OpenSSL: The Open Source Toolkit for SSL and TLS
-2
votes
0answers
15 views
How to use OPENSSL security functions in a simulator on ubuntu 12.04? [closed]
Does anyone know how to use OPENSSL functions (encryption, hashing, pseudonyms, authentication) in a simulator?
O.S. is Ubuntu 12.04
Thank you
1
vote
1answer
18 views
How do I get iPXE to boot from HTTPS server with self signed cert?
I am chainloading iPXE (undionly.kpxe) and using an embedded script wanting to boot from HTTPS.
The problem is the HTTPS server is connecting to the http server (a custom service) via stunnel using a ...
0
votes
1answer
18 views
OSX doesn't recognize certificate's signing authority
I have my own root certificate that I have imported into my OSX 'login' keychain and told it to trust across the board. I am now creating a certificate for S/MIME. I create the CSR in Keychain Access ...
1
vote
1answer
41 views
ssl error handshake failure alert
I'm getting the error mentioned in the title in Firefox when i try to access my website on my machine.
This is the error i get :
An error occurred during a connection to www.st.um.
SSL peer was ...
1
vote
1answer
28 views
Extract certificate chain from .pfx
I have a .pfx file that I exported from Windows Server 2008. It includes the private key and certificate chain.
Using openssl I've been able to extract the private key and public certificate but I ...
1
vote
0answers
11 views
Web Server with PKCS11 support for server certificates?
I have a PKCS#11-compatible smart card with either a private key, or a combination of a certificate and a private key on it (I can have both).
I want to present the certificate from the smart card to ...
0
votes
0answers
22 views
Create jks for tomcat using .key ,.ca and .cert file
I have three file sample.cert, sample.CA,sample.key provided by Verisign. I need to create keystore for tomcat. As I searched I cannot use .key file directly to create keystore.
The command I used ...
0
votes
1answer
43 views
Apache ~ how to force SSL client auth for specific IP
Haven't been able to figure out how to easily manage access to my SSL website.
I'm trying to allow access to a specific location based on client IP.
If client IP = 192.168.x.x => bypass client ...
-1
votes
0answers
12 views
How to add self signed certificate to certificate bundle? [migrated]
How to add self signed certificate to certificate bundle so that the Curl http client can verify the self signed certificate as valid one?
0
votes
2answers
76 views
“Unable to locally verify the issuer's authority” for GeoTrust SSL CA
I am having troubles connecting to an SSL site (not mine) from the command-line. The certification path goes "GeoTrust Global CA" > "GeoTrust SSL CA" > "*.131500.com.au". The server recently ...
0
votes
2answers
67 views
Unable to verify the first certificate (RapidSSL/GeoTrust/Ubuntu)
Have been trying to get Ubuntu to recognize the GeoTrust SAN certificate, no luck. Browsers work fine. Help?
$ openssl s_client -showcerts -connect artsyapi.com:443
CONNECTED(00000003)
depth=0 ...
1
vote
1answer
17 views
missing configuration in apache to achive mutual SSL authentcaion
After implementing a Mutual Certificate Authentication with OpenSSL and Apache Web Server on CentOS platform. I tried this scenario ( see this diagram ):
----------
...
0
votes
2answers
49 views
what does “openssl FIPS mode(0) unavailable” mean?
I compiled and installed strongswan ipsec vpn successfully, as demonstrated by the fact that the service starts successfully:
as3:~# ipsec restart
Stopping strongSwan IPsec...
Starting ...
0
votes
0answers
27 views
Enable SSL Renegotiation on OpenSSL [closed]
This reference shows that SSL_get_secure_renegotiation_support() is the C macro that ...
indicates whether the peer supports secure renegotiation.
Can I modify a configuration file to enable ...
-2
votes
1answer
35 views
How to add SSL support to web browser? [closed]
Please suggest me how can I add SSL support to thttpd. Or if I can put it straight, how to make my web server have SSL support?
0
votes
1answer
13 views
Minimum Key Length for Apache SSL
I'm trying to figure out the minimum key/cipher bit length that my Apache mod_ssl configuration will accept for client connections.
I ran openssl ciphers -v and saw ciphers of all lengths (40, 56, ...
0
votes
2answers
70 views
Apache recompile does not find new OpenSSL
I'm trying to upgrade both Apache and OpenSSL at the same time. I've gotten Apache compiled with all the modules I need, and it pops up and runs, but still shows an old version of OpenSSL.
