OpenSSL: The Open Source Toolkit for SSL and TLS
1
vote
0answers
9 views
ECDSA hash from OpenSSL command-line
Although it seems relatively easy to build an ECDSA hash programmatically, I've exhaustively searched for how to do it via command-line (in order to validate my results), and have found no examples of ...
0
votes
2answers
31 views
Install xmlsec on CentOS
I installed xmlsec and it keeps giving me an error when I try to verify an XML document.
yum install xmlsec1
yum install xmlsec1-openssl
[vagrant@localhost SSO-ROR-development]$ xmlsec1 --verify ...
-3
votes
0answers
18 views
How can i embed my openssl certificate in firefox? [migrated]
How can i embed my openssl certificate in firefox? When i visit mywebsite it show ssl warning, but i want to rebuild firefox a custom release so it will not show ssl warning how can i do that ?
What ...
2
votes
1answer
32 views
Openssl error 19: “Self signed certificate in certificate chain” when keyed by GoDaddy
Can someone help me understand how to verify that my SSL cert is installed properly (or troubleshoot why it isn't)?
I installed GoDaddy SSL certificate on my Apache server. Some users are still ...
1
vote
1answer
37 views
File content is being modified sent over ftp
I am using openssl to encrypt my backups before send it to an ftp server where I store them.
At first, when I tried to decrypt the files I was getting this error:
openssl rsautl -decrypt -inkey ...
0
votes
1answer
44 views
Legality of using Squid with --enable-ssl in production [closed]
Background: I am building a server application, deploying on Debian. I want to use Squid's accelerator modes to cache the resources generated by my server. Squid will most likely run on the same box ...
0
votes
1answer
48 views
SSL Certificate Domain Name Mismatch
Retina is complaining that the SSL certificate running on my Tomcat server does not return the fully qualified domain name (fqdn) but rather the IP. I connected to my Tomcat server on port 443 using ...
1
vote
1answer
17 views
Node.js SSL: Invalid Certificate
I am trying to apply SSL layer to a node.js server.
Following are the steps I have done
Created all the ssl resources using this blog
Followed the instructions given in here to start my node.js ...
-3
votes
1answer
32 views
Can Meraki security appliances interoperate with openvpn?
I know this is a long shot, but has Meraki said anything about interoperating with SSL vpns such as openvpn?
-2
votes
0answers
30 views
Is there a self contained OCSP Server? [closed]
Is there an OCSP server that I can simply throw revoked certificates at (hopefully with php) and it will do the rest?
Full disclosure: this would be an alternative solution to my other question: What ...
1
vote
1answer
137 views
SSL Error: self signed certificate in certificate chain
EDIT: AS the following documents describes http://www.novell.com/support/kb/doc.php?id=7002392 i've concatenated thos files like this at domain.key domain.crt sf_bundle.crt >> domain.pem and ...
0
votes
2answers
27 views
What's the difference between a certstore and a keystore?
I'm specifically using openssl in RHEL.
What's the difference between a certstore and a keystore?
1
vote
2answers
101 views
OpenSSL issues in Debian Wheezy
I don't know what is exactly going on but I noticed that curl couldn't get secure pages without adding extra switches.
~# curl -v https://api.dreamhost.com
* About to connect() to api.dreamhost.com ...
0
votes
0answers
34 views
Cannot recieve incoming mails from google-based mail services
I use XMail v 1.27 as our SMTP server and openssl v 0.9.8m (prebuilded in XMail distr). Recently I've configured XMail to support SSL/TLS. I already had chains of certificates (one for QA environment ...
0
votes
1answer
31 views
Can I create a wildcard ssl cert for a subdomain?
I have created my own CA cert, and created a wildcard ssl cert for *.domain.com.
But we use a lot of sub-domains of the form abc.xyz.domain.com, and I can't seem to create a wild card that will work ...
1
vote
1answer
41 views
OpenSSL response 404 issue on centOS 6
I followed this tutorial (though it's for 5.2, I figured I'd be alright).
The changes I had to make that seemed to have worked:
Rename ca.csr to ca.cslr (that's the one the command generated)
List ...
0
votes
2answers
54 views
compile ntp without ssl
I need to deploy ntp to a very space-critical pxe-imaging-system. (Yes, each KB matters.) Footprint needs to be as small as possible, so I want to compile ntp without linking openssl. According to the ...
