Skip to main content
Server Fault

Questions tagged [openssl]

Ask Question

OpenSSL: The Open Source Toolkit for SSL and TLS

1,629 questions
Newest Active Bountied Unanswered
1 vote
0 answers
212 views

How to have "empty" for x509's nameConstraints extension subtree?

I am signing x509 certificates that should only be used for CN under a specific domain, not for any IP/email/UPN. the rfc5280 says that passing empty to a permitted value will allow all of those class,...
gcb's user avatar
gcb
  • 122
0 votes
1 answer
838 views

how to work with x509 certificate bundles with openssl

Is it possible to work with x509 certificates in a pkcs7 bundle file? I need to sign all certificates in a bundle with extra x509 extensions. e.g. (if they were a single x509 crt file) openssl x509 -...
gcb's user avatar
gcb
  • 122
1 vote
0 answers
301 views

Not receiving any response from SMTP server after successfully connected via openssl or telnet

I am trying to set up my postfix using Gmail smtp relay server. I have set it up in other servers without issues, but I am having difficulty getting it to work in my work network. I tested if there is ...
ricardo3889's user avatar
ricardo3889
  • 9
-1 votes
1 answer
666 views

Yum to packages.microsoft.com failed on Centos 7

You can say i'm beginner in using Centos. Our regional want to use packages.microsoft.com as repository. We have open the firewall to the packages.microsoft.com. Tracepath is no issue, but when we are ...
Myan's user avatar
Myan
  • 3
0 votes
1 answer
238 views

OpenSSL Error: lib(128):capi_rsa_priv_enc:function not supported in client Auth

My scripts to sign file via API was working properly fine when my previous server setup was Ubuntu 20.04 and openssl version is 1.1.1b. But after upgrade, I am getting this issue. Client environment ...
Manish Pandey's user avatar
Manish Pandey
  • 1
-1 votes
1 answer
767 views

How to verify signed file? [closed]

How to check a validity of a file using openssl and cms? I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate. is there any way to check validity of ...
Nav Boom's user avatar
Nav Boom
  • 3
0 votes
1 answer
456 views

Cannot enable OCSP stapling

Windows Server 2022 Apache x64 2.4.57 OpenSSL 3.0.8 My Apache SSL conf has this: SSLUseStapling On SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(65536)" ...
MonkeyZeus's user avatar
MonkeyZeus
  • 300
0 votes
1 answer
2k views

Remove old Cipher Suites

I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little ...
Rever_2019's user avatar
Rever_2019
  • 3
8 votes
2 answers
1k views

SAN certificate with URI fragment

I need to generate a TLS certificate with a SAN URI where the URI has a fragment (has a hash '#'). But when I try to generate a certificate using openssl, the fragment gets stripped. # generate key ...
Rich Remer's user avatar
Rich Remer
  • 205
0 votes
1 answer
1k views

Enable TLSv1.1 on httpd 2.4.56 running on Docker

I am trying to modernize the infrastructure of a HTTP web service. I want to update the web server to something more recent and secure, but I have to maintain compatibility with some legacy devices in ...
Marco Benetti's user avatar
Marco Benetti
  • 1
3 votes
1 answer
28k views

SSL error "unexpected eof while reading" on same server as the originating request

First, I'm aware of the SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading error stemming from OpenSSL 3 reintroducing a feature to prevent truncation attacks. The question I ...
oucil's user avatar
oucil
  • 598
0 votes
1 answer
1k views

openssl functions randomly returns warning: command substitution: ignored null byte in input

I try to encrypt some loads, here is a minimum working example (is RSA private key) to_be_signed="2f93992bb1db9cab0b3b8fc2de0a2863" #to_be_signed="7d6d2a584a227574e1c113aab56ea490&...
philippe's user avatar
philippe
  • 2,433
10 votes
4 answers
23k views

Error in libcrypto connecting RHEL 9 server to Centos 6 via SFTP/SSH

I am trying to connect from a new RHEL9 server to an older Centos 6 server to SFTP files from the older server to the new one for an upgrade, but when connecting from 9 to 6 I get the following error: ...
Eric W's user avatar
Eric W
  • 109
1 vote
0 answers
447 views

Decrypting Kubernetes secret using the encryption key

I have a toy Kubernetes cluster with Encryption at rest enabled using the abs-256-cbc provider; I have not used any vault here for kms simulating the problem. This means the encryption key is in a ...
P....'s user avatar
P....
  • 111
2 votes
1 answer
4k views

How to support TLS 1 and TLS 1.1 with haproxy 2.4 and OpenSSL 3?

I am trying to support TLSv1.0 and TLSv1.1 with haproxy 2.4.18 (and OpenSSL 3.0.2) on Ubuntu 22.04. I have followed Mozilla SSL Configuration Generator, "Old" configuration, slightly ...
Óscar's user avatar
Óscar
  • 121

15 30 50 per page
1
3 4
5
6 7
109