How To Verify Openssl Version In Apache

Dear All,

I am trying to install a certificate and then authenticate with LDAP,
but I think I have been lost somewhere in the middle :

In a CentOS 7 system,
First, I would like to make sure that the certificate is installed and used :

Code:

yum install ca-certificates
update-ca-trust enable
cp cacert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

When I do :
Code:

openssl s_client -showcerts -connect ...:636

Code:

openssl verify cacert.pem 
cacert.pem: OK

Code:

openssl version -d
OPENSSLDIR: "/etc/pki/tls"

Solved with :
Quote:
openssl s_client -showcerts -connect ...:636

Hello,

I am using " Red Hat Enterprise Linux ES release 4 (Nahant Update 5)
Kernel \r on an \m
" and have " OpenSSL 0.9.7a Feb 19 2003 "
I wish to update openssl to new version OpenSSL 1.0.2a.

Please advise...

Thank you very much.

Hi,

Friends,

Good Morning to all. I have some queries about openssl. I googled for by query but i did not got the relevant answer, hence I came here and i am guaranteed that you gyes will help me definitely as you helped me before as well.

My scenario is I had one centOS 6 server which had openssl version as
Code:

 rpm -qa|grep openssl
openssl-1.0.1e-30.el6_6.5.x86_64
openssl-devel-1.0.1e-30.el6_6.5.x86_64

CentOS 6 provides php5.3 as default
Code:

yum list php
Loaded plugins: downloadonly, fastestmirror, presto
Determining fastest mirrors
base                                                                                                                                    | 3.7 kB     00:00
epel                                                                                                                                    | 4.4 kB     00:00
epel/primary_db                                                                                                                         | 6.4 MB     00:00
extras                                                                                                                                  | 3.4 kB     00:00
panopta                                                                                                                                 |  951 B     00:00
updates                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                      | 2.1 MB     00:00
Available Packages
php.x86_64                                                                5.3.3-40.el6_6                                                                updates

But I need php5.2, so i preferd to go compilation. It gave me some errors while doing make regarding openssl. I googled for it, gave solution of downgrading openssl.

As default openssl can't be removed, I prefered installing openssl-0.9.x through compilation with --prefix option. After doing I was able to compile php-5.2 successfully.

Now in my server there are followings installed.

Code:

[next02admin@NEXT02VMD02 ~]$ /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (the default one)

[next02admin@NEXT02VMD02 ~]$ /usr/local/bin/openssl version
OpenSSL 0.9.8e 23 Feb 2007 (the compiled one)

[next02admin@NEXT02VMD02 ~]$ php -v
PHP 5.2.10 (cli) (built: Jul  1 2014 00:39:27)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

[next02admin@NEXT02VMD02 ~]$ rpm -qa|grep httpd
httpd-tools-2.2.15-39.el6.centos.x86_64
httpd-2.2.15-39.el6.centos.x86_64
httpd-devel-2.2.15-39.el6.centos.x86_64

Now My question is,
1) Is it safe to use both openssl versions simultaneously.
2) Will it cause any vulnerability on my site (prod ENV), if it will affect to prod env, then to what extend.

Your replies will be very very appreciable. I will be very thankful to you.

Regards,

SSR

I have a user: mim that has within it a folder /mimmim and within that, a folder called
/Src. user: mim has root privileges.

There is an Install file in /home/mim/ that uses a file in /Src called pgp.h. pgp.h references a file /openssl/opensslv.h. The opensslv.h is actually in the newer openssl installations he /usr/local/ssl/include/openssl/

I tried to do a 'sudo ln -s /usr/local/ssl/include/openssl openssl' from /home/mim/, as well as from within the /home/mim/mimmim/ and from within /home/mim/mimmim/Src/. I still get this error however:

pgp.h:16:30: fatal error: openssl/opensslv.h: No such file or directory
compilation terminated.

I guess I am not sim linking correctly.

Hello All,

I am rookie when it comes to security protocols and I am learning this as part of my job responsibilities.

Recently our Application started implementing TLSv1.2 and here are some questions that I have from my observations.

