Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [openssl]

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions.

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

679 questions
95
votes
3 answers

How do I recover from the Heartbleed bug in OpenSSL?

CVE-2014-0160 a.k.a. Heartbleed is a vulnerability in OpenSSL. It looks scary. How do I determine whether I am affected? If I'm affected, what do I need to do? Apparently upgrading isn't enough.
Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
94
votes
5 answers

How can I verify SSL certificates on the command line?

I'm trying to validate/verify that the rsa key, ca-bundle, and certificate stored here are ok. They are not being served by a webserver. How can I verify them?
xenoterracide
  • 57,918
  • 74
  • 184
  • 250
92
votes
5 answers

Get common name (CN) from SSL certificate?

I have a SSL CRT file in PEM format. Is there a way that I can extract the common name (CN) from the certificate from the command line?
Naftuli Kay
  • 38,686
  • 85
  • 220
  • 311
91
votes
5 answers

How to extract the Root CA and Subordinate CA from a certificate chain in Linux?

I have an end-entity/server certificate which have an intermediate and root certificate. When I cat on the end-entity certificate, I see only a single BEGIN and END tag. It is the only the end-entity certificate. Is there any way I can view the…
Anirban Nag 'tintinmj'
  • 1,115
  • 1
  • 10
  • 10
84
votes
5 answers

How do I convert a ssh-keygen public key into a format that openssl PEM_read_bio_RSA_PUBKEY() function will consume?

I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors. Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I…
PeteP
  • 841
  • 1
  • 7
  • 3
82
votes
8 answers

List all available ssl ca certificates

My git client claims error: Peer's Certificate issuer is not recognized. That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at the list of all system wide available ssl keys on…
Jonas Stein
  • 3,898
  • 4
  • 34
  • 55
70
votes
4 answers

How to export CA certificate chain from PFX in PEM format without bag attributes

I have a PKCS12 file containing the full certificate chain and private key. I need to break it up into 3 files for an application. The 3 files I need are as follows (in PEM format): an unecrypted key file a client certificate file a CA certificate…
BryKKan
  • 2,057
  • 2
  • 14
  • 18
55
votes
1 answer

make fatal error: openssl/sha.h: No such file or directory

I'm trying to compile a program that, according to the documentation, requires the "OpenSSL library". I have OpenSSL installed, and it's still giving me the error openssl/sha.h: No such file or directory. Is there some other library that has to be…
tkbx
  • 10,597
  • 13
  • 35
  • 41
49
votes
5 answers

How do I generate SSHFP records?

I need to setup SSHFP records in the DNS for my host. I have done some searching but I haven't found any good example. What are SSHFP records? What does SSHFP records look like? How do I create SSHFP records?
Mikael Dúi Bolinder
  • 3,982
  • 5
  • 18
  • 23
45
votes
4 answers

"openssl dgst -sha1" producing an extraneous "(stdin)= " prefix and trailing newline

If you run this command on your Unix echo -n "foo" | openssl dgst -sha1 You will get this output: (stdin)= 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33 (followed by a newline). How can I force openssl to not show the (stdin)= prefix, and avoid the…
SecurityClown
38
votes
2 answers

Verifying a SSL certificate's fingerprint?

I'm toying around with a Puppet agent and a Puppet master and I've noticed that the Puppet cert utility provides a fingerprint for my agent's public key as it has requested to be signed: $ puppet cert list "dockerduck" (SHA256)…
Naftuli Kay
  • 38,686
  • 85
  • 220
  • 311
35
votes
8 answers

Apache SSL: server cert does not include ID which matches server name

I'm trying to set up SSL on my apache2 webserver, but it seems that it does not work at all. I have followed a tutorial to create cert files with openssl and configured the /etc/apache2/sites-available/default-ssl.conf properly. Every time I try to…
pixelmusik
  • 611
  • 1
  • 6
  • 9
34
votes
3 answers

How to encrypt messages/text with RSA & OpenSSL?

I have Alice's public key. I want to send Alice an RSA encrypted message. How can I do it using the openssl command? The message is: Hi Alice! Please bring malacpörkölt for dinner!
LanceBaynes
  • 39,295
  • 97
  • 250
  • 349
31
votes
4 answers

Create self-signed certificate with end-date in the past

I would like to create self-signed certificates on the fly with arbitrary start- and end-dates, including end-dates in the past. I would prefer to use standard tools, e.g., OpenSSL, but anything that gets the job done would be great. The Stack…
rlandster
  • 723
  • 1
  • 8
  • 22
30
votes
3 answers

Trust a self signed PEM certificate

I have set up a proxy server with SSL using a PEM certificate. Now, there is a couple of machines of mine that I would like to trust this certificate automatically (without the web browser complaining). How can I install a PEM certificate on each…
admirabilis
  • 4,642
  • 9
  • 41
  • 57
1
2 3
45 46