Pass the subject via the “-subj” argument: openssl req -new -key <private key file> -out <CSR output file> -subj “/C=<Country Name>/ST=<State>/L=<Locality Name>/O=<Organization Name>/CN=<Common Name>” Note that if you want to have OpenSSL build the subject string for you, you can create the CSR as you normally would, and then execute the command to self-sign it. … Read more
openssl has a key algorithm provider called legacy. Just try with: openssl pkcs12 -in mycert.p12 -legacy -nodes
The “e” is the public exponent, in openssl genrsa, you can use the option -F4 or -3 to choose between 65537 and 3. For information on public exponent, you may take a look on this question: https://security.stackexchange.com/questions/2335/should-rsa-public-exponent-be-only-in-3-5-17-257-or-65537-due-to-security-c
I’m on El Capitan 10.11.6 and i had the issue while installing manually the mongodb php extension. I solved it following the indications of @user7059092 about the configure stage : $./configure LDFLAGS=’-L/usr/local/opt/openssl/lib’ CPPFLAGS=’-I/usr/local/opt/openssl/include’
On the official changelog page you provided, under Changes between 1.0.0h and 1.0.1 [14 Mar 2012] you can see Initial TLS v1.2 support. *) Add TLS v1.2 server support for client authentication. [Steve Henson] *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don’t know the … Read more
There’s an -ign_eof option which does exactly what you want without any hacks. It’s been in the codebase since 2000 (0.9.5a), apparently. The option suppresses the special interpretation of Q and R, and ignores an EOF on stdin. Instead, it waits for a connection close.
Here is a list of four good books on the subject (SSL/TLS): SSL and TLS: Theory and Practice SSL and TLS: Designing and Building Secure Systems SSL & TLS: Essentials Securing the Web Network Security with OpenSSL Here are some good books on PKI: Understanding PKI: Concepts, Standards, and Deployment Considerations Planning for PKI: Best … Read more
What is OpenSSL BIO? OpenSSL BIO is an API that provides input/output related functionality. The acronym BIO stands for Basic Input/Output What is its general idea? How is it different from stdio API or sockets API? The first idea is that it is not an API for some specific type of IO (for example, for … Read more
As I commented above, Homebrew got rid of the switch command entirely, which is why it says “Unknown command”. But rbenv provides a tap that you can install openssl from. You can run the command below: brew install rbenv/tap/[email protected] If you’re installing [email protected] for Ruby purposes, this thread tells you how to do that as … Read more
The intermediate certs have to be installed on your web servers as well as the certs for your own domain. I was having this same problem last week… Firefox seems to be more picky than the rest of the browsers about this.