Skip to main content
Server Fault

Questions tagged [openssl]

Ask Question

OpenSSL: The Open Source Toolkit for SSL and TLS

133 questions
Newest Active Bountied Unanswered
204 votes
9 answers
33k views

Heartbleed: What is it and what are options to mitigate it?

This is a Canonical Question about understanding and remediating the Heartbleed security issue. What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are ...
Jacob's user avatar
Jacob
  • 9,232
78 votes
6 answers
134k views

Generating a self-signed cert with openssl that works in Chrome 58

As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%...
bcardarella's user avatar
bcardarella
  • 1,737
88 votes
8 answers
47k views

Heartbleed: how to reliably and portably check the OpenSSL version?

I was looking at a reliable and portable way to check the OpenSSL version on GNU/Linux and other systems, so users can easily discover if they should upgrade their SSL because of the Heartbleed bug. ...
Martijn's user avatar
Martijn
  • 833
65 votes
6 answers
13k views

Heartbleed: are services other than HTTPS affected?

The OpenSSL 'heartbleed' vulnerability (CVE-2014-0160) affects webservers serving HTTPS. Other services also use OpenSSL. Are these services also vulnerable to heartbleed-like data leakage? I'm ...
Flup's user avatar
Flup
  • 8,218
136 votes
7 answers
156k views

Certification authority root certificate expiry and renewal

In 2004, I set up a small certification authority using OpenSSL on Linux and the simple management scripts provided with OpenVPN. In accordance with the guides I found at the time, I set the validity ...
Remy Blank's user avatar
Remy Blank
  • 2,045
279 votes
6 answers
582k views

how to download the ssl certificate from a website?

I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?
RainDoctor's user avatar
RainDoctor
  • 4,574
206 votes
14 answers
267k views

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?
pdeva's user avatar
pdeva
  • 2,557
84 votes
5 answers
170k views

Best location to keep SSL certificates and private keys on Ubuntu servers?

On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/ This answer adds that the certificate should go in /etc/ssl/certs/ but ...
Adam Nelson's user avatar
Adam Nelson
  • 1,717
65 votes
9 answers
148k views

How to split a PEM file

Note : This is not really a question because I already found the answer but since I didn't find it easily here I will post it so that it can benefit others. Question : How to read a concatenated PEM ...
Cerber's user avatar
Cerber
  • 1,271
51 votes
3 answers
159k views

stop apache from asking for SSL password each restart [duplicate]

Using instructions from this site but varying them just a little i created a CA using -newca, i copied cacert.pem to my comp and imported as trusted issuer in IE. I then did -newreq and -sign (note: i ...
user avatar
user274
36 votes
3 answers
102k views

SSL routines:SSL23_WRITE:ssl handshake failure

I'm trying to use OpenSSL to connect to an SSL server. When I run: openssl s_client -connect myhost.com:443 The following SSL client configurations work just fine: Windows (OpenSSL 0.9.83e 23 Feb ...
Jaakko's user avatar
Jaakko
  • 427
28 votes
6 answers
209k views

How to view certificate chain using openssl

I use a mixture of Windows, Linux, and Macs and have noticed big differences in how each OS shows certificate details using the default tools available in each. The way Windows displays certificate ...
KFM's user avatar
KFM
  • 401
14 votes
6 answers
21k views

Debian jessie nginx with openssl 1.0.2 to use ALPN rather than NPN

I am running debian jessie on my server and recently upgraded to new nginx web server with http/2 support (nginx 1.10). As today, it works great and webserver is delivering content with http2 protocol....
Juraj Nemec's user avatar
Juraj Nemec
  • 263
12 votes
3 answers
12k views

Generate self signed SSL certificate for apache

I want to create self signed certificate for the website. The old certificate expired few days ago. There are more than one NameVirtualHosts hosted on systems. The commands I am using to create ...
Saurabh Barjatiya's user avatar
Saurabh Barjatiya
  • 4,723
5 votes
4 answers
17k views

Is there a way, to manually check for openssl CVE-2014-0160 vulnerability?

Is there a way for one to check some of internal services against CVE - CVE-2014-0160 (preferably using openssl CLI)? I CANNOT test everything just by using: Test your server for Heartbleed (CVE-2014-...
alexus's user avatar
alexus
  • 13.6k

15 30 50 per page
1
2 3 4 5
9