Multiple Openssl

Dear All,

I am trying to install a certificate and then authenticate with LDAP,
but I think I have been lost somewhere in the middle :

In a CentOS 7 system,
First, I would like to make sure that the certificate is installed and used :

Code:

yum install ca-certificates
update-ca-trust enable
cp cacert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

When I do :
Code:

openssl s_client -showcerts -connect ...:636

Code:

openssl verify cacert.pem 
cacert.pem: OK

Code:

openssl version -d
OPENSSLDIR: "/etc/pki/tls"

Solved with :
Quote:
openssl s_client -showcerts -connect ...:636

Hello,

I am using " Red Hat Enterprise Linux ES release 4 (Nahant Update 5)
Kernel \r on an \m
" and have " OpenSSL 0.9.7a Feb 19 2003 "
I wish to update openssl to new version OpenSSL 1.0.2a.

Please advise...

Thank you very much.

I have a user: mim that has within it a folder /mimmim and within that, a folder called
/Src. user: mim has root privileges.

There is an Install file in /home/mim/ that uses a file in /Src called pgp.h. pgp.h references a file /openssl/opensslv.h. The opensslv.h is actually in the newer openssl installations he /usr/local/ssl/include/openssl/

I tried to do a 'sudo ln -s /usr/local/ssl/include/openssl openssl' from /home/mim/, as well as from within the /home/mim/mimmim/ and from within /home/mim/mimmim/Src/. I still get this error however:

pgp.h:16:30: fatal error: openssl/opensslv.h: No such file or directory
compilation terminated.

I guess I am not sim linking correctly.

Hi,

After upgraded openssl version from 0.9.8zc to 0.9.8zd, how to verify apache is now using the latest openssl version?

Thanks in advance.

Firebug displays the following error when viewing my site:
Quote:
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
My approach to generate self-signed SSL keys is shown below. I didn't think I was using SHA-1, but thought I was using SHA-256.

What should I do to eliminate this warning?

Thank you

Code:

# generate mysite.coms's RSA keypair with 3072 bits and encrypt it
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -aes-128-cbc -out mysite_key.pem

# generate a certificate signing request.  Used FQDN of server (i.e. mysite.com).  Use email with dot to prevent spam.  Didn't include an "extra" password
openssl req -new -key mysite_key.pem -sha256 -days 365 -out mysite_csr.pem

# Remove pass-phrase from the key
cp mysite_key.pem mysite_key.pem.tmp
openssl rsa -in mysite_key.pem.tmp -out mysite_key.pem
rm -f mysite_key.pem.tmp

# sign the certificate with the key itself.  Skip this step if using a CA
openssl x509 -req -in mysite_csr.pem -signkey mysite_key.pem -sha256 -days 365 -out mysite_crt.pem

# Copy the files to the correct locations (don't move since it will cause problems with selinux). Be sure to keep at read only by root
cp mysite_key.pem /etc/pki/tls/private/mysite_key.pem
cp mysite_csr.pem /etc/pki/tls/private/mysite_csr.pem
cp mysite_crt.pem /etc/pki/tls/certs/mysite_crt.pem
rm -f mysite_key.pem
rm -f mysite_csr.pem
rm -f mysite_crt.pem

# update /etc/httpd/conf.d/ssl.conf as follows:
# SSLCertificateFile /etc/pki/tls/certs/mysite_crt.pem
# SSLCertificateKeyFile /etc/pki/tls/private/mysite_key.pem

/etc/init.d/httpd restart

Hello,

I tried as per http://kb.sp.parallels.com/en/118651

Code:

# rpm -Uvh http://dl.fedoraproject.org/pub/epel...6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel...6-8.noarch.rpm
Preparing...                ########################################### [100%]
        package epel-release-6-8.noarch is already installed



