All Questions
54 questions
1
vote
0
answers
16
views
SSL certa sha changed, but Chrome still uses old one
I was forced to change ssl certificate for one from my domains. So, cert changed, sha256 changed. Old cert was not expired yet, but it's now replaced with new one.
But, it looks like Chrome does not ...
- 111
0
votes
1
answer
32
views
"openssl genpkey" can't use option "-cipher des3"
Trying to create RSA key via openssl:
openssl genpkey -algorithm RSA -cipher des3 -outform PEM -pkeyopt rsa_keygen_bits:2048 -out myCA.pem
This output:
genpkey: Use -help for summary.
If I remove -...
- 443
0
votes
0
answers
38
views
No cerificate is in /etc/ssl/certs
I am working on an embedded Linux system (kernel-5.18.18) for an SOC platform.
The system has openssl compiled, and there is an application connecting to cloud server. But the application failed to ...
- 551
0
votes
2
answers
1k
views
Enable TLS on BIND9
I am trying to enable TLS on my BIND server (9.19.16) which is otherwise working fine. When I add the following code to enable TLS, then my BIND server does not start.
named.conf:
tls local-tls {
...
- 101
0
votes
0
answers
80
views
Client Authentication in SSL Handshake
I am trying to understand on how Client Authentication works during SSL handshake process.
Do we need to have Client Leaf certificate in Server truststore ? Is it referred anytime during Handshake ...
- 11
2
votes
1
answer
11k
views
openssl verify - how to verify a single combined certificate bundle file
I maintain/enhance a product that uses a browser-based admin interface. We're late to the party and are only now looking to support HTTPS between the browser and our backend (Apache httpd in front of ...
- 21
1
vote
1
answer
877
views
Nginx Caching SSL Certificate?
Previously(successfully), I had updated my SSL certificates in the same fashion as I tried to do this time. Like 2 files I have, domain.chained.crt and domain.key.
Then ran sudo service nginx restart, ...
- 111
1
vote
3
answers
6k
views
Detect if TLS version prior 1.2 has been disabled on RHEL 7
Situation:
I have a RHEL 7 Virtual Machine and I have installed ActiveMQ (v5.16.0) on it (in /opt/...)
Since few days some of my clients cannot connect anymore on the openwire SSL port (61617) with ...
- 1,727
0
votes
1
answer
2k
views
RSYSLOG force only TLS 1.3 version
Debian: 10.10
rsyslog-gnutls: 8.1901.0-1
libgnutls: 30.6.7
I search in where path and name file insert this var "gnutlsPriorityString".
What is her path? And her Name file? to put this var &...
- 45
1
vote
0
answers
488
views
SMTP Server Mail Alerts using TLS and authentication
i am a bit new in using SMTP server Alert configurations on AIX 7.1 OS . i am currently using below syntax which is running fine :
mail -s "Subject" "[email protected]" < /path/to/my/...
- 21
0
votes
1
answer
367
views
Tomcat http to https
I am newbie to tomcat, in that case i had my website to work under
http://myserver:8080/path/login/login.html
I wanted to activate https with the port 8443
https://myserver:8443/path/login/login.html
...
- 77
1
vote
1
answer
7k
views
Dovecot Active:failed because of ssl_cert: can't open file /etc/dovecot/private/dovecot.pem: Permission denied. Why?
Hello I try to follow this Postfix/Dovecot tutorial series:
https://www.youtube.com/watch?v=njiNRppQNJw&list=PLibQjquhfgjjosRrZxlDepXfehDXuQJu_&index=5
When I run dovecot:
sudo service dovecot ...
- 115
1
vote
2
answers
1k
views
existing x509 certificate how to add extended key usage
I have an existing X509 certificate, can I still add an extended key usage item to it now (codesigning) ?
Or do I have to create a new cert?
The extended key usage is written to the public key, right?
...
- 195
0
votes
1
answer
4k
views
How to disable all the SSLv2 and SSLv3 SSL protocols in RHEL?
I have edited the following line in the /etc/httpd/conf.d/ssl.conf configuation and restarted the service.
SSLProtocol All -SSLv2 -SSLv3
But when I run the following it still shows that server is ...
2
votes
0
answers
356
views
How to encrypt messages using TLS encryption and send to sys logger?
I am using following logger command to send message to /var/log/message.
logger -n 10.102.5.19 "system shutdown"
my question is, how to encrypt the message("system shutdown") using TLS encryption. I ...
- 21
2
votes
1
answer
5k
views
Invalid SSL certificate only on my Linux machine
I'm hosting a website and my DNS server is from NameCheap, I bought an SSL certificate over there and configure it through nginx, everything were fine, but one day chrome started to complain that the ...
