Skip to main content
Server Fault

Questions tagged [openssl]

Ask Question

OpenSSL: The Open Source Toolkit for SSL and TLS

1,629 questions
Newest Active Bountied Unanswered
0 votes
0 answers
377 views

TLS negotiation gets stuck at Client Hello

We are working with a HTTPS endpoint hosted in the UK on an Azure Application Gateway. So far, all location in the UK and wider have been able to access it. A specific client site in Singapore cannot ...
Paul Ridgway's user avatar
Paul Ridgway
  • 129
0 votes
0 answers
80 views

Free ipa errors when using SAN in certificate request

When I try to sign a CSR for a device and include the SAN ip attribute it errors with the following. ERROR: invalid 'csr': IP address in subjectAltName (x.x.x.x) unreachable from DNS names my IPA ...
Kendrick's user avatar
Kendrick
  • 303
0 votes
0 answers
75 views

How to add certificates to an existing PKCS#7 bundle (p7b) file?

I have a PKCS#7 bundle (p7b file) that holds many public S/MIME certificates, and I need two more certificates in the bundle. Is there a way to add these certificates using openssl (or possibly ...
not2savvy's user avatar
not2savvy
  • 227
0 votes
1 answer
447 views

Nginx 1.25.3 on docker TLSv1 is not working

I have nginx 1.25.3 on docker, not the Alpine version. The underlying OS is Ubuntu 22. When the TLS 1 protocols are configured like this: ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; The ...
0xPwn's user avatar
0xPwn
  • 97
0 votes
0 answers
805 views

Verify return code: 21 unable to verify the first certificate

I'm encountering an issue on my Ubuntu server when attempting to establish an email connection from the frontend application. The error message I receive reads: "Verify return code: 21 unable to ...
Swapneswar Mohapatra's user avatar
Swapneswar Mohapatra
  • 1
0 votes
1 answer
418 views

Importing SSL certificate in browser does not prevent the secure warning

I have an embedded device (ESP32) that runs an HTTPS server. I generated the certificates in this way: openssl req -newkey rsa:2048 -nodes -keyout prvtkey.pem -x509 -days 3650 -out cacert.pem -subj &...
Mark's user avatar
Mark
  • 163
1 vote
1 answer
2k views

Use openssl 3 to create a self-signed certificate just like what "New-SelfSignedCertificate" can

First of all, I did googling about openssl, such as this one, and also tried dozens of time on creating a valid self-signed certificate. But I guess asking on serverfault would be much quicker. My ...
user53815's user avatar
user53815
  • 83
0 votes
2 answers
108 views

In Postfix, Should SSL FQDN Matches with myhostname or mydomain field in /etc/postfix/main.cf?

Quoted from the documentation: myhostname The internet hostname of this mail system. The default is to use the fully-qualified domain name (FQDN) from gethostname(), or to use the non-FQDN result ...
Thor-x86_128's user avatar
Thor-x86_128
  • 203
0 votes
0 answers
433 views

TLS cipher suites ordering

I have nginx configured to use ssl_ciphers PROFILE=SYSTEM;. And I have Alma Linux configured to use the DEFAULT crypto policy: ~$ update-crypto-policies --show DEFAULT From the RHEL 9 documentation: ...
McLayn's user avatar
McLayn
  • 193
2 votes
1 answer
267 views

openssl ignores intermediate certificate in pkcs12 file

After creating a new S/MIME certificate, I am stuck with creating a valid PKCS #12 file that is accepted by most mail clients: $ openssl verify smime.pfx CN = [email protected], emailAddress = mail@...
Stephan Windmüller's user avatar
Stephan Windmüller
  • 123
-1 votes
1 answer
3k views

OpenSSL 1.0.2 SHA1 requirement causing HTTPS compatibility error with Microsoft Edge 119 ERR_SSL_PROTOCOL_ERROR [closed]

I encountered the problem described in this Thread but with the Microsoft Edge browser version 119, which has been published on November 2, 2023. The problem only seems to occur on webserver instances ...
Enrique SM's user avatar
Enrique SM
  • 3
1 vote
0 answers
803 views

Dovecot: SSL not working (no suitable signature algorithm), other daemons work just fine

I try to secure my Dovecot with SSL/TLS using Letsencrypt certificates. Dovecot immediately closes any TLS connection and reports the confusing error "no suitable signature algorithm" in the ...
user2690527's user avatar
user2690527
  • 299
1 vote
1 answer
2k views

keytool error: java.security.cert.CertificateParsingException: signed fields invalid

I have a X509 certificate pem file I got from Mongo Atlas. I'm trying to import it into the keystore like so: keytool -importcert -file X509-cert.pem -alias myalias -keystore mykeystore.p12 -storetype ...
ritratt's user avatar
ritratt
  • 139
0 votes
1 answer
277 views

Configure OpenVPN with existing certificate

I want to configure OpenVPN with available certificates, without using easy-rsa. I use openssl to generate private.key and csr.csr. Then I use opensource CA EJBCA to authenticate csr and create a ...
Patrick's user avatar
Patrick
  • 1
0 votes
1 answer
171 views

installed homebrew openssl library not found when building MongoDb PHP driver on Mac

Similar to this questioner, due to a 502 Bad Gateway error, following the PHP docs I am attempting to build the PHP Mongo driver from scratch, using a modified ./config step ./configure --with-mongodb-...
wonder95's user avatar
wonder95
  • 123

15 30 50 per page
1
2
3 4 5
109