1st the term ciphers, keys, certs are all very confusing to however I started to get some understanding of these as I am reading a lot of stuff.
Now, my application is running on "X" server and only accepts TLS1.X connections since the i use java 7 where ssl2Hello is disabled

now from Server "A" when I run cmd: openssl s_client -tls1 -host xxx -port yyyy
I get back a response in which I see a line
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
the openssl version on server A is: 1.0

when I run the same command from another server "B" I get a response in which the line says:
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
the openssl version on server B is: 0.9

My understanding of cipher was something that is enforced by the application server "X" and not by the client that is making the call. Is that a wrong understanding ?
And how can I find out what type of cipher is being enforced by the server "X" when someone makes a call to it.

Anyone who can help me understand why the difference how this entire stuff operates.
Help much appreciated.

Hi team ,

I have a list of servers in one textfile

I need a script which will do an ssh to the list of servers and check for the Apache version using httpd -version command.

Im looking for a distro for a web server (Apache).

Ive always used Ubuntu but I didnt think it was the best for the job so I looked around and found CentOS.

CentOS is great, really simple to use but I wanted the latest and greatest.

Im getting replies that CentOS is about stable and I cant put the latest so I see now that distro is not for me.

Im looking for a distro that is simple to setup to run a small website off of (no big traffic, if any) and with the latest possible to be installed. It will probably be Wordpress. What distros do you guys recommend that I can run cutting edge web server technology (talking Apache 2.4.12, MySQL 5.6.24, PHP 5.6.8, etc.) and upgrade as soon as a new version comes out.

Firebug displays the following error when viewing my site:
Quote:
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
My approach to generate self-signed SSL keys is shown below. I didn't think I was using SHA-1, but thought I was using SHA-256.

What should I do to eliminate this warning?

Thank you

Code:

# generate mysite.coms's RSA keypair with 3072 bits and encrypt it
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -aes-128-cbc -out mysite_key.pem

# generate a certificate signing request.  Used FQDN of server (i.e. mysite.com).  Use email with dot to prevent spam.  Didn't include an "extra" password
openssl req -new -key mysite_key.pem -sha256 -days 365 -out mysite_csr.pem

# Remove pass-phrase from the key
cp mysite_key.pem mysite_key.pem.tmp
openssl rsa -in mysite_key.pem.tmp -out mysite_key.pem
rm -f mysite_key.pem.tmp

# sign the certificate with the key itself.  Skip this step if using a CA
openssl x509 -req -in mysite_csr.pem -signkey mysite_key.pem -sha256 -days 365 -out mysite_crt.pem

# Copy the files to the correct locations (don't move since it will cause problems with selinux). Be sure to keep at read only by root
cp mysite_key.pem /etc/pki/tls/private/mysite_key.pem
cp mysite_csr.pem /etc/pki/tls/private/mysite_csr.pem
cp mysite_crt.pem /etc/pki/tls/certs/mysite_crt.pem
rm -f mysite_key.pem
rm -f mysite_csr.pem
rm -f mysite_crt.pem

# update /etc/httpd/conf.d/ssl.conf as follows:
# SSLCertificateFile /etc/pki/tls/certs/mysite_crt.pem
# SSLCertificateKeyFile /etc/pki/tls/private/mysite_key.pem

/etc/init.d/httpd restart

Hi all,

Newbie here. I've done plenty of research before coming to ask for help.

I installed the latest version of Serviio, which has a bug and I'm trying to reinstall an older version. I'm using Ubuntu and manually installed serviio, this sudo apt-get remove doesn't work.

I followed some advice and removed the folder, however when I install the older version, the console comes up with the latest version.

How can I completely remove all trace and history of serviio?

Thanks,

Dave

Hi everyone!

Having read about the latest LibreOffice version, I felt tempted to try it out. I uninstalled the default version on my Ubuntu machine and downloaded the .deb from the LibreOffice site and installed it. The new office has since worked without any trouble.

A few days later I decided to dump Unity and go back to Gnome. So I installed Ubuntu-Gnome-Desktop.

It was then that I noticed two versions of LibreOffice on the application dash (I think, because there are two sets of icons for each office application- see the attached screenshot).

Did Gnome install its own version of LibreOffice with it? Does it really have one? I don't know.

Whichever icon I use to launch the app, the office however always brings up the latest version. So, there's no problem in terms of application errors. As I thought there's no need to have an extra version of an app and eat up my space, I tried to uninstall through Aptitude, but it doesn't 'remove' LibreOffice.

Any advice, please! Thanks in advance.