current community

your communities

more stack exchange communities

Stack Exchange
tour help

Tagged Questions

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions.

learn more… | top users | synonyms

1
vote
0answers
5 views

Writing an eCAP plugin for Squid: How to link OpenSSL and other libraries

I'm writing an eCAP adapter (in C++) for Squid. I've seen that libtool is required in order to create a library and import it into Squid. I started from the adapter_modifying example (that can be ...
1
vote
1answer
20 views

Why does openssl print to stderr for a successful command?

When I generate a CSR using openssl, the normal output goes to stderr. I don't understand why it isn't on stdout. I'm scripting the generation of some certificate/key pairs and want to be able to ...
0
votes
3answers
27 views

Obtain .cer file from .pem file

I have generated RSA private key using below command: openssl genrsa -out privkey.pem 2048 And created a self signed certificate using below command: openssl req -new -x509 -key privkey.pem -out ...
1
vote
1answer
17 views

Unable to extract modulus, exponent from pubkey.pem

I am trying to extract modulus and exponent components from public key which is in .pem file, using below command: openssl rsa -inform der -pubin -text < pubkey.pem But it is showing me below ...
0
votes
1answer
15 views

-bash: pkcs12: command not found

I am trying to export the private key and certificate to p12 file using below command in my mac os X - Mountain Lion: pkcs12 -export -out privkey.pem -inkey privkey.pem -in rsaCert.crt but I am ...
2
votes
1answer
37 views

What do all the letters and numbers in a Red Hat RPM version number mean e.g. openssl-devel-0.9.8e-27.el5_10.1?

What do all the letters and numbers in the rpm name openssl-devel-0.9.8e-27.el5_10.1 mean? I recognize the openssl-devel-0.9.8e part because that's the same number applied by the developement team at ...
0
votes
1answer
48 views

Linux openssl CN/Hostname verification against SSL certificate

How does an Enterprise Linux system with openssl 1.0.1+ verify that the CN=hostname value in the cert matches the server it resides on? Does it use a plain old reverse DNS lookup on the IP address of ...
0
votes
0answers
13 views

Why doesn't the SSL_CERT_FILE trick works on Ubuntu?

$ echo | openssl s_client -connect foo.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.foo.com.pem $ function S { export SSL_CERT_FILE=/home/user/.foo.com.pem; ...
2
votes
1answer
25 views

Checking if Apache requires SSL pass-phrase

I'm thinking about restarting a client's Apache server, but I'm reluctant to do so because I know he's currently running HTTPS and I don't want to get stuck with the server prompting me for the SSL ...
1
vote
2answers
45 views

On OpenBSD, how do I recompile OpenSSL with md2 support?

I searched but couldn't find any similar questions. I need to recompile OpenSSL with md2 support so that I can compile and install libpki. I can't for the life of me figure out how recompiling OpenSSL ...
0
votes
1answer
49 views

centos patch heartbleed bug [duplicate]

How to do this? There are six packages listed for my 32bit system here Not sure how to go about patching... Ok I have not done yum clean all and yum update "openssl*" but am stuck on following ...
0
votes
0answers
570 views

How to detect on Linux/AIX machines if they are vulnerable to the CVE-2014-0160?

I quickly wrote a script that outputs the openssl versions on AIX/Linux: #/bin/ksh # RUN THIS SCRIPT ON ANY AIX/LINUX TO DETECT IF THE SERVER IS VULNERABLE TO: # ...
0
votes
2answers
3k views

apt-get install openssl doesn't upgrade openssl [closed]

re heartbleed, I'm trying to upgrade openssl, WITHOUT upgrading all packages on my system so I am running apt-get install openssl as shown here, it's implied that doing this should upgrade openssl: ...
0
votes
2answers
738 views

yum and openssl disagree on currently installed version in Centos 6.5

I'm attempting to ensure that we are using the most recent openssl version on Centos 6.5, and yum reports that we are, but openssl continues to report that its version is an older one: ...
3
votes
3answers
501 views

Fedora 20 Heartbleed openssl fix

I am just trying to fix the Heartbleed bug associated with OpenSSL on Fedora Core 20. I am trying to follow the instructions as described here: ...
71
votes
4answers
16k views

How do I recover from the Heartbleed bug in OpenSSL?

CVE-2014-0160 a.k.a. Heartbleed is a vulnerability in OpenSSL. It looks scary. How do I determine whether I am affected? If I'm affected, what do I need to do? Apparently upgrading isn't enough.
6
votes
1answer
576 views

Are Debian- and RedHat-style repositories compromised by Heartbleed OpenSSL bug?

