Not Using SHA-1 Certificate For Self-signed SSL

Dear All,

I am trying to install a certificate and then authenticate with LDAP,
but I think I have been lost somewhere in the middle :

In a CentOS 7 system,
First, I would like to make sure that the certificate is installed and used :

Code:

yum install ca-certificates
update-ca-trust enable
cp cacert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

When I do :
Code:

openssl s_client -showcerts -connect ...:636

Code:

openssl verify cacert.pem 
cacert.pem: OK

Code:

openssl version -d
OPENSSLDIR: "/etc/pki/tls"

Solved with :
Quote:
openssl s_client -showcerts -connect ...:636

Hi,

Friends,

Good Morning to all. I have some queries about openssl. I googled for by query but i did not got the relevant answer, hence I came here and i am guaranteed that you gyes will help me definitely as you helped me before as well.

My scenario is I had one centOS 6 server which had openssl version as
Code:

 rpm -qa|grep openssl
openssl-1.0.1e-30.el6_6.5.x86_64
openssl-devel-1.0.1e-30.el6_6.5.x86_64

CentOS 6 provides php5.3 as default
Code:

yum list php
Loaded plugins: downloadonly, fastestmirror, presto
Determining fastest mirrors
base                                                                                                                                    | 3.7 kB     00:00
epel                                                                                                                                    | 4.4 kB     00:00
epel/primary_db                                                                                                                         | 6.4 MB     00:00
extras                                                                                                                                  | 3.4 kB     00:00
panopta                                                                                                                                 |  951 B     00:00
updates                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                      | 2.1 MB     00:00
Available Packages
php.x86_64                                                                5.3.3-40.el6_6                                                                updates

But I need php5.2, so i preferd to go compilation. It gave me some errors while doing make regarding openssl. I googled for it, gave solution of downgrading openssl.

As default openssl can't be removed, I prefered installing openssl-0.9.x through compilation with --prefix option. After doing I was able to compile php-5.2 successfully.

Now in my server there are followings installed.

Code:

[next02admin@NEXT02VMD02 ~]$ /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (the default one)

[next02admin@NEXT02VMD02 ~]$ /usr/local/bin/openssl version
OpenSSL 0.9.8e 23 Feb 2007 (the compiled one)

[next02admin@NEXT02VMD02 ~]$ php -v
PHP 5.2.10 (cli) (built: Jul  1 2014 00:39:27)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

[next02admin@NEXT02VMD02 ~]$ rpm -qa|grep httpd
httpd-tools-2.2.15-39.el6.centos.x86_64
httpd-2.2.15-39.el6.centos.x86_64
httpd-devel-2.2.15-39.el6.centos.x86_64

Now My question is,
1) Is it safe to use both openssl versions simultaneously.
2) Will it cause any vulnerability on my site (prod ENV), if it will affect to prod env, then to what extend.

Your replies will be very very appreciable. I will be very thankful to you.

Regards,

SSR

Hello,

I am using " Red Hat Enterprise Linux ES release 4 (Nahant Update 5)
Kernel \r on an \m
" and have " OpenSSL 0.9.7a Feb 19 2003 "
I wish to update openssl to new version OpenSSL 1.0.2a.

Please advise...

Thank you very much.

I have a user: mim that has within it a folder /mimmim and within that, a folder called
/Src. user: mim has root privileges.

There is an Install file in /home/mim/ that uses a file in /Src called pgp.h. pgp.h references a file /openssl/opensslv.h. The opensslv.h is actually in the newer openssl installations he /usr/local/ssl/include/openssl/

I tried to do a 'sudo ln -s /usr/local/ssl/include/openssl openssl' from /home/mim/, as well as from within the /home/mim/mimmim/ and from within /home/mim/mimmim/Src/. I still get this error however:

pgp.h:16:30: fatal error: openssl/opensslv.h: No such file or directory
compilation terminated.

I guess I am not sim linking correctly.

Hello All,

I am rookie when it comes to security protocols and I am learning this as part of my job responsibilities.

Recently our Application started implementing TLSv1.2 and here are some questions that I have from my observations.

