Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

Howto build docker postgres image with pgcrypto sha3-512 support?

I need to create a postgresql 11 docker image that has support for sha3-512 hash function. By default, the official postgres docker images do not support this. I already have some systems that use the official docker images. I need a new image that…
nagylzs
  • 759
  • 3
  • 12
  • 23
0
votes
1 answer

Why do i get openssl error unknown option for -adext?

I am attempting to generate CSR using openssl with subject alternative names however i get an error stating no options for adext. See command below.. I am using OpenSSL 1.0.2k-fips openssl req -new \ -newkey rsa:2048 -nodes -keyout {domain-name}.key…
eagercoder
  • 123
  • 1
  • 4
0
votes
1 answer

Apache is not using SSLProtocol & SSLCipherSuite directive configuration

I am trying to set up HTTPS in my web server. I got error Error code: SSL_ERROR_NO_CYPHER_OVERLAP in firefox and ERR_SSL_VERSION_OR_CIPHER_MISMATCH in chrome. I looked it up and i found that my SSL protocols or ciphers are unsupported. Test in…
actomobile
  • 11
  • 4
0
votes
0 answers

Submitting CSR to Microsoft CA from linux bash best practice

Similar questions: https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl The link above presents an answer but it is far too complicated for me. Below is an example that would work if our CA public and private…
researchbruz
  • 1
  • 1
0
votes
1 answer

manual certificate authentication for IMAPS

I'm running an IMAPS service and users are authenticated with an X.509 certificate. It works fine using Thunderbird. But how I can connect to the IMAPS service manually using openssl? I use the same certificate with openssl s_client than in…
Micha
  • 101
  • 2
0
votes
0 answers

Not able to upgrade OpenSSL version from 1.1.1g to 1.1.1l in RHEL 8.4

I have Linux machine RHEL 8.4 with OpenSSL 1.1.1g. After running the vulnerability and penetration testing, It was found that this version of OpenSSL is not secured and recommended to upgrade OpenSSL 1.1.1g --> 1.1.1l When I'm giving the…
Shruti Prajapati
  • 1
  • 1
0
votes
0 answers

Apache SSL config not listening on 443

I am trying to setup an apache website for SSL with a self-signed cert. I setup the vhost and everything looks ok to me. But the site is not coming up and on the server itself port 443 is not listening. Website: https://beta.jokefire.com VHOST…
user99201
  • 287
  • 2
  • 8
  • 22
0
votes
1 answer

CentOS Certificate Authority increase key strength

I have a self signed CA that I have been using for several years. Certs that I sign/issue these days for our LAN are now getting warnings in Chrome due to "Weak Key". Is there a straightforward way with openssl to replace or upgrade the Root CA Key…
stormdrain
  • 1,439
  • 7
  • 28
  • 52
0
votes
0 answers

Server supports TLS1.3 but refuses 1.2

I have the following Problem: Im hosting my website and some tools on a VServer running Ubuntu 18.04 behind an apache2. Some people told me that they can't reach my website and I tracked it down with https://www.ssllabs.com/ssltest to being probable…
Johannes
  • 1
  • 1
0
votes
0 answers

Entering the password for openssl in command line leads to crash

I'm not sure if this is related to .OhMyZsh installation. Why is my password entry not accepted? ➜ Documents openssl rsa -in my_private.pem -noout -text Enter pass phrase for my_private.pem: User interface error 4314234176:error:2807106B:UI…
Houman
  • 1,545
  • 4
  • 22
  • 36
0
votes
1 answer

Check OCSP on Linux with GET method

I want to verify operation of Microsoft OCSP server from Linux. I tried using OpenSSL, but it always returns: Error querying OCSP responder 140643157128320:error:27076072:OCSP routines:parse_http_line1:server response…
StanTastic
  • 860
  • 1
  • 8
  • 25
0
votes
0 answers

http_ssl_module failed to install when compile from source code of nginx

I am trying to setup my https using certbot , so I need to recompile ngx adding '--with-http_ssl_module', here is the complete steps: - sudo make clean sudo - ./auto/configure --prefix=/var/www/html --sbin-path=/usr/sbin/nginx --conf-…
Jia
  • 101
  • 2
0
votes
0 answers

OpenSSL identity information did not stick in certificate

We were just required to update our SSL certificate after the first year's expiration date come up. We've done this several times before with no issues—Google the right flags to use with openssl, plug that into Comodo, upload the certs and we're…
Jeff Porten
  • 131
  • 4
0
votes
1 answer

Why doesn't openssl from Homebrew include aes-256-gcm cipher support?

I have installed latest openssl via Homebrew on my Mac (macOS Big Sur 11.5.2). But it doesn't support aes-256-gcm cipher suddenly. $ /usr/local/opt/openssl@1.1/bin/openssl enc -ciphers | grep aes- -aes-128-cbc -aes-128-cfb …
Aleksei Chernenkov
  • 141
  • 5
0
votes
1 answer

How to change an expiring CA certificate issued by letsencrypt to a new root CA of other than letsencrypt?

I was using a letsencrypt certificate for the https connection, but now the DST root CA X3 is getting expired and they added a new path to the root ISRG X1, which is not a trusted root for the IoT device that I'm using. So I need to change the root…
Diablo
  • 1
1 2 3
99 100