ssl,openssl,ssl-certificate , Subject Alternative Name not present in certificate


Subject Alternative Name not present in certificate

Question:

Tag: ssl,openssl,ssl-certificate

I have generated a CSR that includes the field subject alt names:

openssl req -out mycsr.pem -new -key mykey.pem -days 365

When I inspect this it looks as expected with a new field present:

X509v3 Subject Alternative Name:
    DNS: my.alt.dns

However when I use this to sign a certificate that field is omitted for some reason.

I generate it with the following command:

openssl ca -out mycert.pem -infiles mycsr.pem

Can it be that my CA cert have to include the same Alt name for it to be included?


Answer:

You can use:

copy_extensions = copy 

under your CA_default section in your openssl.cnf.

but only when you're sure that you can trust the extensions in the CSR as pointed out in this thread: http://openssl.6102.n7.nabble.com/subjectAltName-removed-from-CSR-when-signing-td26928.html

See also: How can I generate a self-signed certificate with SubjectAltName using OpenSSL?


Related:


Rails, DNSimple, Heroku and SSL - do I need a certificate?


ruby-on-rails,ssl,heroku,dnsimple
So I'm currently deploying my app via Heroku. I noticed that in my-app-name.herokuapp.com has HTTPS, so if I do config.force_ssl = true in my environments/production.rb it seems like I have wildcare SSL, right? Now I'm using DNSimple to get my actual name - call it my-app-name.com. Which currently resolves to...

SSL/TLS: Why will the server be the only one to be able to decrypt the encrypted number if it's a public key?


ssl,encryption
Wouldn't anyone else be able to decrypt it too using the public key? Or is it saying that it will be decrypted with a private key. If that's the case how could something be encrypted with one key and decrypted with another? This is in reference to this wikipedia article....

NPM Error: self signed certificate in certificate chain


ssl,npm,tsd
I am following the Angular 2 quick start guide and I'm stuck right at the beginning of it. My company is filtering our network connections and modifying SSL negociation. In a man in the middle style they assign a self signed certificate as the CA of the destination's certificate. Therefore...

Configure Apache web server to perform SSL authentication


linux,apache,security,ssl,xampp
I'm trying to perform SSL authentication in apache web server, using XAMPP in Linux. After I configure httpd.conf like this, Apache server is failing to start. Can some one help me to fix this ? What is wrong with my configuration ? Alias /bitnami/ "/opt/lampp/apache2/htdocs/" Alias /bitnami "/opt/lampp/apache2/htdocs" <Directory "/opt/lampp/apache2/htdocs">...

Websocket SSL connection


javascript,node.js,ssl,websocket
I am trying to test a secure websocket but I'm having trouble. Here is my test: var WebSocket = require('ws'); describe('testing Web Socket', function() { it('should do stuff', function(done) { var ws = new WebSocket('wss://localhost:15449/', { protocolVersion: 8, origin: 'https://localhost:15449' }); ws.on('open', function() { console.log('open!!!'); done(); }); console.log(ws); }); });...

Undefined symbols for architecture x86_64 (clang)


c,osx,openssl,clang,llvm
I'm trying to use OpenSSL to compute sha1 hash from a c program. I am compiling with clang on Mac OS X Yosemite with an Intel i7 (so 64 bit). The relevant piece of code is roughly like so: #include <openssl/evp.h> ... unsigned char outHash[20]; hash("SHA1","abcd", 20, outHash); The thing...

Wildcard SSL - Which to chose and what is the key differences?


ssl,https,certificate,ssl-certificate
I have been left in confusion for quite some time in deciding which CA should i approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer....

Same system, same code, different behaviors: The request was aborted: Could not create SSL/TLS secure channel


c#,wcf,ssl,windows-services,windows-applications
There are many questions about "The request was aborted: Could not create SSL/TLS secure channel." error message and it seems very few of them were answered. I couldn't find any answer about my case, also my problem is little bit different. I have a Windows Service. It sends data to...

Wildfly mysql with SSL


mysql,ssl,wildfly
I have a web app using a mysql database as its data store. It is currently running in Glassfish and talking to that mysql database with SSL. I am thinking about migrating to Wildfly but I can't seem to create a Wildfly datasource that will talk to the mysql database...

