Questions tagged [ssl]
SSL/TLS is a cryptographic protocol designed to provide communications security over a computer network. It is the S in HTTPS, IMAPS, SMTPS, etc.
685 questions
0
votes
0
answers
13
views
Importing Client Certs into Firefox
Making an attempt to put some client certs into Firefox on Red Hat. I am attempting to do this at provision using puppet. Everything I looked into said to put the key.db and cert.db files into a /home/...
1
vote
0
answers
16
views
SSL certa sha changed, but Chrome still uses old one
I was forced to change ssl certificate for one from my domains. So, cert changed, sha256 changed. Old cert was not expired yet, but it's now replaced with new one.
But, it looks like Chrome does not ...
- 111
0
votes
1
answer
32
views
"openssl genpkey" can't use option "-cipher des3"
Trying to create RSA key via openssl:
openssl genpkey -algorithm RSA -cipher des3 -outform PEM -pkeyopt rsa_keygen_bits:2048 -out myCA.pem
This output:
genpkey: Use -help for summary.
If I remove -...
- 443
4
votes
2
answers
673
views
Where are the intermediate CA certificates?
In the folder /etc/ssl/certs/ i can well see:
Symbolic links to the certificates stored at /usr/share/ca-certificates/
The BUNDLE file ca-certificates.crt which contains all certificates in PEM ...
- 163
0
votes
1
answer
36
views
cannot manage CUPS printers over http://
I have a CUPS server on my local network. I can connect to the CUPS web interface:
http://10.1.1.128:631/
but when I want to log in as admin, or manage printers, I get this message:
which after few ...
0
votes
0
answers
38
views
No cerificate is in /etc/ssl/certs
I am working on an embedded Linux system (kernel-5.18.18) for an SOC platform.
The system has openssl compiled, and there is an application connecting to cloud server. But the application failed to ...
- 551
1
vote
1
answer
78
views
How to disable TLSv1.2 in my CENTOS based system
I want to disable TLSv1.2 in my centOS based RHEL system. I don't have a lot of knowledge of server management or security protocols, but the VAPT report says that we need to close TLSv1.2.
i have two ...
- 11
1
vote
1
answer
156
views
Debian ca-certificates package contains expired trust certificates
Today on Debian GNU/Linux 12 (bookworm) install ca-certificates package and checked the /etc/ssl/certs directory .pem files, noticed some of the certificate expired.
These certificates expired in 2023,...
- 340
0
votes
1
answer
67
views
Redirected too many times after adding ssl certificate to nginx
Before adding ssl_certificate, my nginx.conf is very simple:
server {
listen 80 default_server;
index index.php index.html index.htm;
location ~ [^/]\.php(/|$) {
...
- 1,736
0
votes
0
answers
31
views
self-signed certificate doesnt work in my browser firefox/chrome
Self-signed certificate is generated by openssl utility.
CA.crt and intermediate.crt are added to /etc/pki/ca-trust/source/anchors/ and /usr/share/pki/ca-trust-source/anchors/ on my client host(...
- 115
0
votes
1
answer
494
views
SSL Handshake Error across several Fresh Oracle Linux 9 Installs
I have been trying to install the latest version of Oracle Linux 9.4, but I am unable use network functionality out-of-the-box or make any SSL connections, like updating packages or browsing the web. ...
- 81
1
vote
1
answer
69
views
Why is my web server serving HTTPS content on port 80?
Apache webserver on Rocky Linux 9, with SSL certs obtained from LetsEncrypt. This is the config of a specific virtual host "myvhost", but the problem arises for all vhosts on my server:
/etc/...
- 30.7k
0
votes
1
answer
100
views
Postfix TLS Anonymous and Untrusted
We use Postfix on a RHEL server to distribute email to our opted-in users each morning. We recently enabled smtp (outbound) TLS. The majority of our email is delivered on Trusted TLS Connections. ...
- 211
0
votes
1
answer
210
views
How can I grant read permission for HTTPS certificates?
I'm enabling Gitea HTTPS access.
On my server I got certificates using Certbot.
The certificates are installed into:
Certificate Path: /etc/letsencrypt/live/mydomain/fullchain.pem
Private Key Path: /...
- 733
1
vote
1
answer
81
views
What tools are available to obtain SSL certs from a CA for an isolated/airgapped system?
In the past, I have been able to leave the peculiarities of SSL certs to others, an mostly depend on self-signed certificates. That day has come to a close.
I need to step up and configure a secured ...
- 113
0
votes
0
answers
39
views
Freeradius how to block EAP-MD5 when not used with EAP-TTLS?
I'm new in freeradius and I'm trying to block the MD5 authentification when it is not used in the TLS tunnel from eap-ttls. I still want to enable the MD5 authentification as a inner method with TTLS.
...
- 1
0
votes
2
answers
53
views
OpenSSL: Create CAfile
I have a X.509 certificate mycert.pem and a private-key mykey.pem for it.
