All Questions
55
questions
0
votes
0
answers
486
views
CA-Certificate and Server Certificate are expired! - openVPN - Server <--> Client(x)
I am hosting an openVPN-Service to connect ~30 IoT-Clients directly to my Server. I have forgoten to extend the lifetime of the self-signed ca.cert and the server.crt. Now my openVPN-Clients could not ...
1
vote
0
answers
143
views
OpenSSL issue with Rancher/Kubernetes cluster on RHEL 8
So we are working on setting up a big Rancher/Kubernetes cluster on a bunch of RHEL 8 servers. We have everything installed and have Rancher running on a 3 node cluster behind a load balancer. The ...
-2
votes
1
answer
1k
views
What Cipher Suites to use with OpenSSL 1.1.1 for TLSv1.3?
What cipher suites to use with OpenSSL 1.1.1 for TLSv1.3?
I really want it to be AES56 or CHACHA20.
0
votes
1
answer
397
views
Is it possible to generate a certificat with CN contains only asterisk
I am developing a web server for a local device.
The device will be accessed locally and not from outside using local ip address.
I generated a certificate using openssl with CN=* in order to ...
-1
votes
1
answer
329
views
How to secure Monit web interface with SSL? [duplicate]
I have an Ubuntu 20.04 server and I installed Monit.
I want to secure the web interface. I followed the following instructions :
https://doc.ubuntu-fr.org/monit
$ cd /var/certs
$ sudo openssl req -new ...
1
vote
3
answers
529
views
Avoid to write clear password in a sh script
I'm writing shell script on my custom board. In this script I use openssl to encode file at runtime using this command:
openssl des3 -salt -in file.txt -out my_file.des3 -k my_password
Is there a ...
8
votes
3
answers
14k
views
Perfect SSL Labs score with nginx and TLS 1.3?
I have created an nginx config that got a perfect score on Qualsys SSL Labs using only TLS v1.2, and I'd like to try and get a perfect score using both TLS v1.2 and v1.3.
Consider this snippet of ...
0
votes
1
answer
146
views
Server config - Is security reduced or compromised if too few SSL cipher options are included?
When I input my server version (NGINX 1.16.0) and OpenSSL Version (1.0.2k) into the Mozilla SSL Configuration Generator I get a long list of SSL ciphers.
For example,
ssl_ciphers ECDHE-ECDSA-AES128-...
0
votes
0
answers
303
views
AWS - Encrypting/Decrypting sensitive consumer data - Does my workflow look secure?
I will be using AES-256 symmetric encryption VIA Open SSL. Please have a look at my workflow and let me know if it looks secure.
Encryption workflow
1: APP will encrypt data securely using Open SSL ...
1
vote
1
answer
839
views
Sign a document and verify Date of signature (openssl)
First off: openssl's options make my head spin :)
I have a file that I want to sign (foo.doc), and at some point in the future I want to prove the date/time the file was signed. How do I do this?
I ...
0
votes
3
answers
783
views
Minimum Hardware Requirement For Setting Up OpenSSL Certificate Authority in Linux
I've been seeing a lot of OpenSSL Certificate Authority "how tos" for Linux, but if I plan to create our own Certificate Authority for a WAN network both externally and internally...
What is the ...
1
vote
1
answer
3k
views
How to fix the invalid name in the ssl certificate [duplicate]
I generated ssl certificate with:
openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.csr
openssl req -x509 -sha256 -days 12775 -key key.pem -in csr.csr -out certificate....
0
votes
1
answer
836
views
Openvpn setting up new CA.cert, server key on old setup
I mistakenly deleted keys folder with ca.cert, server.key and dh2048.perm. I have multiple clients located various places which are still connecting with server.
I want to generate new set of ca.cert,...
5
votes
1
answer
7k
views
How to remove the CA root certificate from a pfx file in Windows?
On a windows 2012 R2 and a Windows 10 machine there is a pfx file which contains the certificate chain for the server. I created this file using Windows MMC certificate export tool. The choices were ...
0
votes
2
answers
2k
views
Unable to verify signature (openssl)
I am trying to verify a signature, but get "unable to load key file." This is a CentOS server with OpenSSL version 1.0.2 (22 Jan 2015).
The keys are generated like this:
ssh-keygen -t rsa -f ...