search for: keyout

...y applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert SubjectPublicKeyInfo public key to SSH public key $ openssl req -newkey rsa:2048 -nodes -pubkey -subj "/CN=test" \ -noout -keyout /dev/null | \ ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0 ## convert X.509 certificate to SSH public key $ openssl req -newkey rsa:2048 -nodes -x509 -subj "/CN=test" \ -keyout /dev/null | openssl x509 -pubkey -noout | \ ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0 ##...

...all, What are the instructions for making an SSL cert for Dovecot IMAPS? Two methods have been tried, and work, with Evolution; however generate the following error when Thunderbird tries to connect. Thank you, method 1 : self signed openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout mykey.key -out mycert.pem method 2 : Let's Encrypt (LE) CA Created with Certbot ERROR TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<+oooooo> -------------- next part -------------- A non-...

I made a special pair of keys just for Icecast with this command: $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem I combined the two files like this: $ cat cert.pem key.pem > icecast.pem I placed icecast.pem in /etc/icecast2 and used 'chown icecast2:icecast icecast.pem' to change owner to icecast2:icecast. I also changed its protection to 600 with 'chmod 600 icecast.p...

...certificate on the Windows/Thunderbird side. I am using the SSL Certificate that comes with the distribution, so the conclusion is Thunderbird does not trust it. I have this in my notes from ages ago, for generating my own self-signed certificate: % openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key -out openssl.crt -days 600 -config san.cnf See attached the 2 errors that I am getting, one is from the distribution cert. Can a kind soul tell me the current way to do this in Linux? Perhaps I should use a free service? Which? TIA Raymond On 11/10/2020 2:20 PM, Aki Tuomi wrote...

...erver generated a 250G data backup >> and it?s tar?ed into one tarball file. I want to encrypt this big tarball >> file. So far I have tried two technologies with no success. >> 1) generating RSA 2048 public/private key pair via ?openssl req -x509 >> -nodes -newkey rsa:2048 -keyout private.pem -out public.pem? command and >> uses the public key to encrypt the big tar file. The encryption command I >> used is "openssl smime -encrypt -aes256 -in backup.tar -binary -outform >> DEM -out backup.tar.ssl public.pem?. The resulting backup.tar.ssl file is >...

...r the sub-domain but the certificate for the top-level domain is the certificate that appears. In the <VirtualHost> section for the sub-domain, I have pointed to the sub-domain key: SSLCertificateKeyFile /etc/httpd/conf/ssl.key/subdomain.key. This is how I made the key: openssl req -nodes -keyout private.key -out subdomain.key Any help would be greatly appreciated.

...se it with Exim4 and i have a error with SSL "imap-login: Can't load private key file /var/dovecot/ssl/private/imapd.pem: error:0906D06C:PEM routine:PEM_read_bio:no start line" i make my cert with this command (i don't like the included script :)) openssl req -nodes -new -x509 -keyout imapd.pem -out imapd.pem -days 3650 or openssl req -nodes -new -x509 -out imapd.pem -days 3650 the pem is file is in the right directory and have "a chmod 700,777 or 600" no one of the this will work. sorry for my poor english and thanks in advance

I would like to use Client certificate verification/authentication. My MTA used this function. I've a problem to make a valid certificate. For my MTA i used : openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user at hotsname" user.p12 match in my MTA Not in Dovecot... In my log, i've simply : dovecot: auth(d...

Main question: is it safe, to open a port for an openssl server? e.g.: server side - generate a self-signed cert. time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem openssl s_server -accept 52310 -cert mycert.pem Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way? Are there any iptables rule for restricting connections to dyndns names? e.g.: only allow connection from "asdfasdf.dynd...

...e are data backup. Every night the server generated a 250G data backup and it?s tar?ed into one tarball file. I want to encrypt this big tarball file. So far I have tried two technologies with no success. 1) generating RSA 2048 public/private key pair via ?openssl req -x509 -nodes -newkey rsa:2048 -keyout private.pem -out public.pem? command and uses the public key to encrypt the big tar file. The encryption command I used is "openssl smime -encrypt -aes256 -in backup.tar -binary -outform DEM -out backup.tar.ssl public.pem?. The resulting backup.tar.ssl file is only 2G then encryption process...