-1
votes
1answer
47 views
How to set up https only on one directory of VirualHost
I have VPS with several sites and applications, and I want to run MySQL administration tool over https to avoid possibility of man-in-the-middle attack, since I often have to use mysql root password.
...
0
votes
1answer
27 views
RSA server certificate CommonName (CN) `MYSERVER' does NOT match server name
I just launched a new website and installed a certificate on it and I started getting the following error messages in the ssl_erro_log:
[Fri Jun 21 15:24:53 2013] [warn] RSA server certificate is a ...
0
votes
0answers
24 views
Certificate for NPS doesn't appear on Server 2008 but does on 2008 R2?
I used OpenSSL to create a certificate which I then installed in the local machine Personal certificate store on a Windows Server 2008 box. When I go to Network Policy Server to make a new 802.1x ...
2
votes
1answer
53 views
How to remove Private Key Password from pkcs12 container?
I extracted certificate using Chrome's SSL/export command.
Then provided it as input to openvpn - in the config for openvpn:
pkcs12 "path/to/pkcs12_container"
When calling openvpn ~/openvp_config it ...
0
votes
1answer
62 views
nginx unknown directive ssl_protocols
I've compiled NGINX 1.4.1 with ssl support and wanted to secure my configuation with these lines:
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ...
0
votes
0answers
24 views
OpenLDAP Proxy with Client Authentication via Smartcard
I have two OpenLDAPs configured. The first one on machine A acts as proxy for the second one on machine B using the ldap backend.
Now I enabled TLS and client authentication for the LDAP on machine ...
18
votes
1answer
969 views
Why are md5 passwords hashed differently?
I've been wondering for a while, why does running "echo 'helloworld' | openssl passwd -1 -stdin" yield different results every time?If I but any of the hashes in my /etc/shadow I can use them as my ...
6
votes
1answer
267 views
How to disable TLS 1.1 & 1.2 in Apache?
I have an Ubuntu 12.04.2 LTS server running Apache 2.2.22 with mod_ssl and OpenSSL v1.0.1.
In my vhosts config (everything else within which behaves as I would expect), I have the SSLProtocol line ...
-4
votes
1answer
29 views
PKI with openSSL and Windows 2008
Could anyone tell me about advantages and disadvantages of PKI with openSSL and Windows Certificate authorities ?
1
vote
1answer
39 views
How do I get iPXE to boot from HTTPS server with self signed cert?
I am chainloading iPXE (undionly.kpxe) and using an embedded script wanting to boot from HTTPS.
The problem is the HTTPS server is connecting to the http server (a custom service) via stunnel using a ...
0
votes
1answer
34 views
OSX doesn't recognize certificate's signing authority
I have my own root certificate that I have imported into my OSX 'login' keychain and told it to trust across the board. I am now creating a certificate for S/MIME. I create the CSR in Keychain Access ...
1
vote
1answer
80 views
ssl error handshake failure alert
I'm getting the error mentioned in the title in Firefox when i try to access my website on my machine.
This is the error i get :
An error occurred during a connection to www.st.um.
SSL peer was ...
1
vote
1answer
41 views
Extract certificate chain from .pfx
I have a .pfx file that I exported from Windows Server 2008. It includes the private key and certificate chain.
Using openssl I've been able to extract the private key and public certificate but I ...
1
vote
0answers
17 views
Web Server with PKCS11 support for server certificates?
I have a PKCS#11-compatible smart card with either a private key, or a combination of a certificate and a private key on it (I can have both).
I want to present the certificate from the smart card to ...
1
vote
0answers
45 views
Create jks for tomcat using .key ,.ca and .cert file
I have three file sample.cert, sample.CA,sample.key provided by Verisign. I need to create keystore for tomcat. As I searched I cannot use .key file directly to create keystore.
The command I used ...
0
votes
1answer
65 views
Apache ~ how to force SSL client auth for specific IP
Haven't been able to figure out how to easily manage access to my SSL website.
I'm trying to allow access to a specific location based on client IP.
If client IP = 192.168.x.x => bypass client ...
0
votes
2answers
393 views
“Unable to locally verify the issuer's authority” for GeoTrust SSL CA
I am having troubles connecting to an SSL site (not mine) from the command-line. The certification path goes "GeoTrust Global CA" > "GeoTrust SSL CA" > "*.131500.com.au". The server recently ...
