I have renew certificate for my site. They crt and key file applied to nginx is running on Centos 7 host. It is working well.
However, this pair of key-cert file has issue when applied to nginx in a freeBSD 11.1-RELEASE server
# nginx -t
When issuing openssl engine I get the following output:
root@vados:~ # openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
When loading cryptodev with kldload cryptodev and issuing above command again:
root@vados:~ # kldload cryptodev
root@vados:~ # openssl...
I just upgraded my server from FreeBSD 10.3 to 11.1. It's now running Sendmail 8.15.2 and OpenSSL 1.0.2k-freebsd 26 Jan 2017.
Since the upgrade, sending mail to my server is failing: Every time a remote MTA sends a STARTTLS command, the current sendmail instance crashes. I temporarily stopped...
I’m investigating some slow VPN speeds on my router, and I’m trying to make sense of what I’m seeing. Non-VPN’d traffic can hit >1gb/s through the router, so I know it’s not a throughput problem.
This got me investigating crypto performance, and on all my machines, I’ve found that...
FreeBSD 11.1 i386
I have compiled and installed openssl from ports, so there are:
a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/libcrypto.so.8, /usr/lib/libssl.so.8
b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/libcrypto.so.9...
I'm building all my packages with poudriere and they are linked with LibreSSL (using "DEFAULT_VERSIONS+=ssl=libressl-devel" in my make.conf)
I'd like to use net/opensips but it doesn't works with LibreSSL, I'm getting this error messages:
ERROR:tls_mgm:mod_init: unable to set the memory...
I am working on setting up SSL on apache24 web server on my local network with a self signed certificate.
I am able to confirm it is working with curl and openssl (see the details below), however I am not able to get it working with firefox.
I imported my self signed cert to firefox, however...
I'm wanting to generate a self-signed certificate for LAN-only development and testing. The virtual host will be alpha.local, and it is only for nginx serving.
The handbook requires a machine name for a virtual host, i.e.:
Common Name (e.g. server FQDN or YOUR name)...
Note: this post is amended because the updated port security/acme.sh is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme
The idea is to limit the use of elevated privileges as much as possible.
- What is this about?
Hello, I am trying to build nginx from ports, but I don't want dependency to openssl from ports. I want "base" FreeBSD openssl.
Default nginx package has no dependency to external openssl package.
I am building in a jail.
I have this in make.conf:
I have tried installing percona56-server from the ports with the OpenSSL option checked ( as it is by default ) and I have completed the SSL setup and get everything to work properly except that I am stuck with TLSv1.
mysql Ver 14.14 Distrib 5.6.33-79.0...
I'm trying to run security/py-certbot on a FreeBSD 10.3 stable jail. When I try to launch it I get the following messages:
root@nope:~ # certbot
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
Problem occurs after update from OpenSSL/1.0.2d to OpenSSL/1.0.2f. Here is script:
$url = 'https://public-crest.eveonline.com/killmails/33493676/553ac7e2aeabe48092bde10958de0a44dc6f35ef/';
$timeout = 50;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_VERBOSE, true);
jJust wanted to document here that:
Git package depends on security/openssl, and security/openssl breaks postfix/smtp. yYou'll get segfaults from 'postfix/smtp' when using it with security/openssl, and SOME emails won't get delivered, depending on the ssl implementation your server wants...
First of all, I checked this thread. Since the thread was old and it doesn't solve my problem, I decided to make a new thread. (I'm not sure if that is accepted behavior or not, being new to the forum.)
I have a FreeBSD 10.1 installation with security/ca_root_nss installed (with ETCSYMLINK).
/etc/make.conf contains WITH_OPENSSL_BASE="YES", the port (security/openssl) is not installed.
/etc/ssl/cert.pem points to /usr/local/share/certs/ca-root-nss.crt, which contains the CA certificates as...
On a 10.1p19 (and other earlier Versions) I'm trying to have the latest security/openssl port to be used instead of the slightly older base openssl. But it seems all settings I use, do not achieve this with all ports
Even after a...
Someone have an tutorial teaching how to get SSL DHE-RSA-AES256-SHA working for Dovecot and Postfix?
I did the Certificate key using:
openssl ecparam -genkey -name secp384r -out usr/local/etc/ssl/private/mail.mydomain.com.key
Then the Certificate Sign Request:
openssl req -new...