Hello I want to learn more about WampServer an HTTPS.
I have this website.
But if i give the command:
openssl genrsa -des3 -out server.key 1024
it will give me an error called:
he ordinal 3807 could not be located in the dynamic link libary
LIBEAY32.dll
I have Look on my directory:
wamp\bin\apache\Apache2.4.4\bin
there was a file called libeay.dll.
What coud be the problem?
The openssl executable that is distributed with Apache for Windows and therefore WAMPServer does not seem to work very well. I have never had the time to work out exactly why!
My solution was to download OpenSSL from Shining Light Products They are linked to from the Openssl Binaries page so I assume it is a stable and unhacked distribution of a windows binary etc that does the job for windows users.
Related
I just started to learn programming and tried to install SSL on my site.
I used a 90-day free trial SSL from Comodo and it worked well.
I purchased a new SSL from Comodo and generated CSR on the server (on my putty terminal)
My site is a Wordpress run by Bitnami and AWS.
Error message is that my site name is mismatched.
https://www.ssllabs.com/ssltest/analyze.html?d=www.cheeselab.co.kr#whyNotTrusted
How could I solve this problem? I tried to re-install it from the scratch but I don't know what I have to do.
Below codes are what I did
sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 204
sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
sudo nano /opt/bitnami/apache2/conf/cert.csr
sudo nano /opt/bitnami/apache2/conf/cert2.crt
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
renamed the file from server.crt to cert2.crt
(above codes worked well)
sudo /opt/bitnami/ctlscript.sh restart apache
but error message with above code as below
Invalid command 'sudo', perhaps misspelled or defined by a module not included in the server configuration apache config test fails, aborting Monitored apache
I have learnt about SSL and SSL certificates used on client and server side. I pretty much understand how things work and have generated server and client certificates and keys. I have studied how can I use my own CA with https in Android.
I want to setup a server where I can put the server certificate and then access it from my android device to make an emulation of what I have learnt so far.
Is there any server available where I just need to put cert and key and it will start working? I have gone through wamp and apache configuration stuff but unfortunately I am unable to make it work properly.
If you're using OpenSSL it includes a very simple server named s_server which is very useful for this kind of experimentation. Here's an example that might get you started
$ openssl s_server -key test.key -cert test.crt -accept 8443 -WWW
This will serve up files in the current working directory from https://localhost:8443/
The manpage for s_server should give you all the info you need. I think you'll want the -CApath or -CAfile options if you're also experimenting with client certs.
I have some issue running VM Ware Workstation Player 12 on Ubuntu 16.04 LTS.
first I Download and install "VMware-Player-12.1.1-3770994.x86_64.bundle" using this command :
chmod +x ./VMware-Player-version/build_number.bundle
gksudo bash ./VMware-Player-version/build_number.bundle
the installation finished successfully but when i tried to Create a Windows 7 Virtual Machine i got these errors :
Could not open /dev/vmmon: No such file or directory. Please make
sure that the kernel module `vmmon' is loaded.
Failed to initialize monitor device.
and after i run this command :
vmware-modconfig --console --install-all
just figured out some of the services failed running :
Starting VMware services:
Virtual machine monitor
failed
Virtual machine communication interface
done
VM communication interface socket family
done
Blocking file system
done
Virtual ethernet
failed
VMware Authentication Daemon
done
Unable to start services
how can i fix these issue. thanks
I Found the Answer,
it's all about Secure Boot that should be disabled while creating new virtual machines in VMWare Player or Oracle VirtualBOX.
Alternatively, you could also sign the drivers with your own key and keep the Secure Boot.
You can find a description of how to do it here https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146460.
The required steps are the following:
Generate a key pair:
$openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VMware/"
sign the modules:
$sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)
$sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmnet)
import the key to your MOK (Module owned Key) and select a password (you will to need this password on reboot, so it will be enrolled.
$mokutil --import MOK.der
reboot - this will automatically start the "key enrollment" and will ask for the prior selected password
Note, that this will only be required doing once! The key you have created will be trusted, so make sure, you properly secure the key (it could be a security risk, as anything could be signed with this key and would be trusted by the system).
You could e.g. add a password for the key like this:
openssl rsa -des3 -in MOK.priv -out MOK.priv
Removing the password is also very easy:
openssl rsa -in MOK.priv -out MOK.priv
I myself have always problems with the loading of the vmmon module (I think it is not working after any system update).
If anyone has suggestions what this problem may cause, it would be appreciated!
For now, I just redo the signing procedure (e.g. just signing the modules with the key), and then manually load the required modules:
sudo modprobe vmnet
sudo modprobe vmmon
Signing the driver modules should also work for Virtualbox, here is a description: http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux-2016-update/
Try disabling UEFI secure boot on Ubuntu. To disable secure boot, go to BIOS(by pressing F2 key), go to secure boot option and disable it.
After that run the following command:
sudo vmware-modconfig --console --install-all
This fixed the issue for me.
I have created the certificate via OpenSSL Apache 2.2 on Windows with self assigned and it's 2048 bit but when I check the certificate with OpenSSL s_client -connect hostname:443 it's displaying as 1024 bit and does not show any organization details. Does anyone know what's the default file path location it's reading it from?
Any quick help will be much appreciated.
Thanks
You specify the path in your configuration file. Should be in /etc/apache2/apache2.conf
I've currently encountered a unique issue. To help understand the predicament I'll provide some background. Our company hired a third-party to develop an application, apart of this web application package was the purchase of an SSL Certificate.
After they purchased the SSL they exported it into a Personal Information Exchange (.pfx).
The issue now occurs here...
Our company web-server utilizes the Plesk Panel 11. Which complicates matters for two reasons.
The first is that if I directly install the certificate Plesk will
not recgonize the certificate and will eventually overwrite the
contents in our Microsoft Certificate Store within the Windows
Server MMC Certificate Snap-In.
The second issue is sheer bad luck, Plesk doesn't recognize the .pfx extension. It apparently only understands the following:
Private Key (.key)
Certificate (.crt)
CA Certificate (-ca.crt)
So my original thought was to simply convert the file into a valid format, which resulted in an error. The second attempt was to follow a command line control to export the file format to the valid extension. The results are still disappointing:
Error: Invalid Certificate Format
Since the file installed was a .pfx it does not allow me to convert it to anything else. Unfortunately when utilizing Open SSL it only converted to a .pem. Which to my dismay is also unsupported-
Any assistance would be terrific.
Update:
I attempted to follow this question on Stack Overflow. Unfortunately Windows Server 2012 doesn't appear to do the conversion as well. It does convert it into a valid format, but then the Private Key can't be found.
In order to solve this issue I followed this blog here.
So I attempted to utilize Open SSL again, with these steps:
// Extract Private Key
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
// Extract Certificate
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
// Encrypted Private Key
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
Again you need to enter an import password. This time you need to enter the new password that you created in step 1. After that you’re done. You decrypted your private key. In the folder you ran OpenSSL from you’ll find the certifcate (.crt) and the two private keys (encrypted and unencrypted).
That is how I solved my question.