Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1624 questions
70
votes
9 answers

Convert from P7B to PEM via OpenSSL

On Ubuntu, I cannot convert certificate using openssl successfully. vagrant@dev:/vagrant/keys$ openssl pkcs7 -print_certs -in a.p7b -out a.cer unable to load PKCS7 object :PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting:…
Kevin Meredith
  • 1,309
  • 2
  • 15
  • 21
23
votes
14 answers

error while loading shared libraries: libcrypto.so.1.1

When I run "openssl" I am getting an error as below : openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory" This happened after I attempted to update OpenSSL according to this…
mayasl
  • 339
20
votes
1 answer

What does verify return:1 mean in the openssl output

I don't understand the openssl output. Running openssl as follows: #openssl s_client -connect google.com:443 -CAfile cacert.pem < /dev/null Ultimately all is well in that the end entity's cert was verified OK: Verify return code: 0 (ok) but what…
jouell
  • 621
17
votes
1 answer

OpenSSL: genrsa vs genpkey?

Why does OpenSSL provide two utilities with so much overlap genpkey: OpenSSL> genpkey - Usage: genpkey [options] where options may be -out file output file -outform X output format (DER or PEM) -pass arg output file pass…
Evan Carroll
  • 2,422
9
votes
1 answer

Odd error while using openssl

When I use openSSL and a config file to sign a intermediate certificate I constantly get the same error. The errors are: 140736005481480:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/Volumes/Project -…
Matthew N
  • 203
8
votes
1 answer

openssl: Allow usage of insecure client certs

I have an application which has been distributed looooong ago. That application offers https interface to clients with client certificate authentication. By the time the application was released, providing 1024 bits key length certificates was…
alxgomz
  • 1,650
8
votes
1 answer

Converting PEM to PKCS12 using intermediate certificate

I'd like to convert a PEM(+key) certificate to a *.p12 file. I know this is how I do it when I don't have an intermediate certificate: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt How do…
Ztyx
  • 1,405
  • 3
  • 15
  • 28
6
votes
1 answer

pkcs12: import password and PEM password

Why does openssl is requesting me two passwords in order to get -info of a pkcs12 key? It's requesting me Import Password and PEM Pass Phrase: ➜ front git:(master) ✗ openssl pkcs12 -info -in front.p12 Enter Import Password: MAC: sha1, Iteration…
Jordi
  • 261
  • 2
  • 7
  • 15
6
votes
1 answer

openssl secure renegotiation (not supported)

I'm running a web service implemented on Ubuntu 14.04 LTS server. I'm debugging TLSv1 connection breaking after some time between a client using openssl version 0.9.7m and a server using openssl 1.0.1f. I don't have access to the client side myself,…
talamaki
  • 163
6
votes
1 answer

How do I find SSL enabled ports or SSL instances on Linux RHEL 5.3

I am trying to do an audit of SSL enabled ports/services running on our Linux RHEL 5.3 servers . I am trying to find which ports on our servers are SSL enabled. I am not sure how to find this .I need to know how to check which ports are using SSL…
Dominiqs
  • 187
5
votes
1 answer

How to extract public key from a .der file in SubjectPublicKeyInfo format?

I have a public key that appears to be in the SubjectPublicKeyInfo format. I say "appears" because the only thing I know about this key that it loads a Java application using X509EncodedKeySpec which, according to documentation is used for loading…
Ya.
  • 171
5
votes
1 answer

How to inherit the commonName to the subject alternative name

On my pc with Windows 10 installed, I have to use OpenSSL. I have downloaded the version 1.0.2n and following this guide: Creating an SSL Certificate with Multiple Hostnames I modified the openssl.cfg configuration file (located in…
Luca Sepe
  • 153
4
votes
1 answer

what does connected(00000005) and verify return:1 in openssl s_client command

I am trying to test icinga2 client and server connectivity with openssl command and I am using a command like following line in client openssl s_client -CAfile /var/lib/icinga2/certs/ca.crt -cert /var/lib/icinga2/certs/.crt -key …
Murat Suluhan
  • 43
4
votes
1 answer

How to issue SSL certificate with SAN extension?

I have a pair of Root CA keys. How to issue a new SSL certificate with SAN (Subject Alternative Name) extension? I tried this openssl genrsa -out ssl.key 2048 openssl req -new -config ssl.conf -key ssl.key -out ssl.csr openssl x509 -req -sha256…
dizel3d
  • 171
4
votes
1 answer

What are the best options for a generating a secure SSL certificate/csr?

To preface, I have searched a lot but can't seem to find the right search terms. I generated a CSR using the following command: openssl req -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ssl.key -out /etc/ssl/ssl.csr With the generated CSR I…
Geostyx
  • 73
1
2 3 4