All Questions
145
questions
0
votes
1
answer
142
views
Unable to enable specific cipher suites in Nginx
I have a piece of hardware with an outdated list of default cipher suites. We update that list via configuration, but to get the configuration it first needs to talk to a provisioning server.
I've ...
0
votes
1
answer
447
views
Nginx 1.25.3 on docker TLSv1 is not working
I have nginx 1.25.3 on docker, not the Alpine version. The underlying OS is Ubuntu 22.
When the TLS 1 protocols are configured like this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
The ...
0
votes
0
answers
433
views
TLS cipher suites ordering
I have nginx configured to use ssl_ciphers PROFILE=SYSTEM;.
And I have Alma Linux configured to use the DEFAULT crypto policy:
~$ update-crypto-policies --show
DEFAULT
From the RHEL 9 documentation:
...
0
votes
0
answers
358
views
openssl crash on nginx building ubuntu 22.04
trying this on ubuntu 22.04
sudo ./configure --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-zctdR4/nginx-1.18.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-...
1
vote
1
answer
2k
views
Configure QUIC and HTTP/3 in Ubuntu
I want to install and configure nginx-1.19.0 with HTTP/3 support on Ubuntu 22.04. OpenSSL version is 3.0.2. I was surfing in internet but I didn't find something straight forward to guide me how to ...
0
votes
0
answers
36
views
self signed for a site accessible through VPN
I'd like to know if what I'm doing is right or is there another way to do this?
I have this site that is accessible through VPN and i'd like the end users not to see the "not secured" ...
0
votes
1
answer
439
views
Fastcgi script "file not found" / Primary script unknown
ACTUAL SITUATION
I am in the process of transferring a static web server to a container.
ISSUE ENCOUNTERED
When i'm trying to reach my server, i received "File not found" with :
curl ...
0
votes
1
answer
128
views
Certificate works when added a space to it, why?
We have generated a certificate via Letsencrypt and trying to use it via nginx, but we get a weird error:
cannot load certificate "/home/path/site.pem": PEM_read_bio_X509_AUX() failed
The ...
1
vote
1
answer
181
views
Nginx revoked Intermediate-CA from Root-CA
The certificates as given below:
Root-CA -> Intermediate-CA -> Server
If I revoke Intermediate-CA from Root-CA then the Server will automated revoked certificate along with the Intermediate-...
4
votes
1
answer
1k
views
Revoked certificate is still valid by Google Chrome and Microsoft Edge
I have generated Self-Signed Certificate, Root-CA Signed by Root-CA
Then, Intermediate-CA Signed by Root-CA and Server Signed by Intermediate-CA
The certificates as given below:
Root-CA -> ...
0
votes
1
answer
919
views
Nginx Config file need to be configure
I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
rootca.crl
Intermediate-CA:
intermediateca.key
intermediateca.crt
...
0
votes
0
answers
1k
views
How to debug ssl_client_verify = NONE while the client cert is supplied?
We've a nginx setup running on docker.
nginx version: 1.13.11
openssl version 1.1.1
docker os image: Ubuntu 18.04.2 LTS docker container running on an aws ec2 instance running: 18.04.6 LTS (Bionic ...
1
vote
1
answer
2k
views
How to setup the OCSP responder
I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
Intermediate-CA:
intermediateca.key
intermediateca.crt
Server:
server....
1
vote
0
answers
789
views
Nginx OCSP Stapling is Not Working
I have generated the certificates as given below:
Root-CA -> Intermediate-CA -> Server
Root-CA:
rootca.key
rootca.crt
Intermediate-CA:
intermediateca.key
intermediateca.crt
Server:
server....
6
votes
0
answers
12k
views
SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client:
A few months ago I started getting complaints from dozens of users about getting errors when connecting to my site. When I look into the error.log of nginx I see daily SSL errors:
I have no idea what ...