Starting a tls communication with python asyncio


python,ssl
I have some python code snippet that uses asyncio and initiates a "plain" connection: loop = asyncio.get_event_loop() coro = loop.create_connection(lambda: MyCustomClassProtocol(loop), sock=client_socket) loop.run_until_complete(coro) The point is my plain connection switches to a tls one once some exchanges have happened. In the traditional way one would do this: ssl_sock = ssl.wrap_socket(client_socket,...

SecKeyRawVerify verifies on mac but fails with -9809 on iOS


ios,osx,ssl,cryptography,commoncrypto
I need to digitally sign on mac some data and then verify it on iOS. So I generated RSA keypair and certificate for public key in DER format with open ssl (tried generation with SecKeyGeneratePair but then it is harder to import Public key to iOS and SecKeyRawVerify still doesn't...

Subject Alternative Name not present in certificate


ssl,openssl,ssl-certificate
I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

Wildcard SSL on several servers - seems OK when tested but red in Chrome


ssl,apache2.4
I'm trying to install a Wildcard SSL by Comodo on my servers - AWS amazon Linux with Apache2.4. 'www.mydomain.com' is working 'almost' correctly - it has an exclamation mark - seems that this is because it is calling media from the 'media.mydomain.com' - in which the HTTPS in chrome are...

Statically link OpenSSL in XCode


xcode,openssl,static-linking,dylib
I am trying to link libssl.a and libcrypto.a static libraries in XCode command line project [under Link Binary With Libraries]. I have included Openssl header files in search path. Compilation succeeds but execution fails with dyld: Library not loaded: /usr/local/ssl/lib/libcrypto.1.0.0.dylib. Why does it look for dylib when I am linking...

How does DNS server know the IP address of an SSL's URL?


ssl,https,dns
The SSL/TLS (https) protocol encrypts both of the web page url and its content. So I'm wondering how could the DNS server know the ip address of the requested url if it is encrypted? Any documented reference or idea?

Roundcube - Nginx does not redirect to .php file automatically


php,ssl,nginx,roundcube
EDITED! I set up a mail server on Debian 7 with Nginx, Postfix, Postfixadmin, Dovecot and Roundcube. I tried to create an alias to use the SSL certificate of my domain example.org (of course, the domain here is an example) for the webmail. When accessing the following URL https://example.org/support/webmail/ -...

How to load SSL Certficate in Java


java,ssl
I am creating a Java program to get information from a server but I have to perform a ssl handshake with the server from the Java program. I have myfilercert.cer file certificate for authentication purpose but I have no idea how I can load that certificate in java so that...

How to check OpenSSL library version of android application


android,windows,openssl
This is related to Google Play and OpenSSL warning message. Play store recommend to use the following command to grep: $ unzip -p YourApp.apk | strings | grep "OpenSSL" But on Windows, this command is not running. However I have installed WinZip, WinRAR, Cygwin and MinGW. So please help me...

Server Authentication in Swift 2.0 & XCode 7 broken


ios,swift,ssl,swift2
I just updated my code to Swift 2.0 to work with Xcode 7. My App performs NSURLAuthenticationMethodServerTrust and NSURLAuthenticationMethodClientCertificate authentication. The problem is NSURLAuthenticationMethodServerTrust authentication stopped working on my simulator - but still works on my test device with iOS 8.3. Besides my old project which is not Swift 2.0,...

Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?


android,ssl,okhttp,pkcs#12
I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files). Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far...

wget ssl alert handshake failure


ssl,https,wget
I am trying to download files from an https site and keep getting the following error: OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Unable to establish SSL connection. From reading blogs online I gather I have to provide the server cert and the client cert. I have found steps on how...

SSL Handshake in Java Servlet (HttpsURLConnection)


java,servlets,ssl
I have a java web application that requires a servlet to open a connection with a url that returns some data in the form of JSON back to the servlet for processing. Traditionally this was done using an HttpURLConnection and everything worked as planned. Now, we have added as self-signed...

serving GAE applications over http


java,google-app-engine,ssl
I have implemented an application on GAE which can be accessible through https://<my_app_id>.appspot.com. Now I have a custom domain registered with Register.com. As described in GAE documentation I have mapped my custom domain to https://<my_app_id>.appspot.com and I see my application getting served from my custom domain. But I see requests...

