Questions tagged [openssl]
OpenSSL: The Open Source Toolkit for SSL and TLS
414
questions with no upvoted or accepted answers
6
votes
0
answers
12k
views
SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client:
A few months ago I started getting complaints from dozens of users about getting errors when connecting to my site. When I look into the error.log of nginx I see daily SSL errors:
I have no idea what ...
6
votes
0
answers
4k
views
Remotely Monitoring RDP Certificate
We use OpenSSL on a CentOS 6 server to monitor the certificate on servers for RDP.
To do this we use:
openssl s_client -connect SERVER01:3389 -prexit
This has worked flawlessly until 4 days ago, ...
6
votes
1
answer
1k
views
IIS 6.0 SSL handshake error
Hi all I installed a trusted certificate in an IIS 6.0 server. I have the port 443 opened in the firewall and I verified the server is listening on that port. However when verifying using openssl I ...
5
votes
0
answers
7k
views
How to add a friendly name in a x509 certificate or pkcs#7 with OpenSSL
I would like to know if it is possible to insert a friendly name in a generated certificate, or in a p7 file. I found that is possible with a p12 file with -name option, but it seems to be impossible ...
5
votes
2
answers
6k
views
How to verify signature on a file using OpenSSL with custom engine
Update Dec 28, 2017 – 3:
The author of OpenSSL DSTU module kindly provided patch to OpenSSL+DSTU implementation with a fix for the issue, and assisted further.
I was able to accomplish what I need ...
5
votes
0
answers
4k
views
Invalid key length error when trying to connect phpmyadmin to remote MySql over SSL
I get these error messages when logging in to phpmyadmin instance
Error during session start; please check your PHP and/or webserver log file and configure your PHP installation properly. Also ...
4
votes
0
answers
3k
views
Is there a way to create a PEM file using PowerShell and only PowerShell?
I'm looking for a way to create an AES-128 key in PEM format (Base64 encoded text file) using PowerShell. All the examples I can find assume the user has OpenSSL installed. The equivalent OpenSSL ...
4
votes
0
answers
1k
views
Building NTP with OpenSSL
I am trying to build the latest version of NTP (4.2.8p3 released on 2015/06/29) with OpenSSL support.
I can definitely build NTP but when I try to use ntp-keygen to create a new certificate it tells ...
4
votes
0
answers
4k
views
OpenSSL SHA256 testing
I'm having an issue testing a hardened SSL configuration for pound.
One of the requirements is for the inclusion of AES[128|256]-SHA256 ciphers, along with strict ordering of preference. I've ...
3
votes
0
answers
2k
views
NGINX Client Certificate with Indirect CRL
I'm trying to implement mTLS using Nginx SSL Module. Everything works fine until I give Nginx CRL files concatenated in PEM format because one of the CRL is an Indirect CRL.
The chain for a leaf ...
3
votes
0
answers
6k
views
error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
I am using openssl to sign certificate in CentOS 7.4 like this:
[root@ops001 cert]# openssl x509 -req -in client.csr -CA ./kubernetes.crt -CAkey kubernetes-key.pem -days 3650 -CAcreateserial -out ...
3
votes
1
answer
4k
views
nginx config using variable in ssl_certificate path throws permissions error
The nginx configuration server block:
localhost:/etc/nginx$ cat nginx.conf | grep -B 3 -A 6 '$ssl_server_name'
server {
listen 443 ssl http2 default_server;
ssl_certificate /etc/...
3
votes
0
answers
4k
views
Chrome client certificate prompt doesn't list my certificates
I'm in charge of my organization's certificate scheme, I am trying to conform to the new requirements enforced by Google Chrome regarding RFC2818 (the requirement for "Subject Alternate Name" in a ...
3
votes
0
answers
2k
views
How do I get Prosody to use TLS 1.2?
I have Prosody running on my Ubuntu 14.04 LTS server. I have OpenSSL 1.01f installed, which is confirmed by running openssl version. TLSv1.2 is supported and confirmed by running openssl ciphers -v '...
3
votes
0
answers
2k
views
Client SSL certificate verify error in Nginx
We have a ROOT CA ( ADCS ) which we use to signed a client certificate which we use for Client Certificate Verification in Nginx.
This is the relevant Nginx configuration file :-
...