Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions

271

votes

6 answers

how to download the ssl certificate from a website?

I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?

asked May 07 '10 at 21:01

RainDoctor

4,422
3
23
25

226

votes

6 answers

How do I view the details of a digital certificate .cer file?

I am using Windows and have been given a .cer file. How can I view the details of it?

ssl-certificate openssl certificate

asked Dec 23 '10 at 09:21

yazz.com

7,193
15
38
39

204

votes

9 answers

Heartbleed: What is it and what are options to mitigate it?

This is a Canonical Question about understanding and remediating the Heartbleed security issue. What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are vulnerable, what are the symptoms, are there…

security openssl heartbleed

asked Apr 08 '14 at 00:26

Jacob

9,204
4
45
56

195

votes

14 answers

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?

ubuntu security ssl ssl-certificate openssl

asked Apr 23 '14 at 18:15

pdeva

2,447
5
18
15

172

votes

9 answers

Is it possible to generate RSA key without pass phrase?

I'm working with Apache2 and Passenger for a Rails project. I would like to create a self-signed SSL Certificate for testing purposes. sudo openssl rsa -des3 -in server.key -out server.key.new When i enter the above command, it says writing RSA…

apache-2.2 https openssl passphrase

asked Mar 05 '12 at 06:28

diya

1,873
2
14
8

145

votes

3 answers

ssh-keygen does not create RSA private key

I'm trying to create a private key and having an issue. When I use ssh-keygen -t rsa -b 4096 -C "your_email@example.com", I get a private key in the following format. -----BEGIN OPENSSH PRIVATE…

ssh openssl mac

asked Nov 13 '18 at 23:44

Moon

2,123
4
24
23

141

votes

2 answers

How can I verify if TLS 1.2 is supported on a remote web server from the RHEL/CentOS shell?

I'm on CentOS 5.9. I'd like to determine from the linux shell if a remote web server specifically supports TLS 1.2 (as opposed to TLS 1.0). Is there an easy way to check for that? I'm not seeing a related option on openssl but perhaps I'm…

linux centos openssl tls

asked Oct 21 '14 at 20:39

Mike B

11,871
42
107
168

134

votes

7 answers

Certification authority root certificate expiry and renewal

In 2004, I set up a small certification authority using OpenSSL on Linux and the simple management scripts provided with OpenVPN. In accordance with the guides I found at the time, I set the validity period for the root CA certificate to 10 years.…

openssl certificate-authority

asked Aug 30 '11 at 08:34

Remy Blank

1,995
3
15
11

101

votes

2 answers

I have a keypair. How do I determine the key length?

Using OpenSSL from the command line in Linux, is there some way to examine a key (either public or private) to determine the key size?

linux encryption openssl

asked Oct 27 '11 at 19:37

jdw

3,855
2
17
21

votes

8 answers

Heartbleed: how to reliably and portably check the OpenSSL version?

I was looking at a reliable and portable way to check the OpenSSL version on GNU/Linux and other systems, so users can easily discover if they should upgrade their SSL because of the Heartbleed bug. I thought it would be easy, but I quickly ran into…

linux ubuntu security openssl heartbleed

asked Apr 07 '14 at 23:51

Martijn

votes

15 answers

What causes SSH error: kex_exchange_identification: Connection closed by remote host?

I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session. I can myself connect and authenticate without any…

ssh ssl openssl ssh-keys connection

asked May 04 '20 at 09:25

soliz

votes

5 answers

Best location to keep SSL certificates and private keys on Ubuntu servers?

On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/ This answer adds that the certificate should go in /etc/ssl/certs/ but that seems like an unsafe place. Do .crt files…

ubuntu debian ssl ssl-certificate openssl

asked Apr 13 '11 at 15:56

Adam Nelson

1,647
3
14
12

votes

6 answers

Generating a self-signed cert with openssl that works in Chrome 58

As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%7Csort:relevance%7Cspell:false Instead it…

ssl ssl-certificate openssl chrome

asked Apr 21 '17 at 13:50

bcardarella

1,737
2
12
10

votes

3 answers

Install openssl-dev on Ubuntu server

In order to compile NGinx in need to install openssl and openssl-dev (I'am following a book guide). So i'am doing this : sudo apt-get install openssl openssl-dev But i get an error telling me that it's impossible to find openssl-dev. Also after…

ubuntu openssl

asked Mar 19 '11 at 18:21

OXMO456

votes

9 answers

Convert from P7B to PEM via OpenSSL

On Ubuntu, I cannot convert certificate using openssl successfully. vagrant@dev:/vagrant/keys$ openssl pkcs7 -print_certs -in a.p7b -out a.cer unable to load PKCS7 object :PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting:…

openssl

asked Aug 13 '12 at 19:50

Kevin Meredith

1,269
2
15
21

2 3

…

99 100 Next