[root@aa ~]# yum install php-mcrypt
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * epel: ftp.nluug.nl
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-mcrypt.x86_64 0:5.3.3-3.el6 will be installed
--> Processing Dependency: php(zend-abi) = 20090626 for package: php-mcrypt-5.3.3-3.el6.x86_64
--> Processing Dependency: php(api) = 20090626 for package: php-mcrypt-5.3.3-3.el6.x86_64
--> Finished Dependency Resolution
Error: Package: php-mcrypt-5.3.3-3.el6.x86_64 (epel)
           Requires: php(api) = 20090626
           Installed: php-common-5.4.26-32.el6.art.x86_64 (@atomic)
               php(api) = 20100412-x86-64
           Available: php-common-5.3.3-38.el6.x86_64 (base)
               php(api) = 20090626
           Available: php-common-5.3.3-40.el6_6.x86_64 (updates)
               php(api) = 20090626
Error: Package: php-mcrypt-5.3.3-3.el6.x86_64 (epel)
           Requires: php(zend-abi) = 20090626
           Installed: php-common-5.4.26-32.el6.art.x86_64 (@atomic)
               php(zend-abi) = 20100525-x86-64
           Available: php-common-5.3.3-38.el6.x86_64 (base)
               php(zend-abi) = 20090626
           Available: php-common-5.3.3-40.el6_6.x86_64 (updates)
               php(zend-abi) = 20090626
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Please advise

Thanks in anticipation

hi all,
I am new to cross compilation .I am trying to cross compile ntp for arm based zync soc board. so i have downloaded ntp source code version ntp-4.2.8-p2

i gave options for confiure file like this ./configure --host=arm-xilinix-linux-gnueabi --build=x86_64-pc-linux-gnu --prefix=/home/sntp CC=arm-xilinx-linux-gnueabi-gcc -with-yeilding-select=yes
configuration is succesful but when i am going for make it is throwing an error like this

cd ./html && \
../scripts/build/checkHtmlFileDates
cd . && \
./scripts/build/checkChangeLog
make all-recursive
make[1]: Entering directory `/home/SNTP/ntp-4.2.8p2'
Making all in sntp
make[2]: Entering directory `/home/SNTP/ntp-4.2.8p2/sntp'
[ ! -r ./../COPYRIGHT ] \
|| [ check-COPYRIGHT-submake -nt ./../COPYRIGHT ] \
|| make check-COPYRIGHT-submake
cd ../libntp && make libntp.a
make[3]: Entering directory `/home/sumanth/SNTP/ntp-4.2.8p2/libntp'
CC systime.o
In file included from ../include/ntp.h:14:0,
from systime.c:9:
../include/ntp_crypto.h:27:25: fatal error: openssl/evp.h: No such file or directory
#include "openssl/evp.h"
^
compilation terminated.
make[3]: *** [systime.o] Error 1
make[3]: Leaving directory `/home/sumanth/SNTP/ntp-4.2.8p2/libntp'
make[2]: *** [../libntp/libntp.a] Error 2
make[2]: Leaving directory `/home/sumanth/SNTP/ntp-4.2.8p2/sntp'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/sumanth/SNTP/ntp-4.2.8p2'
make: *** [all] Error 2

suggest me how to fix this?

Regards
sumanth

Hello

I try to install the epel repository so I can install ejabberd.

I do not have epel, it seems :

Code:

[root@serv src]# ls /etc/yum.repos.d/
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-fasttrack.repo  CentOS-Media.repo  CentOS-Vault.repo  n2.repo

So I try to install epel :

Code:

[root@serv src]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing...                ########################################### [100]
	package epel-release-6-8.noarch is already installed

But when I try to install ejabberd :

Code:

[root@serv src]# yum install ejabberd
Loaded plugins: downloadonly, fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: ftp.nluug.nl
 * extras: ftp.nluug.nl
 * updates: ftp.nluug.nl
No package ejabberd available.
Error: Nothing to do

Something is wrong with epel.

Hello All,

I am rookie when it comes to security protocols and I am learning this as part of my job responsibilities.

Recently our Application started implementing TLSv1.2 and here are some questions that I have from my observations.

1st the term ciphers, keys, certs are all very confusing to however I started to get some understanding of these as I am reading a lot of stuff.
Now, my application is running on "X" server and only accepts TLS1.X connections since the i use java 7 where ssl2Hello is disabled

now from Server "A" when I run cmd: openssl s_client -tls1 -host xxx -port yyyy
I get back a response in which I see a line
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
the openssl version on server A is: 1.0

when I run the same command from another server "B" I get a response in which the line says:
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
the openssl version on server B is: 0.9

My understanding of cipher was something that is enforced by the application server "X" and not by the client that is making the call. Is that a wrong understanding ?
And how can I find out what type of cipher is being enforced by the server "X" when someone makes a call to it.

