SSL (the predecessor of TLS) is a cryptographic protocol designed to provide communications security over a computer network. It is the S in HTTPS, IMAPS, SMTPS, etc.
0
votes
0answers
4 views
fetchmail: Missing trust anchor certificate:
I try to setup fetchmail on mac for checkdomain.de and created a certificate .pem file in the cert directory of ssl by copying certificate from running this command:
openssl s_client -connect ...
0
votes
0answers
5 views
SLES cant upgrade packages via zypper or yast2
getting errors whenever this box tries to phone to grab a package
via yast:
There was an error in the repository initialization.
Download (curl) error for
...
3
votes
1answer
25 views
mutt SSL unknown protocol - not able to connect
I am facing following situation.
I am using arch linux
I installed mutt the email client
I followed the simple guidelines in the arch wiki to configure mutt to use imap
For the simple config where ...
1
vote
1answer
13 views
vsftpd: use Explicit SSL in a different port than unencrypted FTP
I've managed to run vsftpd with unencrypted FTP, Implicit SSL, and Explicit SSL. What I'm looking for is a way to run it with Explicit SSL, but have a separate port for SSL.
For example: port 15000 ...
0
votes
3answers
34 views
How can I find where the Location of SSL key file is?
I inherited a RedHat server and I'm trying to find the SSL key file that was used to generate the self signed cert so I can make a CSR.
From what poking around I've done, I can't find it in any of ...
0
votes
0answers
18 views
SSL installation on apache2 / debian
So I have a debian wheezy installation where I someone started to install SSL but gave up and so I'm here to finish the task.
problem - when accessing with http (port 80) - all is working. When ...
0
votes
0answers
13 views
Does postfix support MySQL connections over SSL
I have a postfix server and a MySQL database server. I setup MySQL SSL and have it working successfully. I can connect from postfix to mysql with the user requiring SSL.
The problem I have is, when I ...
1
vote
1answer
48 views
Allow specific linux user to bind to port 443
I am in charge of setting up a JBoss web application that runs over SSL, thus should be accessible over port 443.
Of course, it can be started up by user with root privileges, but that is something ...
0
votes
0answers
49 views
Why do SSL negotiation fail on Linux? (Asus P5S-MX) (but worked on Windows7)… FIXED, but UNRESOLVED
Can anyone tell give me hints to why the web requests fails in these wireshark/tcpdump traces ?
(and perhabs hint to why a linux distro would start with SSLv3 as starting point)
I a noob when it comes ...
1
vote
2answers
41 views
Wildcard SSL certificate does not work with naked domain
I have deployed a wildcard certificate (Comodo PlatinumSSL) for *.domain.com on Apache/Ubuntu 14.04. Everything works if the client visits https://www.domain.com but https://domain.com throws up this ...
2
votes
1answer
56 views
Generate Private Key for Existing SSL Certificate
I have been provided with a Comodo SSL certificate to deploy with Apache/ModSSL on Ubuntu 14.04. All I got was an email with links like this. I was not provided with a private key. It appears the ...
0
votes
0answers
27 views
RewriteRule ^/(.*) http://127.0.0.1:5050/$1 [L,P]
What is the full meaning of following line -
RewriteRule ^/(.*) http://127.0.0.1:5050/$1 [L,P]
There are three application both running by python on ubuntu 14.4. they are visible as below link
...
0
votes
1answer
105 views
NGINX: 400 The plain HTTP request was sent to HTTPS port
i setup nginx for proxypass to docker registry, the protocol http works but if i set https i have: 400 The plain HTTP request was sent to HTTPS port
This is my nginx configuration file:
upstream ...
0
votes
0answers
19 views
check_nrpe ssl couldnt complete handshake, in both master and client server it works fine individually
I am getting this check_nrep ssl couldnt complete handshake erro in master server when i try executing the below command.
/usr/local/nagios/libexec/check_nrpe -H 10.192.122.234
10.192.122.234 --> ...
-2
votes
1answer
38 views
Is this a violation? using https service in intranet?
I have CentOS 7 servers in the cloud which is offering HTTPS services.
Now this Enterprise cant use our services from cloud, so they wanted a local intranet solution, same like i am running in the ...
3
votes
2answers
55 views
How to generate a CSR for attaching SSL certificate to the site? [duplicate]
How can I generate a CSR for attaching SSL certificate to the site?
In various articles about installing SSL certificates are described different ways of generating private key and CSR. That's like ...
