Openssl

From Colettapedia
Jump to navigation Jump to search


Commands

  • openssl x509 -text -noout -in mywebsite.com.crt
  • openssl s_client -showcerts -connect mywebsite.com:443


Certificate Providers

Let's Encrypt


ACME Clients

  • certbot - doesn't support amazon linux ami
  • getssl


NGINX config

SSL Diagnostics


DST Root CA X3 Expiry Issues

Explainers

Debugging

systemctl status nginx

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/pki/nginx/

/var/log/nginx/error.log

[error] 27606#0: OCSP_basic_verify() failed (SSL: error:13800076:OCSP routines::signer certificate not found) while requesting certificate status, responder: r3.o.lencr.org, ...
[warn] 342#0: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/pki/nginx/..."