ArgumentError - unknown SSL method `TLSv1_2'


ssl,amazon-s3,carrierwave,fog
I am trying to move my AWS integration over TLS instead of SSLv3, but I'm receiving an error when trying to set the config.fog_credentials as another SO post has suggested, but I am receiving the ArgumentError above (unknown SSL method 'TLSv1_2'. I am open to a different solution to move...

Self-signed Certificate and Client Keystore for SSL Authentication


java,ssl,certificate,keystore,keytool
I need to create and install a self-signed certificate on the server (an XML hardware appliance) to do SSL authentication of a Java client/application which, through its interface configuration, can set keystores, i.e. .jks. I only need this setup for testing purposes and not production, for obvious reasons. Here's how...

How to increment the value of an unsigned char * (C)


c++,c,openssl,byte,sha1
I have a value stored as an unsigned char * (in C). This holds the SHA1 hash of a string. My goal is to cover the SHA1 key space. Since I'm using <openssl/evp.h> to generate the hashes, I end up with an unsigned char* holding the SHA1 value. Now I...

Use PHP to generate a public/private key pair and export public key as a .der encoded string


php,openssl,cryptography
Currently I have some working php code to generate a private/public keypair and store them in two variables. These variables are strings, with one variable containing the private key, and the other containing the public key. I researched on stack overflow and I also found some code to convert a...

Particular URL redirect to http if request come from particular host


apache,http,mod-rewrite,ssl,url-rewriting
Web server is apache, ssl configured, listening on 443, All http requests will be redirected to https using rewrite rule Issues is all url's are serving through https, but we want to connect to the web server through http if the request is coming for particular url from particular host,...

Segmentation fault with generating an RSA and saving in ASN.1/DER?


c,openssl,cryptography,rsa
#include <string.h> #include <openssl/aes.h> #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/pem.h> #define RSA_LEN 2048 #define RSA_FACTOR 65537 int genRSA2048(unsigned char **pub,unsigned int *pub_l,unsigned char **priv,unsigned int *priv_l){ RSA *pRSA = NULL; pRSA = RSA_generate_key(RSA_LEN,RSA_FACTOR,NULL,NULL); if (pRSA){ pub_l = malloc(sizeof(pub_l)); *pub_l = i2d_RSAPublicKey(pRSA,pub); priv_l = malloc(sizeof(priv_l));...

How can i get Certificate issuer information in python?


python,ssl,certificate
I want the 'issued to' information from certificate in python. I try to use the SSL and SSLSocket library but did not happen. ...

RSA decrypt message [closed]


c++,c,openssl,cryptography,rsa
My programs fails when I try to decrypt encrypted messages. My code: char *pri_key[] = "some key"; // ---> some key, that i've got from server RSA *rsa; BIO *keybio; keybio = BIO_new_mem_buf(pri_key, strlen(pri_key)); rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa, NULL, NULL); // Decrypt it // Encoded message is in buff char...

How to create a private certificate for connecting to a website


apache,ssl,privatekey,digital-certificate,self-signed
My apologies if this is a duplicate, I may just not be using the correct terminology in my queries to find what I am looking for. I have a vendor that sent me a certificate to install in my browser so that we can access their website. We cannot get...

Meteor mupx ssl configuration is not working, still routing to port 80


javascript,ssl,meteor,docker
Heres my mup.json: // Configure environment "env": { "PORT": 3000, "ROOT_URL": "https://www.exomatch.com" }, //SSL "ssl": { "certificate": "ssl/ssl.crt", // this is a bundle of certificates "key": "ssl/private.key", // this is the private key of the certificate "port": 443 // 443 is the default value and it's the standard HTTPS port...

