All Questions
587
questions
1
vote
0
answers
103
views
wget / openssl : Unable to locally verify the issuer's authority
I have wildcard certificate (*.example.com) from DigiCert
Have following files in the zip file from DigiCert portal
DigiCert Global Root G2.pem
DigiCertCA.crt
star_example_com.crt
TrustedRoot.crt
I ...
- 101
0
votes
0
answers
24
views
How to check OpenSSL: alert internal error, handshake failure for CA
Context is our Mosquitto broker, running on a certain domain. User can connect via TLS only.
We are using a self-signed certificate for this purpose, because we want to sign client certificates by ...
- 125
0
votes
0
answers
293
views
curl: (60) SSL: unable to obtain common name from peer certificate
I'm trying to create self-signed certificates for my webserver but it's not going well. The title is the error message curl gives me when I run
curl --noproxy "*" https://example.com
(with ...
0
votes
1
answer
142
views
Unable to enable specific cipher suites in Nginx
I have a piece of hardware with an outdated list of default cipher suites. We update that list via configuration, but to get the configuration it first needs to talk to a provisioning server.
I've ...
- 974
0
votes
0
answers
376
views
TLS negotiation gets stuck at Client Hello
We are working with a HTTPS endpoint hosted in the UK on an Azure Application Gateway.
So far, all location in the UK and wider have been able to access it.
A specific client site in Singapore cannot ...
- 129
0
votes
1
answer
417
views
Importing SSL certificate in browser does not prevent the secure warning
I have an embedded device (ESP32) that runs an HTTPS server.
I generated the certificates in this way:
openssl req -newkey rsa:2048 -nodes -keyout prvtkey.pem -x509 -days 3650 -out cacert.pem -subj &...
- 163
0
votes
0
answers
433
views
TLS cipher suites ordering
I have nginx configured to use ssl_ciphers PROFILE=SYSTEM;.
And I have Alma Linux configured to use the DEFAULT crypto policy:
~$ update-crypto-policies --show
DEFAULT
From the RHEL 9 documentation:
...
- 193
1
vote
0
answers
803
views
Dovecot: SSL not working (no suitable signature algorithm), other daemons work just fine
I try to secure my Dovecot with SSL/TLS using Letsencrypt certificates. Dovecot immediately closes any TLS connection and reports the confusing error "no suitable signature algorithm" in the ...
- 299
3
votes
1
answer
4k
views
TLS 1.0 broken with newer Debian/OpenSSL
I'm migrating a server running Debian 10 to a server running Debian 12 (and a 6.x kernel), and the last thing that doesn't seem to be working is TLS 1.0, which I've been trying to figure out.
I'm ...
- 234
0
votes
1
answer
486
views
SSL Certificate loading error in postgresql.conf file during restart
openssl genrsa -out root.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chown postgres:postgres server.*
...
0
votes
1
answer
184
views
Identify SSL certificate type for apache configuration
I have SSL certificate files:
Root2023.crt
t1.crt
t1.pem
t1.pk8
on my apache How can I determine which of these files should be used for SSLCertificateFile, SSLCertificateKeyFile, and ...
- 151
0
votes
2
answers
519
views
curl with --cacert fails on almalinux8 but works on ubuntu
We try this:
curl -v --cacert cert.pem https://example.com/path.asmx
on ubuntu its working, we're getting:
successfully set certificate verify locations:
* CAfile: cert.pem
CApath: /etc/ssl/...
- 3
2
votes
2
answers
1k
views
Apache 2.4 on Windows slow to respond to initial first request
I started serving pre-compressed Brotli files on my website https://www.filmfix.com/en/home/. They work; but ever since then, Apache is having response issues along all VirtualHost setups (not just ...
- 274
0
votes
1
answer
896
views
Disable TLSv1.0 and TLSv1.1 when generating certificates using openssl 1.1.1
I am struggling to implement a feature for my certificates. I am generating my certificates with OPENSSL 1.1.1.
I want to allow only TLSv1.2 and TLSv1.3. The other protocols should not be possible (...
-1
votes
1
answer
666
views
Yum to packages.microsoft.com failed on Centos 7
You can say i'm beginner in using Centos. Our regional want to use packages.microsoft.com as repository. We have open the firewall to the packages.microsoft.com. Tracepath is no issue, but when we are ...
- 3