Questions tagged [openssl]
OpenSSL: The Open Source Toolkit for SSL and TLS
1,629
questions
279
votes
6
answers
582k
views
how to download the ssl certificate from a website?
I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?
254
votes
7
answers
759k
views
How do I view the details of a digital certificate .cer file?
I am using Windows and have been given a .cer file. How can I view the details of it?
206
votes
14
answers
267k
views
How to view all ssl certificates in a bundle?
I have a certificate bundle .crt file.
doing openssl x509 -in bundle.crt -text -noout only shows the root certificate.
how do i see all the other certificates?
204
votes
9
answers
33k
views
Heartbleed: What is it and what are options to mitigate it?
This is a Canonical Question about understanding and remediating the Heartbleed security issue.
What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are ...
175
votes
9
answers
362k
views
Is it possible to generate RSA key without pass phrase?
I'm working with Apache2 and Passenger for a Rails project.
I would like to create a self-signed SSL Certificate for testing purposes.
sudo openssl rsa -des3 -in server.key -out server.key.new
...
149
votes
3
answers
144k
views
ssh-keygen does not create RSA private key
I'm trying to create a private key and having an issue.
When I use ssh-keygen -t rsa -b 4096 -C "[email protected]", I get a private key in the following format.
-----BEGIN OPENSSH PRIVATE KEY--...
143
votes
2
answers
469k
views
How can I verify if TLS 1.2 is supported on a remote web server from the RHEL/CentOS shell?
I'm on CentOS 5.9.
I'd like to determine from the linux shell if a remote web server specifically supports TLS 1.2 (as opposed to TLS 1.0). Is there an easy way to check for that?
I'm not seeing a ...
136
votes
7
answers
156k
views
Certification authority root certificate expiry and renewal
In 2004, I set up a small certification authority using OpenSSL on Linux and the simple management scripts provided with OpenVPN. In accordance with the guides I found at the time, I set the validity ...
103
votes
2
answers
122k
views
I have a keypair. How do I determine the key length?
Using OpenSSL from the command line in Linux, is there some way to examine a key (either public or private) to determine the key size?
88
votes
8
answers
47k
views
Heartbleed: how to reliably and portably check the OpenSSL version?
I was looking at a reliable and portable way to check the OpenSSL version on GNU/Linux and other systems, so users can easily discover if they should upgrade their SSL because of the Heartbleed bug.
...
87
votes
17
answers
747k
views
What causes SSH error: kex_exchange_identification: Connection closed by remote host?
I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session.
I ...
84
votes
5
answers
170k
views
Best location to keep SSL certificates and private keys on Ubuntu servers?
On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/
This answer adds that the certificate should go in /etc/ssl/certs/ but ...
81
votes
3
answers
274k
views
Install openssl-dev on Ubuntu server
In order to compile NGinx in need to install openssl and openssl-dev (I'am following a book guide).
So i'am doing this :
sudo apt-get install openssl openssl-dev
But i get an error telling me that ...
78
votes
6
answers
134k
views
Generating a self-signed cert with openssl that works in Chrome 58
As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%...
71
votes
9
answers
262k
views
Convert from P7B to PEM via OpenSSL
On Ubuntu, I cannot convert certificate using openssl successfully.
vagrant@dev:/vagrant/keys$ openssl pkcs7 -print_certs -in a.p7b -out a.cer
unable to load PKCS7 object <blah blah>:PEM
...