2
votes
0answers
26 views
Adding nssdb certificate from an install script
I am trying to write an script (postinst for a .deb package) that will install a secure websockets (wss:) application and a certificate that allows access from the Chrome browser. The developer has ...
1
vote
2answers
296 views
How to convert ssl ciphers to curl format?
The official ssl docs list ciphers in a different format than curl takes. For instance, if I want curl to use the cipher TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, I have to pass it curl --ciphers ...
1
vote
1answer
299 views
How to see list of curl ciphers?
My understanding is that during ssl negotiation, the client (i.e. curl) sends a list of ciphers to the server, and the server replies with its preferred choice.
How do I see the list of ciphers that ...
1
vote
3answers
200 views
Dovecot with CAcert certificates, Outlook can't connect to IMAP
I have quite standard installation of postfix and dovecot on Ubuntu 12.10. I generated my own certificates and got them signed by cacert.org.
The process of creating certs was like below:
openssl ...
0
votes
0answers
326 views
Cannot send mail to gmail account using ssmtp
I have the following ssmtp.conf file:
[email protected]
mailhub=smtp.gmail.com:587
hostname=ed424cef9b52
UseTLS=Yes
UseStartTTLS=Yes
AuthMethod=LOGIN
AuthUser=test
AuthPass=test
...
0
votes
1answer
30 views
A question about sendmail macros and tls
http://docs.oracle.com/cd/E19120-01/open.solaris/819-1634/fvbqm/index.html
Here i read some sendmail macros must be edited on mc file
to work
I want tls use version 1 and strong cipher
How to put ...
0
votes
1answer
118 views
wget: force no default certificates
I'm having trouble with verification of custom server SSL certificates and wget.
wget -O- --ca-certificate=myservercert.pem https://www.google.com
This should fail but does not, as wget does ...
2
votes
1answer
2k views
Unable to locally verify the issuer's authority
I am not able to open any https URLs using wget or curl:
$ wget https://www.python.org
--2015-04-27 17:17:33-- https://www.python.org/
Resolving www.python.org (www.python.org)... 103.245.222.223
...
1
vote
2answers
91 views
Can I make davfs ignore untrusted certificates?
My server provides WebDAV over HTTPS only, so that other machines can access the DAV. Say the certificate is issued for www.myserver.com and the WebDAV is at https://www.myserver.com/webdav.
For ...
1
vote
1answer
738 views
Multiple RSA server certificates not allowed
I purchased a multidomain certificate, and I was trying to install it on my server.
I put the following information inside the virtual host for one of my sites:
<VirtualHost *:443>
...
...
5
votes
1answer
123 views
How to find more details on Invalid Certificates
Setup
I am following this blog post to set up ASP.net MVC5 on Linux. When I get to the part that adds the Microsoft certificates, I am warned that they are invalid. For example, this command:
...
0
votes
0answers
471 views
libssl undefined reference to symbol 'SSL_load_error_strings@@OPENSSL_1.0.0'
With the following CMakeLists.txt (I tried to snip it AMAP)
https://gist.github.com/pbertoni/29200833dc562ab6ee2c
I got this error from make at linking time:
/usr/bin/ld: ...
0
votes
1answer
235 views
Script timed out before returning headers: iredadmin.py
I am trying to access my iRedMail backend at https://domain.com/iredadmin
However, it keeps timing out with a 500 error.
I check my error log, and I see the following:
[Sat Apr 11 16:53:41 2015] ...
0
votes
1answer
22 views
Apache ReverseProxy ssl
I have the following ReverseProxy set up which works for http requests:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName sub.domain.com
ProxyRequests Off
ProxyVia Off
<Proxy *>
Order ...
1
vote
1answer
316 views
Mplayer fails to play network stream
I'm trying to play youtube streams with mplayer. On running mplayer -cache 2048 https://www.youtube.com/watch?v=USUA_1WVM8I, I get the following output and the video does not play at all.
MPlayer ...
0
votes
1answer
48 views
Looking for an email server that supports mysql ssl connection
I am trying to secure connections to my MySQL server. I have SSL set up but I am looking for programs that support a SSL connection to MySQL. Specifically I am currently looking for an email server ...
0
votes
1answer
145 views
Configure KVM/QEMU with TLS?