- 123
0
votes
1
answer
660
views
SSL validation fails, after applying SUSE-SLE-Module-Public-Cloud-12-2020-251
Post applying the following OS patch SUSE-SLE-Module-Public-Cloud-12-2020-251 (Security Update for aws-cli) for the month of Feb 2020, AWS CLI was throwing the error SSL validation failed. The command ...
- 1
2
votes
1
answer
3k
views
Setting up Apache Mutual Authentication
I was asked to setup an Apache webserver to use Mutual Authentication in order to protect access to a specific folder/file.
The access to this specific file/folder should be granted only if the ...
- 23
1
vote
0
answers
148
views
Secure way to update Date & Time of a Linux Embedded Device
I have a Linux (4.9.171) machine running on ARM Cortex-A processor. The system has internet connection and talks to my server over SSL. At the first boot, I can configure the date and time to it. ...
- 121
0
votes
1
answer
994
views
rsyslogd as a syslog forwarder over TLS (certificate based authentication required)
I want to configure a machines rsyslogd (redhat OS7 in this case) to connect via TLS to a central log collector.
The resyslogd needs to authenticate with a client certificate.
I already have the key, ...
- 101
0
votes
1
answer
3k
views
Unable to connect to remote server using lftp
I'm trying to establish a new ftps connection between two servers, say A and B.
Below are the commands I'm using for establishing the connection. I guess i'm able to connect to the remote server but ...
- 375
0
votes
2
answers
2k
views
Wildcard Certificate & XCA
We bought a wildcard certificate (*.example.com).
I got an .pem file (included Cert and Key), like "wildcard.example.pem".
As Certification Tool, I choosed XCA.
The plan is, to import the Wildcard ...
0
votes
0
answers
335
views
Enable SSLV3 request in libcurl 7.52.1
I am using libcurl 7.52.1 to send http request so far I have successfully tried to send TLS request down to TLSV1.0. I need to send SSLV3 requests how can I enable SSLV3 request on my current libcurl ...
0
votes
0
answers
591
views
google-cloud-print-connector - SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
I have an ancient CentOS 5.11 installation on an inhouse server. The server is due for upgrade in a few months but till then, I'm stuck with 5.11.
I intend to install google-cloud-print-connector but ...
user330934
0
votes
1
answer
6k
views
Options error: Parameter ca_file can only be specified in TLS-mode
Im currently trying to setup an OpenVPN Client on my Raspberry Pi.
I keep on getting some error messages related to TLS.
The syslog gives me this:
Nov 23 08:34:56 raspberrypi ovpn-ersterclient[1370]...
- 1
0
votes
1
answer
35
views
Linux host (Cpanel) - Cloudflare free SSL Certificate -> Connection is not secure -
I have a website that is hosted in a Linux Server and I would like to solve a doubt about SSL certificate. Every time that a user access my website, part of this website is marked by browsers as "...
- 1
18
votes
1
answer
49k
views
Install Self Signed Certificate to Alpine Linux
How do you install a self signed cert chain into Alpine Linux?
I've a self signed cert chain that I've been using in Ubuntu, for example:
bacon.crt
-----BEGIN CERTIFICATE-----
328FjQIFJNVBLAHBLAH
--...
- 530
0
votes
1
answer
229
views
Create self-signed certificate on Suse Linux 4.4
I try to create a self-signed certificate for a intranet.
I am following this suse documentation.
It says:
Change into the directory /usr/share/doc/packages/apache2 and run the
following command:...
- 2,118
1
vote
1
answer
4k
views
rsyslog with TLS
I need to disable TLS 1.2 and make sure connection accept TLS version 1.1 cipher suite SHA: AES128 & SHA: AES256. I do not find any supporting documentation to where to define TLS version. I ...
- 4,199
0
votes
0
answers
50
views
Generate Self-sign certificate from existing CA
I have following two file on Linux Web server.
CA = cacert.pem
Key = key.pem
Now i want to generate certificate from it so what i need to do?
- 1,662
1
vote
0
answers
286
views
Is this the right way to generate a wildcard CSR?
I generated my CSR on an Amazon Linux system using this command
openssl req -new -sha256 -key ~/mymaindomain.com.ssl/mymaindomain.com.key -out ~/mymaindomain.com.ssl/mymaindomain.com.csr
I verified ...
- 2,678
5
votes
1
answer
5k
views
All TLS requests giving Peer's certificate issuer has been marked as not trusted by the user
When I try an https request to google.com, I just recently started seeing
[root@ip-172-31-47-76 ~]# curl -I -v https://google.com
* Rebuilt URL to: https://google.com/
* Trying 216.58.193.78...
* ...