The Heartbleed exploit (CVE-2014-0160) makes SSL connections using OpenSSL vulnerable to private key leakage. Does it mean that official update channels in RHEL/CentOS/etc. and Debian/Ubuntu shall be ...
5
votes
2answers
4k views

Openssl upgraded via apt-get, `openssl version` showing previous version

I am running Debian Wheezy. I have just upgraded my system and should have the latest version of openssl (1.0.1g which fixes a critical bug), but it does not appear to be being used. I have run: ...
3
votes
1answer
58 views

How do I generate SSHFP records?

I need to setup SSHFP records in the DNS for my host. I have done some searching but I haven't found any good example. What are SSHFP records? What does SSHFP records look like? How do I create ...
1
vote
0answers
18 views

libpam load pam modules at every connection

I want to reduce ssh connection time, by debugging sshd have found that libpam is loading all pam modules specified in /etc/pam.d/sshd file at every connection. How to configure/modifiy libpam such ...
7
votes
2answers
553 views

RSA 2048 keypair generation: via openssl 0.5s via gpg 30s, why the difference?

RSA 2048 keypair generation: via openssl 0.5s via gpg 30s, why the difference There are several programs which can gerate RSA public/private keypairs GnuPG/OpenPGP for instance has a wizzard being ...
1
vote
1answer
111 views

Installed root certificate authority doesn't appear to be working?

OS : archlinux Openssl dir : /etc/ssl I just installed a root certificates authority. The xxx.pem and yyy.0 file exists in the /etc/ssl/certs folder. Then I verify the vimeo.com:443 via bash: $ ...
1
vote
1answer
96 views

Can not execute some shell command from php

I want to execute phpcs commands from phpcode using shell_exec function. During execution it gives error /usr/bin/php: relocation error: /usr/bin/php: symbol X509_free, version OPENSSL_1.0.0 not ...
1
vote
2answers
812 views

REHL 6.4 and OpenSSL 1.0.1 - Dependency missing.. but it isn't?

I am trying to install phpMyAdmin, however I am getting an error about openssl libraries being missing. However, I have installed them using the ius repo; Error: Package: ...
3
votes
2answers
176 views

How to encyrpt a message using someone's SSL smime.p7s file

I need to send a private key file to someone (a trusted sysadmin) securely. I suggested a couple options, but he replied as follows: Hi, I don't have neither LastPass nor GnuPGP but I'm using ssl ...
0
votes
1answer
108 views

Use curl to download from a Url

I am trying to download a file from a url using curl: $ curl -3 -v "https://atl1mmsget.msg.eng.t-mobile.com/mms/wapenc?location=XXXXXXXXXXX_14zbwk&rid=027" Where the X is a digit in the phone ...
2
votes
1answer
74 views

How do I decrypt a message using openssl's CLI?

I have a message, I know the password and the cipher that was used to encrypt it, but I can't figure out how to ask openssl to decrypt it. I see the cipher in the output from the ciphers command, and ...
1
vote
1answer
212 views

How can I add an x509 certificates bundle (ca-bundle.crt) to NSS database (~./pki/nssdb)

I'm currently using RedHat Enterprise 6. Git had issues cloning Github repos using HTTPS. After some investigation (e.g. enabling GIT_CURL_VERBOSE and GIT_TRACE) the problem was narrowed to a ...
0
votes
2answers
2k views

Installing OpenSSL shared libraries on CentOS 6.5

OS: CentOS-6.5-x86_64-minimal I downloaded the latest version of OpenSSL Extracted it with tar -xvzf openssl-1.0.1e.tar.gz cd openssl-1.0.1e ./config --prefix=/usr/local make it gives me the ...
1
vote
2answers
835 views

Installing PostgreSQL 9.0 on RHEL 6.4 (How to get Yum to Include a version of OpenSSL I built from source)

I receive the following errors from yum install postgresql90-server: Error: Package: postgresql90-9.0.15-1PGDG.rhel6.x86_64 (pgdg90) Requires: libssl.so.10(libssl.so.10)(64bit) Error: Package: ...
1
vote
2answers
619 views

Get common name (CN) from SSL certificate?

