Skip to main content
Server Fault

Questions tagged [openssl]

Ask Question

OpenSSL: The Open Source Toolkit for SSL and TLS

1,628 questions
Newest Active Bountied Unanswered
0 votes
0 answers
11 views

kex_exchange_identification or banner exchange causing time out issue while ssh into amazon ec2

I am trying to ssh into a amazon linux 2023. My colleague can log in fine using the same private key. It seems like it initially connects then times out. This is the command and output: % ssh -i my-...
nealous3's user avatar
nealous3
  • 131
1 vote
1 answer
32 views

Bash script with "openssl req -new -key server.key -out server.csr -config server_openssl.cnf --passin pass:password"

I am writing a bash script that will generate a root certificate and a server certificate. The root certificate generation works, but the server certificate prompts me for input - however since this ...
Europa's user avatar
Europa
  • 139
1 vote
1 answer
33 views

Bash script with openssl req -new -key rootCA.key -out rootCA.csr -config rootCA_openssl.cnf --passin pass:password

I am generating a root certificate with a bash script. I have a rootCA_openssl.cnf file with the configuration data: rootCA_openssl.cnf [ req ] distinguished_name = req_distinguished_name ...
Europa's user avatar
Europa
  • 139
1 vote
0 answers
85 views

wget / openssl : Unable to locally verify the issuer's authority

I have wildcard certificate (*.example.com) from DigiCert Have following files in the zip file from DigiCert portal DigiCert Global Root G2.pem DigiCertCA.crt star_example_com.crt TrustedRoot.crt I ...
rp346's user avatar
rp346
  • 101
0 votes
0 answers
17 views

How to check OpenSSL: alert internal error, handshake failure for CA

Context is our Mosquitto broker, running on a certain domain. User can connect via TLS only. We are using a self-signed certificate for this purpose, because we want to sign client certificates by ...
BairDev's user avatar
BairDev
  • 125
1 vote
1 answer
95 views

Postfix: Mail servers of certain providers are unable to send mail to my Postfix server / insufficient security / SSL alert number 71

There is big German email hoster (web.de) whose mail servers are not able to send mails to my self-hosted Postfix server. I found similar reports, but the published solutions always were misconfigured ...
user2690527's user avatar
user2690527
  • 289
0 votes
1 answer
272 views

How to use 'openssl s_server ...'

OS: Lubuntu 20.04 desktop (inside Virtualbox) What happened I've been using php -S 0.0.0.0:8080 -t /path/to/app/ to provide a simple web server. But now I need to test my web app over https, and was ...
AlanQ's user avatar
AlanQ
  • 1
0 votes
0 answers
73 views

Enabling FIPS mode in MySQL Server 8.036+ on Windows

I'd like to enable the FIPS mode of my MySQL 8.0.36 community server instance running on Windows. I know the ssl_fips_mode option has been deprecated as of MySQL 8.0.34 but it should still work in ...
uwe's user avatar
uwe
  • 1
1 vote
1 answer
936 views

OpenVPN "error=CA signature digest algorithm too weak"

After upgrading our OpenVPN server from Debian Buster to Bookworm, which also upgraded OpenVPN from 2.4.7 to 2.6.3, we're now getting this when any client tries to connect: error=CA signature digest ...
Nick Coons's user avatar
Nick Coons
  • 427
0 votes
0 answers
49 views

OpenWISP -- inputing a certification authority

We're trying to set up OpenWISP using a paid-for wildcard (*.ngv.com.au) SSL certificate. The certificate comes to us as a ZIP of these files: AAACertificateServices.crt ...
Michael NGV's user avatar
Michael NGV
  • 1
2 votes
1 answer
117 views

What happens if the startdate of a CA is later that the startdate of a X509 certificate signed by it?

I am in the process of extending the lifetime of a private CA creating a new certificate with the same name, serial number, private/public keys, etc. The only change would be the "startdate" ...
jcea's user avatar
jcea
  • 273
0 votes
0 answers
147 views

Apache ( 2.4.58) compiling fails after Openssl upgrade to 3.2.1. on Amazon Linux 2

Apache ( 2.4.58) compiling fails after Openssl upgrade to 3.2.1. on Amazon Linux 2, Could you please help me on this. Error: /var/tmp/httpd-2.4.58/support/ab.c:2319: undefined reference to `...
avilala sudarshan yadav's user avatar
avilala sudarshan yadav
  • 1
0 votes
0 answers
272 views

curl: (60) SSL: unable to obtain common name from peer certificate

I'm trying to create self-signed certificates for my webserver but it's not going well. The title is the error message curl gives me when I run curl --noproxy "*" https://example.com (with ...
Seal_bebbe's user avatar
Seal_bebbe
  • 1
0 votes
1 answer
123 views

Unable to enable specific cipher suites in Nginx

I have a piece of hardware with an outdated list of default cipher suites. We update that list via configuration, but to get the configuration it first needs to talk to a provisioning server. I've ...
miken32's user avatar
miken32
  • 974
0 votes
0 answers
350 views

TLS negotiation gets stuck at Client Hello

We are working with a HTTPS endpoint hosted in the UK on an Azure Application Gateway. So far, all location in the UK and wider have been able to access it. A specific client site in Singapore cannot ...
Paul Ridgway's user avatar
Paul Ridgway
  • 129

15 30 50 per page
1
2 3 4 5
109