Questions tagged [openssl]
OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions.
716 questions
3
votes
1
answer
62
views
Help finding/disabling OpenSSL cipher suites
I have a RHEL 9 server and our vulnerability scanner found the following two cipher suites on the server which we need to disable.
TLS 1.2 ciphers:
TLS_RSA_WITH_AES_256_CCM
...
- 33
0
votes
1
answer
118
views
openssl file encryption (private encrypted RSA key and public key)
I generate private encrypted RSA key:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out key_enc_private.pem -aes256
Then I extract public RSA key:
openssl rsa -pubout -in ...
- 131
3
votes
1
answer
154
views
openssl - problem using an intermediate CA
I am trying to understand how to sign stuff using an intermediate CA certificate. I have developed a rather simple example (using https://gist.github.com/jadbaz/9350f4df4e4ef4c5d256889aa3d5a5ed as the ...
- 687
1
vote
1
answer
35
views
openssl - Is it possible to generate a V1 x.509 ca certificate with openssl 3.2?
In openssl 3.0.7 I can see this in openssl-ca manpage:
-extensions section
The section of the configuration file containing certificate extensions to be added when a certificate is ...
- 687
0
votes
0
answers
71
views
PHP Rebuild Using Updated OpenSSL
My current setup uses a very old OS (CentOS7.9). I just installed PHP8.2.26 using CWP's PHP Version Switcher module. CentOS yum only updates to OpenSSL to v1.0.2k which is what I had installed. I ...
- 103
0
votes
5
answers
129
views
How to select string delimited by two differnt string pattern
I am having an output similar to the file (filename whatever.com) below...
[...]~ # tmsh list sys file ssl-cert whatever.com_2024
sys file ssl-cert whatever.com_2024 {
certificate-key-size 2048
...
- 69
2
votes
1
answer
113
views
How to encrypt a file with Yubikey with openssl
I try to encrypt a file with my Yubkey and openssl on linux. My YubiKey is a
idProduct 0x0407 Yubikey 4/5 OTP+U2F+CCID
bcdDevice 5.24
First I extract my Public key from my ...
- 123
0
votes
0
answers
44
views
Nagios check_http returning Cannot make SSL connection error on CentOS 7
I'm running a site on Apache (httpd) on a CentOS 7 host and monitoring it using Nagios on another CentOS 7 host. The configuration in Nagios is:
define service {
check_command ...
- 131
0
votes
0
answers
25
views
How to successfully patch openSSL?
I have a computer with unix and an old binary version of OpenSSL installed (version 1.0.2h). I came across the link below:
https://github.com/cloudflare/sslconfig/tree/master
and it suggests I could ...
- 11
0
votes
1
answer
74
views
"openssl genpkey" can't use option "-cipher des3"
Trying to create RSA key via openssl:
openssl genpkey -algorithm RSA -cipher des3 -outform PEM -pkeyopt rsa_keygen_bits:2048 -out myCA.pem
This output:
genpkey: Use -help for summary.
If I remove -...
- 443
0
votes
0
answers
25
views
Loading volume into docker container
I am using Ubuntu on my host machine, and I have a docker container also running Ubuntu that contains an ASP .NET website. Now the issue is I can't seem to figure out how to get the container to mount ...
- 1
4
votes
2
answers
1k
views
Where are the intermediate CA certificates?
In the folder /etc/ssl/certs/ i can well see:
Symbolic links to the certificates stored at /usr/share/ca-certificates/
The BUNDLE file ca-certificates.crt which contains all certificates in PEM ...
- 163
0
votes
3
answers
110
views
Is there a way to use openssl cms with a symmetric key without exposing the key on the command line?
I use openssl cms to encrypt and sign files sent to embedded Linux devices. I use PKI for the verification step and a symmetric key for the decryption step. It recently occurred to me that when ...
- 153
0
votes
0
answers
88
views
No cerificate is in /etc/ssl/certs
I am working on an embedded Linux system (kernel-5.18.18) for an SOC platform.
The system has openssl compiled, and there is an application connecting to cloud server. But the application failed to ...
- 591
1
vote
0
answers
779
views
Error when installing openssl-devel [sss_cache] DB version too old
I am building a RHEL8 instance and when installing openssl-devel and python36-devel I get the error
[sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old
[0.23], expected [0.24] for ...
- 11