ssl

Subject Alternative Name not present in certificate

南笙酒味 提交于 2021-02-03 06:06:40
问题 I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that field is omitted for some reason. I generate it with the following command: openssl ca -out mycert.pem -infiles mycsr.pem Can it be that my CA cert have to include the same Alt name for it to be included?

Delphi : SSL routines:SSL3_GET_RECORD:wrong version number

倾然丶 夕夏残阳落幕 提交于 2021-01-29 21:15:44
问题 I found several topics about the same problem but it didn't help me to resolve my problem. I'm trying to connect to a FTPS server (with Delphi 10.3) using this code: IdSSLIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil); IdSSLIOHandler.SSLOptions.Method := sslvSSLv3; IdSSLIOHandler.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2]; IdFTP.IOHandler := IdSSLIOHandler; IdFtp.UseTLS := utUseExplicitTLS; IdFtp.DataPortProtection := ftpdpsPrivate;

No able to get client certificate in ssl/tls

倖福魔咒の 提交于 2021-01-29 19:53:14
问题 I'm going to try TLS with mutual authentication using openssl. However, as shown in the output results below, the client can receive a server certificate and output it, but the server has not received the client certificate The details of my work are as follows. Server and client certificate generation (without certificate signing through CA, just self-signing) (1) Generating the server key and certificate. $ openssl genrsa -des3 -out server.key 2048 $ openssl req -new -key server.key -out

need to create certificate with open SSL

牧云@^-^@ 提交于 2021-01-29 19:42:25
问题 I have two servers and on server A I have the open SSL install and on server B, I don't have the open SSL install now if I create a key pair and generate a CSR from server A for server B and get it signed by my root authority and place it on my server B now how this will work when the private key is still present on my server A as I have done everything on server A and just place the signed certificate on server B. how server B will decrypt the traffic when it didn't have the private key.

Java TLS: Disable SNI on client handshake

白昼怎懂夜的黑 提交于 2021-01-29 19:40:50
问题 I'm trying to create a JVM HTTP client which will not send server_name in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI). Setting the serverNames SSLParameters doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark. fun run() { val keyStore = keyStore() val trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) trustFactory.init(keyStore) val sslContext = SSLContext

Verify whether --require_secure_transport=ON for MySQL is working using Spring Boot

跟風遠走 提交于 2021-01-29 19:36:48
问题 I have to enable SSL for Spring Boot + MySQL App I have enabled SSL for MySQL and set --require_secure_transport=ON in my.cnf. When I try to log in to MySQL using mysql -unon_ssl_user -p -h XXX.XXX.100.158 I get ERROR 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON. which is correct as secure transport is forced. I am able to login to mysql using mysql -ussl_user -p -h XXX.XXX.100.158 --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key

SSL For Intranet Applications Deployed at Multiple Companies

会有一股神秘感。 提交于 2021-01-29 19:26:18
问题 I have node application that serves over https. The app is served over the in tra net. I remember generating the SSL key on the Linux command line and they've expired. I have aspirations of installing this app at multiple companies. It will run on each company's int ran et yet I do want the application to be accessible remotely (by setting up some port forwarders on the corporate firewall). The SSL keys are pain. I want the communication to be encrypted, but because I'm generating the SSL

How to install SSL certificate text on Ubuntu nginx

↘锁芯ラ 提交于 2021-01-29 19:21:17
问题 I am running a Ubuntu 18.04 server on AWS Lightsail, using nginx. I have a purchased SSL certificate for my domain name through the domain registrar (domain.com) - I can download the 'certificate' and the 'key' as long strings of text characters/symbols. How do I then 'install' this SSL certificate onto my Nginx server? 回答1: There are two files that must be configured on the Nginx server, the certificate .crt and the certificate key .key , you simply have to have these 2 files on your Nginx

C# RSA decrypt parameter is incorrect

岁酱吖の 提交于 2021-01-29 17:21:58
问题 I am trying to decrypt communication from web sockets secured with SSL certificate. The certificate is installed on the machine and the private key is present. I have this decrypt function public static string DecryptTry(X509Certificate2 x509, string stringTodecrypt) { try { if (x509 == null || string.IsNullOrEmpty(stringTodecrypt)) throw new Exception("A x509 certificate and string for decryption must be provided"); if (!x509.HasPrivateKey) throw new Exception("x509 certificate does not

How to enable TLS for Redis 6 on Sidekiq?

。_饼干妹妹 提交于 2021-01-29 15:44:14
问题 Problem On my Ruby on Rails app, I keep getting the error below for the Heroku Redis Premium 0 add-on: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) Heroku Redis documentation mentions that I need to enable TLS in my Redis client's configuration in order to connect to a Redis 6 database. To achive this, I have read SSL/TLS Support documentation on redis-rb. My understanding from it is; I need to