Anyone who can help me understand why the difference how this entire stuff operates.
Help much appreciated.

I have installed httpd, mysql, php on a centos machine. Php executes in the browser of my machines website, mysql can be ran from the command line, but mysql within php in a browser will not work.
I know my code is syntactically correct since it will run on another Centos Lamp machine and NetBeans says it is.
My code
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="300">
<title> Freeze Warn Points table Query"</title>
</head>
<body>
<?php
include("config.php");
echo $dbhost;
echo "<br />\n";
echo $dbuser;
echo "<br />\n";
echo $dbpasswd;
echo "<br />\n";
mysql_connect($dbhost, $dbuser, $dbpasswd) or die("Unable to connect to database");
echo 'Connected Successfully';
mysql_select_db($dbname);

echo "zone"."&nbsp;&nbsp;&nbsp;&nbsp;";
echo "currentLow"."&nbsp;&nbsp;&nbsp;"."dateLastRep"."&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
echo "priority"."&nbsp;&nbsp;&nbsp;"."siteId"."&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp"."siteName";
echo "<br />\n";

$result = $sql = 'SELECT zone, currentLow, dateLastRep, pri, siteId, siteName from points order by zone, pri';
$numRows = mysql_num_rows($result);
echo "Matches: ".mysql_num_rows($result);
for($a=0; $a<$numRows; $a++)
{ $rowArray = mysql_fetch_row($result);
echo $rowArray[0]." ".$rowArray[1]." ".$rowArray[2]." ".$rowArray[3]." ".$rowArray[4]."&nbsp;&nbsp;&nbsp".$rowArray[5]."<br />";
}
mysql_close();
?>
</body>
</html>


When executed on the CENTOS lamp machine in question out puts this

"; $result=mysql_query("SELECT rpad(zone,6,'-'), rpad(currentLow,13,'-'), rpad(dateLastRep,13,'-'), rpad(pri,8,'-'), rpad(siteId,6,'-'), siteName from points order by zone, pri"); $numRows = mysql_num_rows($result); for($a=0; $a<$numRows; $a++) { $rowArray = mysql_fetch_row($result); echo $rowArray[0]." ".$rowArray[1]." ".$rowArray[2]." ".$rowArray[3]." ".$rowArray[4]." ".$rowArray[5]."
"; } mysql_close(); ?>


When I put the same code in the other machine, (it does not have the mysql database so it will not connect) displays this

204.227.112.31
apache
password
Unable to connect to database

httpd is running of course
mysqld is running
I have
mysql-server-5.1.73-3.el6_5.x86_64
php-mysql-5.3.3-40.el6_6.x86_64
mysql-devel-5.1.73-3.el6_5.x86_64
mysql-libs-5.1.73-3.el6_5.x86_64
mysql-connector-odbc-5.1.5r1144-7.el6.x86_64
mysql-5.1.73-3.el6_5.x86_64
php-mbstring-5.3.3-40.el6_6.x86_64
php-odbc-5.3.3-40.el6_6.x86_64
php-imap-5.3.3-40.el6_6.x86_64
php-mysql-5.3.3-40.el6_6.x86_64
php-xml-5.3.3-40.el6_6.x86_64
phpmyadmin-2.11.11.3-2.el6.rf.noarch
php-cli-5.3.3-40.el6_6.x86_64
php-xmlrpc-5.3.3-40.el6_6.x86_64
php-gd-5.3.3-40.el6_6.x86_64
php-5.3.3-40.el6_6.x86_64
php-pdo-5.3.3-40.el6_6.x86_64
php-common-5.3.3-40.el6_6.x86_64
php-ldap-5.3.3-40.el6_6.x86_64
php-pear-1.9.4-4.el6.noarch

Installed.

I checked the php.ini files and the httpd.conf files with the LAMP machine it works on and have been unable to find any discrepancies.
Unless I missed something.

Selinux is disabled.

I know it is not my code, but some type of setting somewhere on my machine, I have not been able to find.
I have been unable to find any thing like this issue.

Thanks,
Nancy