Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1544 questions

253

votes

6 answers

how to download the ssl certificate from a website?

I want to download the ssl certificate from, say https://www.google.com, using wget or any other commands. Any unix command line? wget or openssl?

asked May 07 '10 at 21:01

RainDoctor

4,162
3
22
25

203

votes

9 answers

Heartbleed: What is it and what are options to mitigate it?

This is a Canonical Question about understanding and remediating the Heartbleed security issue. What exactly is CVE-2014-0160 AKA "Heartbleed"? What is the cause, what OSs and versions of OpenSSL are vulnerable, what are the symptoms, are there…

security openssl heartbleed

asked Apr 08 '14 at 00:26

Jacob

9,114
4
44
56

200

votes

6 answers

How do I view the details of a digital certificate .cer file?

I am using Windows and have been given a .cer file. How can I view the details of it?

ssl-certificate openssl certificate

asked Dec 23 '10 at 09:21

yazz.com

6,743
14
37
38

184

votes

14 answers

How to view all ssl certificates in a bundle?

I have a certificate bundle .crt file. doing openssl x509 -in bundle.crt -text -noout only shows the root certificate. how do i see all the other certificates?

ubuntu security ssl ssl-certificate openssl

asked Apr 23 '14 at 18:15

pdeva

2,327
5
17
15

157

votes

9 answers

Is it possible to generate RSA key without pass phrase?

I'm working with Apache2 and Passenger for a Rails project. I would like to create a self-signed SSL Certificate for testing purposes. sudo openssl rsa -des3 -in server.key -out server.key.new When i enter the above command, it says writing RSA…

apache-2.2 https openssl passphrase

asked Mar 05 '12 at 06:28

diya

1,723
2
13
8

137

votes

3 answers

ssh-keygen does not create RSA private key

I'm trying to create a private key and having an issue. When I use ssh-keygen -t rsa -b 4096 -C "your_email@example.com", I get a private key in the following format. -----BEGIN OPENSSH PRIVATE…

ssh openssl mac

asked Nov 13 '18 at 23:44

Moon

2,033
4
24
23

137

votes

2 answers

How can I verify if TLS 1.2 is supported on a remote web server from the RHEL/CentOS shell?

I'm on CentOS 5.9. I'd like to determine from the linux shell if a remote web server specifically supports TLS 1.2 (as opposed to TLS 1.0). Is there an easy way to check for that? I'm not seeing a related option on openssl but perhaps I'm…

linux centos openssl tls

asked Oct 21 '14 at 20:39

Mike B

11,570
42
106
165

130

votes

7 answers

Certification authority root certificate expiry and renewal

In 2004, I set up a small certification authority using OpenSSL on Linux and the simple management scripts provided with OpenVPN. In accordance with the guides I found at the time, I set the validity period for the root CA certificate to 10 years.…

openssl certificate-authority

asked Aug 30 '11 at 08:34

Remy Blank

1,925
3
14
11

votes

2 answers

I have a keypair. How do I determine the key length?

Using OpenSSL from the command line in Linux, is there some way to examine a key (either public or private) to determine the key size?

linux encryption openssl

asked Oct 27 '11 at 19:37

jdw

3,735
1
17
20

votes

8 answers

Heartbleed: how to reliably and portably check the OpenSSL version?

I was looking at a reliable and portable way to check the OpenSSL version on GNU/Linux and other systems, so users can easily discover if they should upgrade their SSL because of the Heartbleed bug. I thought it would be easy, but I quickly ran into…

linux ubuntu security openssl heartbleed

asked Apr 07 '14 at 23:51

Martijn

votes

6 answers

Generating a self-signed cert with openssl that works in Chrome 58

As of Chrome 58 it no longer accepts self-signed certs that rely on Common Name: https://productforums.google.com/forum/#!topic/chrome/zVo3M8CgKzQ;context-place=topicsearchin/chrome/category$3ACanary%7Csort:relevance%7Cspell:false Instead it…

ssl ssl-certificate openssl chrome

asked Apr 21 '17 at 13:50

bcardarella

1,709
2
11
10

votes

5 answers

Best location to keep SSL certificates and private keys on Ubuntu servers?

On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/ This answer adds that the certificate should go in /etc/ssl/certs/ but that seems like an unsafe place. Do .crt files…

ubuntu debian ssl ssl-certificate openssl

asked Apr 13 '11 at 15:56

Adam Nelson

1,557
3
13
12

votes

3 answers

Install openssl-dev on Ubuntu server

In order to compile NGinx in need to install openssl and openssl-dev (I'am following a book guide). So i'am doing this : sudo apt-get install openssl openssl-dev But i get an error telling me that it's impossible to find openssl-dev. Also after…

ubuntu openssl

asked Mar 19 '11 at 18:21

OXMO456

votes

6 answers

Heartbleed: are services other than HTTPS affected?

The OpenSSL 'heartbleed' vulnerability (CVE-2014-0160) affects webservers serving HTTPS. Other services also use OpenSSL. Are these services also vulnerable to heartbleed-like data leakage? I'm thinking in particular of sshd secure SMTP, IMAP etc…

security openssl heartbleed

asked Apr 08 '14 at 11:21

Flup

7,688
1
31
43

votes

9 answers

Convert from P7B to PEM via OpenSSL

On Ubuntu, I cannot convert certificate using openssl successfully. vagrant@dev:/vagrant/keys$ openssl pkcs7 -print_certs -in a.p7b -out a.cer unable to load PKCS7 object :PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting:…

openssl

asked Aug 13 '12 at 19:50

Kevin Meredith

1,119
2
14
21

2 3

…

99 100 Next