Furthermore the certificate has a root-certificate and a intermediate-certificate to build a complete chain.
I had to add both ...
- 771
1
vote
0
answers
49
views
ldapsearch with mTLS (and selective curves)
I have to request a LDAP-server.
It is strictly mutual-TLS secured.
If I try TLS with openssl it works.
But I have to provide -cert, -key and -curves to openssl s_client to make it work.
Without ...
- 771
3
votes
2
answers
321
views
How do I verify ssl / tls connection with openssl non-interactively (from a script)?
When I execute:
openssl s_client -connect google.com:443
openssl s_client -connect government.ru:443
This gives me valuable output, but I would like openssl to close the connection and exit returning ...
- 785
0
votes
1
answer
59
views
Problem When Compiling with Slackbuild Script
I have done a full install of slackware 15.0. Previously, I had no problem compiling & installing software using sboui or directly from the Slackbuild script. Lately I have been getting errors. ...
- 418
0
votes
1
answer
72
views
ECDHE key exchange in OpenSSL going wrong (Outlook vs Cyrus imapd) - how to solve?
I am trying to connect Outlook 2019 to a Cyrus imapd server, using an SSL connection on port 993, and using ECDHE for key agreement. Whatever I do, this does not work although the imap server is set ...
- 3,717
0
votes
0
answers
297
views
Ubuntu, failed to join an AD over TLS/SSL with realmd
actualy I tried to establish a connection between a Ubuntu-Host and an Active Directory, with the goal to authentification my Linux-Host over the AD.
For this, I use SSSD and Realmd, but not ADSys. We ...
0
votes
0
answers
250
views
Apple iPad cannot access IMAP via Dovecot -- SSL unsupported protocol
I have a mail server that has been running for quite some time. Most of my clients use non-Apple devices or are okay with web-clients. I am only now running into this roadblock, because a new client ...
0
votes
1
answer
22
views
redirect to SSL works but get variables don't work
I have nginx and in server section and port 80 I redirect my host to port 443 such as:
server {
location / {
return 307 https://$host$request_uri/?lang=fa
}
}
It's work and redirect to ...
- 11.1k
0
votes
1
answer
464
views
Postfix TLS error message
I have a strange message in my Postfix server (on Debian 12) and only when receiving a message from Outlook:
postfix/smtpd[1621610]: connect from
mail-vi1eur02olkn2098.outbound.protection.outlook.com[...
- 1
2
votes
3
answers
764
views
Deploying private CA certs to debian devices
We have a private certificate authority (CA) which is only used on sites in our intranet.
I can get the certificate easily:
openssl s_client -showcerts -connect atlas.sim.local:8443 </dev/null 2>...
- 14.8k
0
votes
1
answer
267
views
How do I verify a TLS certificate with a self-signed CA?
I generate TLS certificates and sign them using a self-signed CA.
There are numerous small errors that can happen in this process and cause the certificate to get rejected. Browser seem to serve very ...
- 1,005
0
votes
0
answers
2k
views
Disable TLSv1.0 and TLSv1.1 using httpd CentOS7
I'm trying to disable TLS 1.0/1.1 for PCI Compliance, but having problems.
Running CentOS 7 / Apache 2.4.6
The Server is setup with multiple hosts.
All the documentation I've found is similar but ...
- 23
0
votes
1
answer
1k
views
Obtain a Wordpress Website with a Proxmox container available from outside with https (ssl encryption)
My prelimanary actions:
setting up a ddns hostname with noip service (ok)
configured to automatically keep alive the association on my home router(ok)
installed a proxmox server v8 (ok)
create a lxc ...
- 25
0
votes
1
answer
41
views
How to identify on console for a remote server what TLS it is providing on an HTTPS endpoint
I would like to find a way, to identify what type of TLS a remote HTTPS endpoint is providing, using only "standard" Linux command-line tools.
I would like to know, what type of TLS the ...
- 101
1
vote
1
answer
2k
views
How do I resolve a TLS Error associated with smtpd?
I found the following in the logs:
sssd_kcm[425899]: Starting up
postfix/submission/smtpd[425910]: initializing the server-side TLS engine
postfix/submission/smtpd[425910]: connect from unknown[::1]
...
- 11
0
votes
0
answers
785
views
Curl error SSL3_CHECK_CERT_AND_ALGORITHM: dh key too small
When I run a get request from Curl to a web service I get the error SSL3_CHECK_CERT_AND_ALGORITHM: dh key too small. Server is on CentOS 6.6 and web service is a Java application (OpenJDK 1.7) running ...
- 543
0
votes
1
answer
142
views
Unbound dns over tls
I have unbound installed and it works just fine (debian testing).
I also have a domain at duckdns.org.
I would like to set DoT on my Android phone as xxxxx.duckdns.org, so i can make all requests go ...