I have a SSL CRT file in PEM format. Is there a way that I can extract the common name (CN) from the certificate from the command line?
3
votes
2answers
54 views

generating CSR correctly

When generating a CRS for private purposes (non-comercial) which of the fields are mandatory? Country Name (2 letter code) [US]: US State or Province Name (full name) []: Texas Locality Name ...
1
vote
2answers
306 views

List all available ssl ca certificates

My git client claims error: Peer's Certificate issuer is not recognized. That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at ...
1
vote
2answers
1k views

KEY_CONFIG pointing to the wrong version of openssl.cnf

I am trying to setup OpenVPN but I am getting this error: #./build-ca grep: /etc/openvpn/easy-rsa/2.0/openssl.cnf: No such file or directory pkitool: KEY_CONFIG (set by the ./vars script) is pointing ...
0
votes
0answers
778 views

'Git clone' times out with 443 error message

git clone -v https://github.com/me/myproj Cloning into 'myproj'... <minutes pass> error: Failed connect to github.com:443; Operation now in progress while accessing ...
0
votes
1answer
100 views

Why does OpenSSL automatically send me Terminal mail?

I for some reason am getting messages from OpenSSL constantly (not literally constantly, but every hour or so) sent to my Terminal mail box saying: Message 1: Subject: Cron ...
1
vote
2answers
3k views

OpenVPN - Socket bind failed on local address [AF_INET] IP:1194: Cannot assign requested address

How get it resolved? I am trying to start the openVPN server so that i can login remotely using username: demo and password: demo, but openVPN server is failing to start. What am i doing wrong, how ...
2
votes
1answer
3k views

make fatal error: openssl/sha.h: No such file or directory

I'm trying to compile a program that, according to the documentation, requires the "OpenSSL library". I have OpenSSL installed, and it's still giving me the error openssl/sha.h: No such file or ...
4
votes
2answers
265 views

Decrypting a file encrypted on a different system

My home server runs OpenBSD 5.3 with Samba serving files to several Windows machines. I wrote a script to backup video files by encrypting each file with openssl enc -aes-256-cbc and uploading it to ...
3
votes
3answers
76 views

Appending a pem to another

I found a blog that helped me relay postfix through smtp.gmail.com with SASL authentication. One of the steps was: cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | \ sudo tee -a ...
1
vote
1answer
267 views

How to recompile exim4-daemon-heavy? [duplicate]

I have had a few problem with exim4 and various phone mail clients (Windows Phone in particular) that seem to result from bad mail clients together with GnuTLS. I'd like to recompile ...
5
votes
2answers
7k views

How can I get TLSv1.2 support in Apache on RHEL6/CentOS/SL6?

I'd like to have TLSv1.2 support in Apache on my Scientific Linux 6 (RHEL6 rebuild) server. Is there some semi-supported pathway to getting this working? Preferably with minimal custom rebuilding. ...
3
votes
1answer
160 views

How to generate just a key with openssl

I run this command to generate a CSR and a new key with openssl: openssl req -new -nodes -days 9000 -config /etc/ssl/openssl.cnf -out /etc/ssl/certs/mycompany.com.csr -keyout ...
7
votes
0answers
3k views

OpenSSL Package Rebuild CentOS 6.4 [closed]

Rebuilding openssl with Elliptic Curves on CentOS 6.4 The strategy is: 1) Download the "official" CentOS source package (.src.rpm) 2) Modify the .spec file to enable elliptic curves. (change no-EC ...
1
vote
1answer
142 views

generate SCRAM-SHA-1 hash of a password

I am looking for a simple way (perhaps using openssl) to generate SCRAM-SHA-1 hash of a password for use for Prosody Jabber Server. The passwords on the server are stored in the following form: ...
3
votes
2answers
258 views

OpenSSL buffering problem

I have a stream that I would like to encrypt in real time, but the problem is that openssl encrypt only when it could read from stdin enough bytes, otherwise it waits. Look at those examples: $ ...
1
vote
1answer
2k views

openssl-1.0.1e compiling on Debian

I am compiling OpenSSL-1.0.1e on Debian Lenny (armv4 architecture). I have been following the instruction on http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html to compile the source ...
3
votes
2answers
959 views

SSH Agent does not work with pkcs8 private key

I did encrypt my private key using openssl pkcs8 -topk8 -in id_rsa -out id_rsa_new -v2 des3 (http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html) But now, ssh-agent ...
4
votes
1answer
399 views

Backporting OpenSSL-1.0.1e to Debian Lenny (armv4l)

I have an old embedded board that supports only Debian Lenny. I need to install OpenSSL-1.0.1e on it. If I download the source code then try to compile the source code, I get this error ...
2
votes
1answer
350 views

Using key file as password with OpenSSL

I got an assignment to decrypt a binary file which is encrypted using aes. I have a 32 byte binary file which is a key for decryption. I know how to decrypt if the key is a passphrase by using ...

1 2