

SNI header missing from TLS Client Hello when using HTTP proxy

I'm debugging a problem with a Java-based application that retrieves a JSON payload (the CVE list from NIST) over HTTPS. When I connect directly to NIST, I retrieve the data successfully. When I use an HTTP proxy, I get a TLS "unrecognized name"…
Gordon Mckeown
  • 101
  • 2
0
votes
1 answer

FTPS error: Winsock error 10060

I have setup an FTPS server on ubuntu using vsftps Here are the FTP configurations: sudo vim…
Hooman Bahreini
  • 518
  • 6
  • 17
1 2 3
99 100