- 1
0
votes
2
answers
1k
views
Enable TLS on BIND9
I am trying to enable TLS on my BIND server (9.19.16) which is otherwise working fine. When I add the following code to enable TLS, then my BIND server does not start.
named.conf:
tls local-tls {
...
- 101
0
votes
1
answer
5k
views
wget error: certificate owner does not match hostname
wget command fails to download a file with error "The certificate's owner does not match hostname"
Full command output is show below:
wget https://server.example.com/dist/software-1.0.rpm
...
- 109
0
votes
0
answers
1k
views
Peer certificate cannot be authenticated with given CA certificates
Running on Alma Linux 8.8 but can't install the package. I get Peer certificate cannot be authenticated with given CA certificates. I have updated all packages with dnf update but the error is still ...
- 543
0
votes
1
answer
154
views
SSL cert recognized by OpenSSL but not geventhttpclient
I have an instance of an NVIDIA Triton Inference Server. Then, there is the Python's client which uses geventhttp Python's package to perform the requests.
This is all deployed as microservices, so in ...
- 305
0
votes
1
answer
47
views
How should I modify the Qt5 source code if I want to add back SSLv3 support in the libqt5network5 module?
I am on an Intel x86_64 CPU architecture platform running a Debian Bullseye Linux distro. On that platform runs a custom application. This application is a 32-bit software running as a systemd service ...
0
votes
1
answer
229
views
LAN drivers causing Layer 4 corruption
I'm relatively sure that my drivers are causing some level 4 packet corruption on my system. I'd like to know how to solve this..
Diagnostics:
any form of git clone on large repos will invariably ...
- 127
0
votes
1
answer
49
views
Firefox does not recognize the sustom SSL via my own CA whereas other browsers do?
I made a script that generates a CA file and a SSL signed by the CA:
#/usr/bin/env bash
# Absolute path to this script, e.g. /home/user/bin/foo.sh
SCRIPT=$(readlink -f "${BASH_SOURCE}")
# ...
- 1,149
1
vote
1
answer
60
views
Why does Debian require a restart for login to self hosted Docker Repo after new SSL and Ubuntu does NOT x509: certificate signed by unknown authority
I have two servers, one Debian Buster (Debian 4.19.208-1) and the other is Ubuntu 18 (Ubuntu 18.04.6).
I recently updated the SSL on a self hosted Docker Image Repo and noticed that on the Ubuntu ...
- 2,652
0
votes
1
answer
238
views
Adding SSL certificates to HAProxy with certbot
I am trying to configure my Nginx server to act as my primary load balancer. I have done the necessary package installation with certbot but the problem comes in when I try to configure my haproxy.cfg ...
0
votes
1
answer
5k
views
Failed to start The Apache HTTP Server
I'm having a problem with an SSL Certificate.
I was using a Let's Encrypt certificate and everything was fine.
I'm trying to switch to a certificate issued from DigiCert, and can't seem to get it ...
- 23
0
votes
1
answer
334
views
HAProxy over Tomcat returns Error 403
I have an old server which runs a Tomcat service on port 8080. For various reasons (including securing the access from clients) I had to set up a HAProxy server in front of it, secured with a SSL ...
- 30.7k
0
votes
1
answer
321
views
Attempt to connect to ExpressVPN Server fails
for several months, if not weeks, I have had a fully functional connection to an ExpressVPN server via the "NetworkManager" on OpenSuse, but now, suddenly, it reports "failed to ...
- 13
0
votes
0
answers
1k
views
How to configure Privoxy HTTPS inspection?
After following through the docs at www.privoxy.org, I have created a cert and key with openssl, placed them into the CA directory at /usr/local/etc/privoxy/CA/, and given permissions to the privoxy (...
- 101
3
votes
1
answer
2k
views
Why curl running from a container complains about local issuer certificate when all the certificates are supposedly present?
Here is my docker command line:
mark@L-R910LPKW:~$ docker run -v /etc/ssl:/etc/ssl -v /usr/local/share/ca-certificates:/usr/local/share/ca-certificates -v /usr/share/ca-certificates:/usr/share/ca-...
- 379
0
votes
0
answers
207
views
How should a docker container obtain a reference/path to a file which exists outside of the docker container
I have a service running in a docker container which needs to load an SSL certificate that is generated by cerbot.
Certbot always puts the files in a directory like /etc/letsencrypt/live/example.com/...
- 113
0
votes
0
answers
154
views
telnet localhost 25 vs telnet localhost 587
I install a postfix with the following postconf -n:(however I changed my domain to example.com)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
...
- 11.1k
0
votes
1
answer
180
views
Curl Error 60 After Accidentally Deleting known_hosts file
I have a couple of Raspberry Pies that upload webcam images to a web host using a bash shell script.
This is the upload code, which is identical on each Pi:
curl -s -S -u myname: \
--...
- 247