Here is ...
0
votes
1answer
22 views
new user and problems with ssh key configuration (pub vs pem files)
We access our ubuntu server from outside over ssh this way :
ssh -i securityTier.pem -l someUsername serverDnsName
I need to create new user which will use separate *.pem file. So far i created :
...
0
votes
1answer
47 views
What is SSL Certificate, X.509 Certificate
I use openssl to create certificate, that I know it is x.509 Certificate. But I quite don't understand certificate in term of 'SSL Certificate'. Are they the same ? or SSL Certificate is x.509 ...
0
votes
2answers
22 views
Generate pfx certificate from pem rsa
I have a PEM RSA private key generated with opendkim:
# dkim-genkey -t -s code001 -d domain.com
and for use it with exchange, i need to convert it to pfx with this command:
# openssl pkcs12 ...
0
votes
0answers
36 views
ngnix - required cipher missing
I just started using nginx 1.4.0 to reverse proxy to my application and manage ssl. I am getting this error occasionally
2013/05/04 09:02:16 [crit] 32651#0: *4663 SSL_do_handshake() failed (SSL: ...
0
votes
0answers
28 views
Upgrade OpenSSL to Latest Version
I'm build app ruby on rails but openssl on my server is old. I need upgrade openssl because openssl certificate verfication failed.
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Centos 5.8
I have tried ...
2
votes
2answers
60 views
Windows PKI with offline root (maybe with OpenSSL) - Possible?
I'm trying to setup a two-tier PKI and I have a ton of questions.
Since there's the tombstone limit for the AD, I'm assuming that the root (which will be offline) shouldn't be part of the AD. Am I ...
0
votes
0answers
43 views
Safari on MAC OS keeps asking for client certificate while SSLVerifyClient none
I have a website running on Apache 2.2 /openssl 1.0.0d. And I'm using a certificate issued by a trusted CA.
Everything works fine on all browsers, except safari on MAC OS, when the user tries to ...
2
votes
0answers
30 views
Building PKI with openssl
I'm working on building PKI. I created RootCA, subCA with openssl. I know to know a steps to sign and using certificate's chain using openssl in Unix/Linux.
1
vote
0answers
26 views
Self-signed certificates for thunderbird
I want to set self-signed certificates in thunderbird but got some warnings when I try to sent message:
Unable to put a digital signature. Make sure that the certificates specified in the account ...
1
vote
0answers
33 views
Setting up SSL on an Apache Ubuntu Server
I am setting up an SSL certificate for the first time on an Ubuntu server. I have purchased a dedicated IP address and have purchased the certificate under the subdomain of secure.example.com
Port ...
0
votes
1answer
44 views
Verify client certificate CN in Tomcat(APR)
I'm running a tomcat installation with the APR libraries installed (with the OpenSSL HTTPS stack that comes with it).
What I'm trying to do is to lock a specific HTTPS connector down to users of a ...
0
votes
1answer
92 views
openssl Subject Public Key Info: RSA Public Key: (1024 bit) vs Public Key: (1024 bit)
I have a couple of certificates whose format seem pretty similar except for one thing
I have checked the details of the cert by using the following openssl command
openssl x509 -in certname -text
...
0
votes
1answer
45 views
Generate a p7b file from bin and der file
I'm using Debian and I'm trying to join on a file with a certificate.
Try to file.bin + cert.der => file.p7b
I tried with openssl command : openssl pkcs7 -in cert.der -in file.bin -out file.p7b
...
0
votes
0answers
27 views
Is it possible to create a self-signed intermediate CA for ssl?
I am trying to create my own SSL hierarchy like:
MyRootCA
--MyIntermediateCA
----MyCert
I have installed MyRootCA and MyIntermediateCA, but windows points out that MyIntermediateCA ...
0
votes
1answer
104 views
Setting up SSL: Recompiling Apache with mod_ssl
I've got an old machine running Ubuntu 12.04 32bit in my office to host our internal wiki and bugzilla sites. We're also testing our new php app with it and I'm trying to get SSL working with a self ...
0
votes
0answers
29 views
Generating SAN SSL Certificate that works for firefox and chrome
I am trying to generate a SSL certificate that after being signed by my own CA will work for multiple domains.
My openssl configuration file looks like this:
[ req ]
default_bits = 2048
...
0
votes
0answers
27 views
OpenSSL: Installed certificates not showing in Acceptable client certificate CA names list
I'm trying to implement client authentication with PHP and Apache2 on Debian using a certificate stored in a smart card (digital signature card).
