Announcing Kickass Crypto

Posted on 2023-03-30 [Thursday] by Jay Jay

I’m working on a PHP encryption library called Kickass Crypto.

openssl dhparam -out dh.pem

Posted on 2021-07-06 [Tuesday] by Jay Jay

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

root@integrity:/etc/dovecot
# openssl dhparam -out dh.pem 4096

How to generate an SSL private key for use with MySQL/MariaDB and PDO

Posted on 2020-08-10 [Monday] by Jay Jay

To generate an SSL private key for use with MySQL/MariaDB and PDO:

openssl genrsa -out client-key.pem 4096

OpenSSL command to view certificate info

Posted on 2014-07-21 [Monday] by Jay Jay

From The Most Common OpenSSL Commands to view a certificate:

 openssl x509 -text -noout -in certificate.crt

Namecheap SSL CSR and CA Bundle for PostiveSSL certs

Posted on 2014-07-21 [Monday] by Jay Jay

CSR generation for PositiveSSL and PositiveSSL WildCard with Apache2/OpenSSL see: CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X):

 openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

To generate the CA bundle see this article:

 cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > your_domain.ca-bundle

Useful OpenSSL Commands

Posted on 2012-07-28 [Saturday] by Jay Jay

Found a list of Useful OpenSSL Commands today. Mostly I wanted to get the subject out of a cacert.pem file which I wasn’t sure of:

openssl x509 -text -noout -in hostcert.pem

The Most Common OpenSSL Commands and viewing a CRL

Posted on 2012-03-19 [Monday] by Jay Jay

Found a helpful article today, The Most Common OpenSSL Commands.

The particular command I needed wasn’t listed there though. What I needed to do was examine the contents of my Certificate Revocation List (CRL) certificate. I had a problem connecting to my website because it was complaining about an expired certificate and the culprit was indeed the CRL as I discovered when I ran:

 $ openssl crl -inform CER -in ca.crl -text -noout

Getting acceptable client certificate CA names

Posted on 2012-02-14 [Tuesday] by Jay Jay

Reading the OpenSSL FAQ I learned that you can issue the following command to get a list of the acceptable client certificate CA names from a server:

openssl s_client -connect test.jj5.net:443 -prexit

Obviously you replace ‘test.jj5.net’ with whatever server you’re interested in.

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

John's blog

Talking about technology (mostly)

Tag Archives: openssl