Super User
Super User

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within, or linking from your own program), and a series of command line tools for common tasks such as creating SSL certs or testing SSL connections.

745 questions
139
votes
3 answers

How to use password argument in via command line to openssl for decryption

So it's not the most secure practice to pass a password in through a command line argument. That said, the documentation for openssl confused me on how to pass a password argument to the openssl command. Here's what I'm trying to do openssl…
David Sulpy
  • 4,089
111
votes
6 answers

OpenSSL missing during ./configure. How to fix?

I was trying to install node.js and found OpenSSL support missing during ./configure. How can I fix it? Is it a mandatory step? Would the --without-ssl option fix the problem? # ./configure Checking for gcc : ok Checking for…
P K
  • 2,233
107
votes
8 answers

Avoid password prompt for keys and prompts for DN information

I am using following code to generate keys: apt-get -qq -y install openssl; mkdir -p /etc/apache2/ssl; openssl genrsa -des3 -out server.key 1024; openssl req -new -key server.key -out server.csr; cp server.key server.key.org; openssl rsa -in…
JP19
85
votes
6 answers

How to use ssh-rsa public key to encrypt a text?

So, the scenario is: Given I'm Bob, I want to encrypt some message for Alice. The only public key I have is her ssh-rsa id_rsa.pub like this: ssh-rsa…
sikachu
  • 953
  • 1
  • 7
  • 6
64
votes
7 answers

openssl "unable to find 'distinguished_name' in config"

I get the following error from openssl req: unable to find 'distinguished_name' in config problems making Certificate Request 41035:error:0E06D06C:configuration file routines:NCONF_get_string:no…
Thanatos
  • 2,542
54
votes
2 answers

OpenSSL CA keyUsage extension

I want to set up a chain of certificates, with a self signed 'root' CA at the top that signs sub CAs, which can then sign client and server certificates. When setting up openssl.cnf, I noticed a keyUsage parameter, which apparently needs to be set…
Robin McCorkell
  • 1,176
40
votes
2 answers

Does Heartbleed affect ssh keys?

Does the recent Heartbleed bug affect the ssh keys I've generated and use to push/pull code with Github, Heroku, and other similar sites? Do I need to replace the keys I've been using?
LikeMaBell
  • 503
40
votes
1 answer

How to pass arguments like “Country Name” to OpenSSL when creating self signed certificate?

I can create a self-signed certificate using this command openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt But is it possible to pass arguments like “Country Name,” “State or Province Name” etc. to OpenSSL…
Alexander Zeitler
  • 1,343
32
votes
2 answers

Remove Key Password with OpenSSL

This is something I've wanted to do for a while now. There wasn't a question already for it so I'm putting one in. How do you remove a password from a .key file using OpenSSL.
Matt Vukomanovic
  • 931
30
votes
3 answers

Can't import public key into OSX Keychain

I created a couple of self-signed S/MIME certificates (using OSX Keychain & OpenSSL) and then exported these into 3 files: Certificate (.cer) Private Key (.p12) Public Key (.pem) When attempting to import these back into another Mac, the…
Prembo
  • 401
30
votes
4 answers

Create self signed certificate with subjectAltName to fix [missing_subjectAltName] in Chrome 58+

I'm trying to create a self signed certificate for localhost containing subjectAltName to satisfy Chrome 58+: createcertificate.sh: #!/usr/bin/env bash filename="$1server" openssl req -new -sha256 -nodes -out ./../nginx/ssl/${filename}.csr -newkey…
Alexander Zeitler
  • 1,343
28
votes
4 answers

Can self-signed SSL certificate be renewed? How?

I'm fairly new to SSL certificates and would like to know if a self-signed certificate which I use for HTTPS can be renewed to extend its expiry date without all clients of the site having to go through the "allow exception" process they have to do…
FriendFX
  • 927
27
votes
1 answer

Why openssl insist on requiring a passphrase on genrsa command?

Issue command: openssl genrsa -out rsaprivatekey-nake.pem -des3 1024 If not providing a passphrase(just press enter when requested), it keeps saying: Enter pass phrase for…
Jimm Chen
  • 6,464
25
votes
2 answers

What is NSS error -5961 (PR_CONNECT_RESET_ERROR)

Can someone enlighten me the meaning of "NSS error -5961 (PR_CONNECT_RESET_ERROR)"? I am trying to connect to bitbucket.org with "https" protocol but got a refuse from the server. Then, I try to use curl on the command line and see this output. #…
microstrip
  • 353
25
votes
2 answers

Permissions for SSL key?

I'm trying to set up a secure connection (https) in nginx. But I'm a bit worried about the private key's permissions, which aren't mentioned in any tutorial. Should I change them? To what?
ChocoDeveloper
  • 2,877
1
2 3
49 50