Questions tagged [openssl]
OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions.
716 questions
0
votes
0
answers
49
views
openssl in out my box has difference results
I run dovecot and Postfix and lets encrypt.
When I ssh into my postfix and run openssl for check mail such as:
openssl s_client -crlf -connect mail.pahlevanzadeh.org:995
CONNECTED(00000003)
depth=2 ...
- 11.3k
0
votes
1
answer
222
views
Can't create SSL certificate with OpenSSL: config file object error
I'm trying to create an SSL certificate using the following command on Rocky Linux:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/shaserver.bungkus.org.key -out ...
0
votes
1
answer
638
views
openssl file encryption (private encrypted RSA key and public key)
I generate private encrypted RSA key:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out key_enc_private.pem -aes256
Then I extract public RSA key:
openssl rsa -pubout -in ...
- 131
1
vote
1
answer
108
views
openssl - Is it possible to generate a V1 x.509 ca certificate with openssl 3.2?
In openssl 3.0.7 I can see this in openssl-ca manpage:
-extensions section
The section of the configuration file containing certificate extensions to be added when a certificate is ...
- 785
0
votes
5
answers
190
views
How to select string delimited by two differnt string pattern
I am having an output similar to the file (filename whatever.com) below...
[...]~ # tmsh list sys file ssl-cert whatever.com_2024
sys file ssl-cert whatever.com_2024 {
certificate-key-size 2048
...
- 69
0
votes
0
answers
79
views
Nagios check_http returning Cannot make SSL connection error on CentOS 7
I'm running a site on Apache (httpd) on a CentOS 7 host and monitoring it using Nagios on another CentOS 7 host. The configuration in Nagios is:
define service {
check_command ...
- 131
0
votes
1
answer
138
views
"openssl genpkey" can't use option "-cipher des3"
Trying to create RSA key via openssl:
openssl genpkey -algorithm RSA -cipher des3 -outform PEM -pkeyopt rsa_keygen_bits:2048 -out myCA.pem
This output:
genpkey: Use -help for summary.
If I remove -...
- 443
4
votes
2
answers
2k
views
Where are the intermediate CA certificates?
In the folder /etc/ssl/certs/ i can well see:
Symbolic links to the certificates stored at /usr/share/ca-certificates/
The BUNDLE file ca-certificates.crt which contains all certificates in PEM ...
- 183
0
votes
0
answers
144
views
No cerificate is in /etc/ssl/certs
I am working on an embedded Linux system (kernel-5.18.18) for an SOC platform.
The system has openssl compiled, and there is an application connecting to cloud server. But the application failed to ...
- 651
0
votes
0
answers
443
views
How to build OpenSSL from source, without depending on /lib/libcrypto.so
After several sessions with intense Google searching and trying several angles with ChatGPT, I seem to be at a dead-end, my problem arises when I try to build OpenSSL from source, it seems that the ...
- 155
3
votes
1
answer
3k
views
What does the openssl "Error: no objects specified in config file" mean?
I'm trying to generate a CSR (certificate signing request) with:
openssl req -new -config server.cnf -key server.key -out server.csr
Error: No objects specified in config file
Error making certificate ...
- 657
0
votes
0
answers
165
views
OpenDKIM Isn't building with OpenSSL correctly
I am trying to build OpenDKIM from source. For some reason, the build is not supporting SHA-256, even when the OpenSSL version I am building with uses SHA-256. How is this possible ?
I run:
./...
- 73
0
votes
1
answer
786
views
How do you export client certificate for Android to make it work with server?
I posted here earlier today regarding my certificate issue. This is the last one I have. I have setup a new self-signed certificate chain with setup below by following this guide https://dev.to/berk/...
- 11
2
votes
1
answer
166
views
bash: what's the difference between '< file' and taking input from a here-string which contains the file?
I have a variable foo_var which contains ASCII text (base64 text, with some additional text which includes dashes, spaces, and underscores). I write this var to a file as follows:
cat <<<&...
- 391
0
votes
0
answers
119
views
.pfx S/MIME certificate generated with openssl - password is not recognised when imported on an iPhone
I have recently obtained an S/MIME certificate from a CA to use with Thunderbird on a Linux system.
I used the following command in CLI : openssl pkcs12 -export -in certificate.crt -inkey private_key....
- 1
0
votes
2
answers
181
views
OpenSSL: Create CAfile
I have a X.509 certificate mycert.pem and a private-key mykey.pem for it.
Furthermore the certificate has a root-certificate and a intermediate-certificate to build a complete chain.
I had to add both ...
- 1,039
0
votes
0
answers
402
views
Building httpd can't find Openssl
I am attempting to rebuild Apache from source and am encountering an issue I have not faced before.
I have built Apache version 2.4.57 from source many times in the past and have had no issues during ...
- 73
3
votes
2
answers
1k
views
How do I verify ssl / tls connection with openssl non-interactively (from a script)?
When I execute:
openssl s_client -connect google.com:443
openssl s_client -connect government.ru:443
This gives me valuable output, but I would like openssl to close the connection and exit returning ...
- 827
1
vote
0
answers
663
views
Unable to SSH to a server from Jenkins using ED25519
RSA keys going to be decommissioned due to weak security and hence tried o generate a key using ED25519 type using the command
ssh-keygen -t ed25519 -C “testkey”
and generated the public private key. ...
- 11
0
votes
1
answer
123
views
ECDHE key exchange in OpenSSL going wrong (Outlook vs Cyrus imapd) - how to solve?
I am trying to connect Outlook 2019 to a Cyrus imapd server, using an SSL connection on port 993, and using ECDHE for key agreement. Whatever I do, this does not work although the imap server is set ...
- 3,941
3
votes
2
answers
2k
views
How to convert EC public key in PEM format to DER format using openssl
With a public key as PEM, how can this be converted to DER format using openssl? Please note that this is not a x509 certificate. Also this question is about EC (ECDSA) public keys not RSA and using ...
- 31
3
votes
3
answers
3k
views
Deploying private CA certs to debian devices
We have a private certificate authority (CA) which is only used on sites in our intranet.
I can get the certificate easily:
openssl s_client -showcerts -connect atlas.sim.local:8443 </dev/null 2>...
- 16.1k
0
votes
1
answer
91
views
How to identify on console for a remote server what TLS it is providing on an HTTPS endpoint
I would like to find a way, to identify what type of TLS a remote HTTPS endpoint is providing, using only "standard" Linux command-line tools.
I would like to know, what type of TLS the ...
- 101
0
votes
1
answer
77
views
How should I modify the Qt5 source code if I want to add back SSLv3 support in the libqt5network5 module?
I am on an Intel x86_64 CPU architecture platform running a Debian Bullseye Linux distro. On that platform runs a custom application. This application is a 32-bit software running as a systemd service ...
1
vote
1
answer
10k
views
Is it possible to get OpenSSL 3.1 on Ubuntu 22.04
I'm setting up Ubuntu servers and have been using version 22.04 LTS as the base image. We run security scans on all our servers and this version of Ubuntu raises safety violations for having OpenSSL 3....
- 111