HI all- Thanks for the comments. However -I'm getting no where. Let me start again. My 'hardware" does not have the ability to turn off secure boot. Its an Intel NUC7C - not possible. SO instead of my generic "image" i have that I copy to physical disk (has all my install,setup etc... everything ready). I created a new UEFI disk that again has everything setup and ready.

...e itself and 42 bytes for the SWF verification response. swfvk = serversig[RTMP_SIG_SIZE-SHA256DL:RTMP_SIG_SIZE-1] SWFDigest = SWFVerifySig + bigendian32(SWFsize) + bigendian32(SWFsize) + HMACsha256(SWFHash, swfvk) Initialise ARC4 Send / Receive Keys: The ARC4 keys KeyIn and KeyOut are used to decrypt and encrypt incoming and outgoing data, respectively. KeyIn = ARC4Key(HMACsha256(DHPublicKeyS, DHSharedSecret)[0:15]) KeyOut = ARC4Key(HMACsha256(DHPublicKeyC, DHSharedSecret)[0:15]) Explanation in words: To calculate the ARC4 key for the data received by the cli...

...ocket> <port>8483</port> <ssl>1</ssl> </listen-socket> and ssl-certificate : <ssl-certificate>/usr/local/share/icecast/icecast.pem</ssl-certificate> I generated the certificate with the commands : openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 cat key.pem >> crt.pem But when I start the server, everything is fine but I can’t load the page https://server.domain.local:8483/admin <https://server.domain.local:8483/admin> The browser hangs and close the connection with an error : « can’t es...

...... I believe it to be setup correctly... the RPM has a libssl > > requirement... and the fact that it tries to check the SSL cert file > > indicates that it has capability... > I agree. > I generated the certificate with: > openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout > /usr/share/icecast2/icecast.pem -out /usr/share/icecast2/icecast.pem Then > you need only change owner and group, nothing more. Well... I was able to get it to work with a self-signed cert... so, something must be up with my Starfield signed cert... looks like they're configuring certs...

...t; > > > requirement... and the fact that it tries to check the SSL cert > > > > file indicates that it has capability... > > > > > > I agree. > > > I generated the certificate with: > > > openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout > > > /usr/share/icecast2/icecast.pem -out /usr/share/icecast2/icecast.pem > > > Then you need only change owner and group, nothing more. > > > > Well... I was able to get it to work with a self-signed cert... so, > > something must be up with my Starfield signed...

...; > > > > > cert > > > > > > file indicates that it has capability... > > > > > > > > > > I agree. > > > > > I generated the certificate with: > > > > > openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout > > > > > /usr/share/icecast2/icecast.pem -out > > > > > /usr/share/icecast2/icecast.pem > > > > > Then you need only change owner and group, nothing more. > > > > > > > > Well... I was able to get it to work with a self-signed ce...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided to try using Dovecot as my IMAP server, as I was impressed with the dedication to security that seems to be the core development goal. I'm really happy with it, but I can't get it to work with a self-signed cert. Normally, on a RHEL system, you just go into

...e the mail server name is recorded). If the name do not match, a warning dialog box would pop up. The link is still encrypted but it would be a nuisance to the users who have to endure the persistent warning dialog box. Command: cd /var/ssl/certs/ /usr/bin/req -new -x509 -nodes -out server.pem -keyout server.pem -days 365 ln -s server.pem '/usr/bin/x509 -noout -hash < server.pem'.0 A file (server.pem) would be generated from the command in line 2 above. Chmod the server.pem file (600) in order to restrict access. Note also that the server cert would only be effective the next day. As...

...certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard College IT/OU=Bard College /CN=*.bard.edu" The resultant CSR verified and I submitted it to digicert and got back our cert, plus their intermediate and Trusted root certs. I killed the root instance of dovecot and waited for all the c...