Landfill of wisdom

Dumping ground for small tips and big papers

Browsing Posts in SSL

My bank uses client SSL certificates + a single-password token for authentication. Unfortunately, the latest Firefox gives me this error: Secure Connection Failed An error occurred during a connection to secure.example.com. Renegotiation is not allowed on this SSL socket. (Error code: ssl_error_renegotiation_not_allowed) The page you are trying to view can not be shown because the […]

Just to summarize why Firefox does not trust the https://www.clevery.co.jp/ online shop. Apparently the server at https://www.clevery.co.jp/ only sends its own certificate when I open their page. What most sites usually do is that they send not only their own certificate, but also the certificate of their issuer, and the certificate of that issuer and […]

Logwatch was good enough to show me that I had my logs filled with messages like these… repeating themselves over and over ad infinitum:

I am running netqmail patched for with TLS support under sslserver from the ucspi-ssl package. However, every time a connection is closed the sslserver process segfaults. On the Opteron it also causes messages like sslserver[13106] general protection rip:2ab6c23cf687 rsp:7fffe89e9308 error:0 to appear in my system log. Currently tracing the problem, but it seems that the […]

Here is a short summary of how I am managing my SSL certificates Edit /etc/ssl/openssl.cnf and add a section for each separate certificate authority, e.g. CA_servers CA_clients, CA_vpn Use a safe umask: umask 077 Generate a private key an unencrypted key (no password needed) openssl genrsa -out key.pem 2048 an encrypted key (with a password) […]