New to virtualization and kvm and I have a problem when i try to create a virtual machine with spice:
virt-install --name Windows-7-x64 --ram 2048 --disk path=~/kvm/images/win7.img,size=50 --vcpus=1 ...
0
votes
0answers
126 views
OpenVPN TLS Error
I'm having trouble getting OpenVPN to work.
I have installed and configured OpenVPN on my centos machine and it seemed to be going fine. I followed the instructions in the following link
...
3
votes
2answers
11k views
How to fix curl sslv3 alert handshake failure?
I'm trying to curl HTTPS website in the following way:
$ curl -v https://thepiratebay.se/
However it fails with the error:
* About to connect() to thepiratebay.se port 443 (#0)
* Trying ...
0
votes
1answer
629 views
Does Apache 2.2.3 support TLSv1.1 and TLSv1.2?
How can I find out if Apache 2.2.3 supports TLSv1.1 and TLSv1.2?
If possible how can I implement it?
0
votes
2answers
208 views
Implementing TLS 1.2 when I SSH into a box as a measure against POODLE
Is it possible to edit sshd_config or ssh_config, such that the SSH connection into a machine configured to use TLS1.2 is successful and rejects connections configured to use TLS1.1 and below, as well ...
0
votes
1answer
604 views
How to check mod_ssl.so version?
I'm running Apache 2.2.3 and would like to find out, how to check version of mod_ssl.so and if this module can support TLSv1.1 and TLSv1.2.
Regards
0
votes
0answers
22 views
Enable TLS-SRP for, say, courier-imap
I want to use TLS-SRP for the services that I run on my server, because I don't want to leak credentials, not even on the server's disk.
There are several articles on setting up TLS-SRP either with ...
0
votes
0answers
366 views
open ssl client giving error routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
On connecting to my application (a ssl server) by using command
openssl s_client -host 127.0.0.1 -port 5028 -cipher EXPORT -debug -state
I am getting error like
CONNECTED(00000003)
...
0
votes
0answers
328 views
Cant use https on localhost
I am unable to use https on my localhost testmachine. I cant figure out the problem on my own so here is what i did:
I placed the following to files in sites-available :
000-default.conf
...
1
vote
0answers
220 views
cURL does not recognize certificate
At our company they enforce a web proxy which breaks SSL connections and replaces the certificate by its own fake certificate. (To be precise it uses a proxy cert which is signed by the company cert.)
...
2
votes
1answer
530 views
CURL won't connect to self
I'm having a weird issue where CURL cannot connect to its own server.
For example if I'm on server example.com
wget https://example.com/ <--- WORKS FIND
curl https://example.com gets error: 35 ...
0
votes
0answers
92 views
Sign a soap message from a JKS dynamically using Python Unix
I am currently calling a webservice using Curl command from unix .
I have a requirement that I have to dynamically message sign the soap request every time I make a call to the webservice using my ...
1
vote
0answers
71 views
Disabling sslv3 on samba4
How can I disable sslv3 on samba4 ldaps and just have tlsv1 enabled?
I have not been able to find any documentation or guides on disabling this feature. This is in regards to the poodle ...
3
votes
1answer
3k views
postfix smtp connection timed out, why?
A CentOS 7 web server has postfix, dovecot, and mailx installed. I have been able to make an IMAP connection to the server in order to read inbox mail using a remote Thunderbird client, but I am not ...
2
votes
0answers
56 views
Apache modssl returning random unwanted 200's rather than 404's
I have a fairly simple apache 2.4.7 config on CentOS 6.5 Linux and an active web server.
No PHP or CGI, just some static pages and a proxypass to a different server tier.
I'm doing some security ...
1
vote
0answers
81 views
sendmail and certs
I am trying to set up sendmail for our company on a CentOS 6.6-Release server.
Specifically, I want to use SSL, so that passwords are sent encrypted.
ls /etc/mail/ssl
intermediate.crt ...
1
vote
0answers
64 views
VSFTPD cutted uploads
Installed VSFTPD v2.3.2 on a Wheezy.
When I try to put anything my ftp client (filezilla v3.5.3) it sends the file by parts of 229376 bytes interrupted by deconnexion/reconnexion untill the en of the ...
2
votes
0answers
366 views
NGINX Reverse Proxy - no user/password was provided for basic authentication
I've got Nginx set up on a RPi (raspbian)as a reverse proxy using SSL between the remote user and the Nginx instance. All seems to work well for two services mounted on the RPi (Shellinabox and RPi ...