- 51
0
votes
1
answer
77
views
Local websites not loading on one specific computer
I have two computer both with a fresh quasi-identical Slackware install. I use Waterfox 56 for browser and try to access my websites on my local webserver. The local webserver uses TLS certificates ...
- 199
0
votes
1
answer
926
views
How can I enable SSL on my Apache for more than one port? (Got an eror)
I need to enable SSL for more ports than 443. I've tried it this way:
First I've added the port to my ports.conf
Listen 8081
After this I've edited my vHost in my Apache:
<VirtualHost *:8081>...
3
votes
2
answers
5k
views
Force TLS 1.2 system wide for all applications?
The organization I work for has lots of servers that run Linux.
We have recently been tasked with ensuring TLS 1.2 is used for all outbound connections for all our apps, regardless of the development ...
- 1,719
1
vote
1
answer
3k
views
How do root ca certificates get updated on linux?
I was reading about adding new root CA certificates. I have figured that out but I wanted to know how already existing certificates get updated? Do they get updated over network every time the machine ...
- 111
0
votes
1
answer
602
views
Ubuntu default page on 443 port instead node.js app
I'm trying to display node app on 443 port with SSL but server shows me default ubuntu page all the time. I've set redirect from 80 port to 443 and it's working fine.
Node app is working on 3000 port ...
- 101
0
votes
0
answers
405
views
Key mismatch on Apache server when there should not be
So I've tried dealing with support on this with no luck. They're confirmed that my certificate and private key are matching.
My FQDN is also the same as in the certificate - I'll just call it ...
1
vote
0
answers
407
views
Ignore certificate check while fetching kickstart file that is located in an un-trusted location
I have been using kickstart file that is located in remote (in an untrusted location). I want to fetch the kickstart file while booting the OS for automated installation.
I used to mention my ...
- 603
5
votes
1
answer
2k
views
Access https web page via Firefox/Chrome from command line
Is there a way to download a web page in a fashion similar to curl/wget, but via Firefox/Chrome instead? I'm using GNU/Linux. I want to be able to do this exclusively from the command line, so that I ...
- 53
3
votes
1
answer
5k
views
OpenVAS certificate
I have an error when trying to rebuild my openvas database that appears to be caused by a certificate problem. I'm out of the usual debugging I'd so and I'm at a loss as to what is going on.
Here's ...
- 1,027
1
vote
1
answer
2k
views
curl download works fine but wget fails using ssl
When I try to download a file using curl command, the file is downloaded successfully:
curl -O https://domain/file --capath /etc/ssl/certs/
% Total % Received % Xferd Average Speed Time ...
- 11
18
votes
2
answers
3k
views
Untrusting an intermediate CA in Linux?
From this blog.
Intermediate CAs are certificates signed by a root CA that can sign arbitrary certificates for any websites.
They are just as powerful as root CAs, but there's no full list of the ...
- 195
0
votes
0
answers
7k
views
TLS on vsftpd in browser does not exist: 530 Non-anonymous sessions must use encryption
I have installed vsftpd on debian 8 and I configured it in /etc/vsftpd.conf like so:
listen=YES
pam_service_name=vsftpd
use_localtime=YES
anonymous_enable=YES
anon_root=/var/ftproot/anonymous
...
- 1,022
2
votes
2
answers
20k
views
curl: (77) pbm with the SSL CA cert (path? access rights?)
I am in root in my directory on CentOS release 6.6 and I want to do the following in order to install mysql in upper version on centOS:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-...
- 1,022
0
votes
1
answer
7k
views
How can I configure TLS1.1 on LFTP?
I need to configure TLS1.1 for lftp?Also how can I check which version of TLS is running on my Redhat Linux OS ?
- 13
-1
votes
1
answer
127
views
Puppet agent certificate error after rebuilding openstack instance
I have an open-stack instance vm , and puppet agent was working fine on it. By running the command puppet agent -t, it was good. But for some reason i had to rebuild the instance by using the open-...
- 7,312
0
votes
1
answer
4k
views
invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 368
SMTP SEND CRITICAL - invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 368
I am using a nagios script /usr/lib/nagios/plugins/check_smtp_send that sends an email using gmail.
...
- 113
0
votes
2
answers
449
views
Cannot disable SSLv3 on Amazon Linux Instance
I am using SSL Certificate issued by Go Daddy.
On my Linux Instance following are the software details :-
Apache Version - Apache/2.4.16 (Amazon)
Openssl Version - OpenSSL 1.0.2c 12 Jun 2015
...
7
votes
2
answers
22k
views
How to verify a service is listening on both ipv4 and ipv6?
I want to check whether https service is listening on both IPv6 and IPv4.
And also when I am accessing url via browser, I want to know request is served by IPv4 or IPv6.
- 1,389