0
votes
2answers
359 views
Unable to verify the first certificate (RapidSSL/GeoTrust/Ubuntu)
Have been trying to get Ubuntu to recognize the GeoTrust SAN certificate, no luck. Browsers work fine. Help?
$ openssl s_client -showcerts -connect artsyapi.com:443
CONNECTED(00000003)
depth=0 ...
1
vote
1answer
24 views
missing configuration in apache to achive mutual SSL authentcaion
After implementing a Mutual Certificate Authentication with OpenSSL and Apache Web Server on CentOS platform. I tried this scenario ( see this diagram ):
----------
...
0
votes
2answers
160 views
what does “openssl FIPS mode(0) unavailable” mean?
I compiled and installed strongswan ipsec vpn successfully, as demonstrated by the fact that the service starts successfully:
as3:~# ipsec restart
Stopping strongSwan IPsec...
Starting ...
-2
votes
1answer
58 views
How to add SSL support to web browser? [closed]
Please suggest me how can I add SSL support to thttpd. Or if I can put it straight, how to make my web server have SSL support?
0
votes
1answer
21 views
Minimum Key Length for Apache SSL
I'm trying to figure out the minimum key/cipher bit length that my Apache mod_ssl configuration will accept for client connections.
I ran openssl ciphers -v and saw ciphers of all lengths (40, 56, ...
0
votes
2answers
113 views
Apache recompile does not find new OpenSSL
I'm trying to upgrade both Apache and OpenSSL at the same time. I've gotten Apache compiled with all the modules I need, and it pops up and runs, but still shows an old version of OpenSSL.
Here is ...
0
votes
1answer
27 views
new user and problems with ssh key configuration (pub vs pem files)
We access our ubuntu server from outside over ssh this way :
ssh -i securityTier.pem -l someUsername serverDnsName
I need to create new user which will use separate *.pem file. So far i created :
...
0
votes
2answers
42 views
Generate pfx certificate from pem rsa
I have a PEM RSA private key generated with opendkim:
# dkim-genkey -t -s code001 -d domain.com
and for use it with exchange, i need to convert it to pfx with this command:
# openssl pkcs12 ...
0
votes
0answers
75 views
ngnix - required cipher missing
I just started using nginx 1.4.0 to reverse proxy to my application and manage ssl. I am getting this error occasionally
2013/05/04 09:02:16 [crit] 32651#0: *4663 SSL_do_handshake() failed (SSL: ...
0
votes
0answers
48 views
Upgrade OpenSSL to Latest Version
I'm build app ruby on rails but openssl on my server is old. I need upgrade openssl because openssl certificate verfication failed.
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Centos 5.8
I have tried ...
2
votes
2answers
86 views
Windows PKI with offline root (maybe with OpenSSL) - Possible?
I'm trying to setup a two-tier PKI and I have a ton of questions.
Since there's the tombstone limit for the AD, I'm assuming that the root (which will be offline) shouldn't be part of the AD. Am I ...
0
votes
0answers
99 views
Safari on MAC OS keeps asking for client certificate while SSLVerifyClient none
I have a website running on Apache 2.2 /openssl 1.0.0d. And I'm using a certificate issued by a trusted CA.
Everything works fine on all browsers, except safari on MAC OS, when the user tries to ...
2
votes
0answers
47 views
Self-signed certificates for thunderbird
I want to set self-signed certificates in thunderbird but got some warnings when I try to sent message:
Unable to put a digital signature. Make sure that the certificates specified in the account ...
1
vote
0answers
35 views
Setting up SSL on an Apache Ubuntu Server
I am setting up an SSL certificate for the first time on an Ubuntu server. I have purchased a dedicated IP address and have purchased the certificate under the subdomain of secure.example.com
Port ...
0
votes
1answer
93 views
Verify client certificate CN in Tomcat(APR)
I'm running a tomcat installation with the APR libraries installed (with the OpenSSL HTTPS stack that comes with it).
What I'm trying to do is to lock a specific HTTPS connector down to users of a ...
0
votes
1answer
160 views
openssl Subject Public Key Info: RSA Public Key: (1024 bit) vs Public Key: (1024 bit)
I have a couple of certificates whose format seem pretty similar except for one thing
I have checked the details of the cert by using the following openssl command
openssl x509 -in certname -text
...