SSLV3_ALERT_HANDSHAKE_FAILURE with SNI using Tornado 4.2 in Python 2.9.10


python,python-2.7,ssl,tornado,sni
I have an issue setting the SNI flag correctly using ssl.SSLContext in Python 2.7.10, the handshake fails every time and I can't figure out why. Here is how I tried to do it: import ssl import socket if ssl.HAS_SNI: print "SNI is available" print(ssl.OPENSSL_VERSION) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.load_cert_chain('cacrt.pem', 'cakey.pem', 'password')...

Client certificate authentication


authentication,ssl,https,ssl-certificate,x509
I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...

Get RSA keys in a “simple” form


c++,c,encryption,openssl,rsa
How can I get keys generated by OpenSSL in RAW form? I mean I can't decode my encoded messages in any of online tools. What actions should I do to distribute my keys to other clients (in other apps and web-apps) in proper forms? My generation code is: void VS_CarrierNet::generateKeys()...

Redirecting http to https


apache,.htaccess,redirect,ssl,https
I'd like to redirect all of my http traffic to https, currently in my htaccess file I have the following redirecting my http traffic: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </IfModule> This redirects all of my non-www to www. What is the best way to...

How to disable common name check in SSLContext in java?


java,ssl,jersey,jax-rs,ssl-certificate
I am using SSLContext so set up Jersey client, and need to disable the common name check in order to avoid unnecessary issues. However, I can find no documentation as to how we can do it correctly. So is the common name check disabled by default in SSLContext (assuming using...

How to set up a meteor server on https connection?


ssl,meteor,https
I have a local meteor server running on port 3000.Then I want add the SSL Certificate to my project.I have generate the SSL files, what should I do the next?

How to make a website work only with https [duplicate]


asp.net,ssl,https
This question already has an answer here: How to force HTTPS using a web.config file 3 answers How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https? For example let me say http://www.mywebsite.com,...

How do you unblock the 993 port if your firewall settings is blocking it?


php,email,ssl
I am trying to retrieve my emails from Gmail using php. for writing the host name, this is my code: $hostname = '{imap.gmail.com:993/imap/ssl}INBOX'; I am getting this error: Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl}INBOX in /home1/mtc/public_html/mtcerp/emailparser/email.php on line 10 Cannot connect to Gmail: Can not authenticate to IMAP server: [CLOSED]...

ssl certificate with and without www


apache,ssl
I have a website that installed a ssl certificate for the name of www.example.com. It works fine for https://www.example.com. But it doesn't work for https://example.com. The browser gave me Error code: ssl_error_bad_cert_domain. I am using Apache 2. I tried to rewrite the url to add www in httpd-ssl.conf, see the...

Create OpenSSL certificates signed by myself


c++,ssl,boost,openssl,ssl-certificate
I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work. The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can...

Should I upgrade the version installed with OS X Yosemite?


openssl
I am new to using Openssl and am wondering whether it is always best to upgrade it to the latest version available or whether this might cause problems. In most cases I would not hesitate to install the newest version of any given software product but in this case I...

Openshift trustwave intermediate ssl cert issue


ssl,https,ssl-certificate,openshift
So I have got an application on openshift and I am trying to enable SSL on there. I already have an SSL cert from my previous host which is with Trustwave and seemed to work fine. So I have setup an alias for my-domain.com and have put a CNAME redirect...

Issue with understanding keystore and ssl


java,android,ssl,encryption
These are the facts: I have a client(android)-server(java - Ubuntu 14.04)-program with which I transmit my gps-data from my smartphone every 5 minutes to the server saving it into a mysql-database. My problem is that I do not want to transmit my GPS data plain. So I want to use...

Getting SSLHandshakeException in java


java,eclipse,ssl,https,digital-certificate
I ma getting SSL Hand Shake error in eclipse while calling https restful web service from simple java stub but, can access this URL from browser after importing Client Digital Certificate to browser which was shared by service provider. Hiding End point URL for security purpose. Please help me, i...

Java client certificates and keystores


java,ssl,https,ssl-certificate
we are trying to build a MUTUAL/2WAY authentication mechanism. Because we hit two different hosts, we have the same client certificate stored in the client keystore container under two different aliases (please note the same fingerprint): [email protected]:/opt/golem# keytool -list -keystore ./client.keystore -storepass ________ Keystore type: JKS Keystore provider: SUN Your...