1st the term ciphers, keys, certs are all very confusing to however I started to get some understanding of these as I am reading a lot of stuff.
Now, my application is running on "X" server and only accepts TLS1.X connections since the i use java 7 where ssl2Hello is disabled

now from Server "A" when I run cmd: openssl s_client -tls1 -host xxx -port yyyy
I get back a response in which I see a line
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
the openssl version on server A is: 1.0

when I run the same command from another server "B" I get a response in which the line says:
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
the openssl version on server B is: 0.9

My understanding of cipher was something that is enforced by the application server "X" and not by the client that is making the call. Is that a wrong understanding ?
And how can I find out what type of cipher is being enforced by the server "X" when someone makes a call to it.

Anyone who can help me understand why the difference how this entire stuff operates.
Help much appreciated.

Hi All,

I have facing a problem with cron job.
Actually on the client server there are some cronjob scheduled
as follows:

@daily sh_file.sh 2>&1>> /dev/null #Contact: vali.zachia@gmail.com
@hourly php demo.php 2>&1 >> /dev/null
10 2 * * * wget --no-check-certificate url 2>&1 > /dev/null #Cron IE
10 2 * * * wget --no-check-certificate url 2>&1 > /dev/null #cron EN
@daily sh script.sh
@daily sh script.sh
@daily sh script.sh
@hourly wget --no-check-certificate url 2>&1 > /dev/null
@daily wget --no-check-certificate url 2>&1 > /dev/null #Cron Poland
@daily wget --no-check-certificate url 2>&1 > /dev/null #Cron Norway
@daily wget --no-check-certificate url 2>&1 > /dev/null #Cron Portugal
10 2 * * * wget --no-check-certificate url 2>&1 > /dev/null #Cron GR
@daily wget --no-check-certificate url 2>&1 > /dev/null
@daily wget --no-check-certificate url 2>&1 > /dev/null
@daily wget --no-check-certificate url 2>&1 > /dev/null #Denmark



Cronjobs are scheduled daily/hourly.

But what happends after every hour/day there is a blank file created in a folder .

like :
hourly.1

hourly.2
hourly.3
hourly.4

and so on similary for daily scripts.

I am not sure whether these are created by cron job
So please clarify whether cronjob provides some thing like above or it is the code problem

Hello,
Our business is supposed to install a few certificates in order to be able to communicate with Authorize.net. However, there is no indication of how to actually install these certificates. I've installed apache SSL certs before but this looks completely different.

This is the document I found:
http://community.developer.authorize...015/ba-p/50430

I am using a 32-bit Fedora server.
Please help as this is important for financial reasons.

Am trying to set up SSH key authentication with my new VPS.

When I use CyberDuck to log in to my VPS, the "fingerprint" is not matching the one that was created when my keys were created and the connection is failing.

I am wondering if the problem is due to the fact that I ran ssh-keygen on my MacBook and then copied and pasted the Public Key into a webform in cPanel?

While my host allows you to generate the key pair on the VPS, it creates a security issue in that I would then have to find a safe way to get my Private Key back to my MacBook.

So, instead, I opted for the opposite approach and chose to create the key pair on my Mac - thus leaving the Private Key untouched on my Mac.

Any idea what is going on?


Rob

hi guys,

i understand the concept of a public and private key for ssh signing and encryption...i just dont get the implementation.

if you have a client and a server and you want two way communication do both have to have each others public keys in the .ssh/authorized_keys files on each respectively?

should you use a password? does it matter if you want to run say rsync from one to the other with a cron job or script?

does anybody just have a breakdown of exactly what you need to do and how it works in different situations...

i found this:

https://www.digitalocean.com/communi...up-ssh-keys--2

seemed to help...but im still not 100% clear...

For the last few weeks I've been trying to setup SSH keys from my main Linux server to all of the other Linux servers that I use.

I'm using the HOWTO here

http://unix.stackexchange.com/questi...authentication

It didn't work. It was still asking for a password or the pass phrase.

So...I did my troubleshooting he

http://unix.stackexchange.com/questi...authentication

In the end, I deleted all of the public/private keys and did the following steps:

ssh-keygen (not specifiying a rsa key)

and then to copy over the key I did the following ssh-copy-id username@xx.xx.xx.xx

...and it worked!

I'm wanting to understand why this is working Vs the ways I'm seeing on other websites.

thanks