In order to verify the certificate i installed the ...
0
votes
2answers
32 views
Redhat - command/s run post-install to generate default localhost.crt?
I cloned a VM and the ssl certificate has the old hostname. I need to generate a new ssl certificate.
My question is what method was used by the server to create the initial certificate? Was this ...
3
votes
0answers
67 views
OpenSSL handshake failure
We were recently forced to migrate our production cloud servers from GoDaddy to Azure because GoDaddy is ending thier cloud server service.
One of our servers was a CentOS 5.7 running a JasperReports ...
0
votes
1answer
37 views
certool vs openssl to generate private keys and csr [closed]
I've seen articles using either openssl or GNU certtool to generate private keys and CSR for SSL certificates.
Is there any preferred choice or effective reason to choose one over the other?
2
votes
0answers
192 views
Trouble passing Trustwave PCI Scan due to BEAST vulnerability
I'm at my wits end with this one! I am not a CI/networking person to begin with, and so I apologize if I am asking the wrong question/giving the wrong information.
I am working on trying to get a ...
0
votes
1answer
65 views
SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
ERROR:
SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
STEPS:
openssl genrsa -out SITE.TLD.key 2048
openssl req -new -key SITE.TLD.key -out ...
0
votes
0answers
75 views
OSX + cURL + PHP + OpenSSL = SSL_write() returned SYSCALL, errno = 32
I'm programming using OSX and noticed an error while upload files on SSL server if the file is >= 1MB of size. I've tried to update libcurl on my laptop but it didn't change anything.
I think it's a ...
1
vote
1answer
209 views
SSL Termination with HAProxy and Nginx on Ubuntu
I've been following this tutorial:
http://www.exratione.com/2012/12/websockets-over-ssl-haproxy-nodejs-nginx/
...but I've been having problems connecting to Nginx through HAProxy via SSL.
I'm ...
0
votes
0answers
44 views
How to change company info in a SSL cert in Parallels Plesk?
I have a problem with Company info in a SSL cert. I have created my .csr & .key files using openssl req -nodes -newkey rsa:2048 -keyout mykey.key -out mycsr.csr and entering all my company related ...
0
votes
1answer
33 views
Courier authentication slow
I have setup courier with imapd-ssl on ubuntu. Everything works fine: ssl certificates validate (on ubuntu/thunderbird and mac/mail) and login works, too.
The only problem is that it ALWAYS takes ...
0
votes
1answer
70 views
Renewing an SSL cert process mapped out. Sanity check?
Most documentation on initial SSL setup is pretty good, but what about a renewal for an existing SSL? I really dont want to fix anything that doesnt need fixing. I cant exactly test this out on a ...
1
vote
0answers
59 views
How to properly replace CA certificate when clients get it bundled in PKCS#12 containers?
I'm about to regenerate a certificate of my CA (maintained by OpenSSL) used mostly to provide OpenVPN access to the intranet for my clients.
My question is related to this one — "Certification ...
-1
votes
1answer
104 views
Git 1.8.2 source (from master branch) fails to build, can't find “dl” library symbols [closed]
# Compiling git 1.8.2 source from master branch sources.
$ make configure
$ LIBS="-ldl" LDFLAGS="-L/sandbox/builds/lib -L/sandbox/builds/ssl" CPPFLAGS="-I/sandbox/builds/include ...
-1
votes
1answer
48 views
Is it possible to resume installation (build) after it was failed? [closed]
I'm trying to install Ruby-2.0.0-rc2 with ruby-build on Windows under Cygwin. And for the second time I get BUILD FAILED error. First time I had no make utility and got BUILD FAILED very fast after ...
1
vote
2answers
66 views
How to create client SSL certificates for staff using CaCert CA?
I would like to restrict the access of a homepage using client SSL certificates.
The most tutorials on the internet describe it like this:
create own key CA.key
create server key server.key ...
-1
votes
1answer
187 views
Can't enable HTTPS and SSL streams in PHP no matter what
I've been trying to enable my HTTPS/SSL (443) streams in PHP but no had success at all.
My certs are properly installed and I can normally browse through the site using HTTPS, but phpinfo() tells that ...
0
votes
0answers
28 views
Combining CA's into a single PEM
I have been wondering if it is possible to combine two CA certificates into a single .pem, then use that pem to allow clients with certs signed by either CA to create TLS connections with an LDAP ...
