I'm trying use an SSL client/server example from:Client and Server communication using ssl c/c++ - SSL protocol don't works to create a secure connection using TLSV1 --
I Want to know how to create certificates for this code so that there will communication between client & server.
It need server certificate, server key & client cacertificate and cakey
i try to create it with the help of this link:https://help.ubuntu.com/community/OpenSSL
but it client unable to get connected to server shows unable to verify
Related
The old SSL certificate has expired and I want to renew the SSL certificate. However, the server already has established multiple links with other clients. So, can I just bind the old sockets to the new ssl, which means I don't need to disconnect the old base tcp links?
Existing TLS connections don't need to get updated with a new certificate - the server certificate is only checked at the beginning of the TLS connection. If your specific server supports updating the server certificate without a restart and thus without closing established connections is unknown - some do and some don't.
I know that during normal SSL handshake, the client receives the server's certificate and verifies it, then uses the server's public key to encrypt the session key.
I want to write a SSL client in C language on Linux. During SSL handshake, it doesn't have to wait for the server's certificate and it sends the session key encrypted with the server's public key that have already been downloaded previously.
I am learning how to use OpenSSL, I only need the do-handshake part here.
Thanks for attention. Why to do this? The ISP or gateway can censor the certificate and block the connection according to names in the certificate.
Unfortunately, this is impossible. As part of the SSL (or TLS) protocol, the server will always send its certificate.
If you would like to bypass ISP censorship, I recommend using a VPN or Tor.
Using information from some consultants about 2 years ago we set up a SQL Server 2012 box to always have an encrypted connection (at least we thought so). A week ago the SSL certificate expired and everything continues to work fine which is puzzling.
We forced encryption by doing the following:
Obtain an SSL certificate and install it on the SQL Server via MMC. Explicit instructions for this step are here.
Open SQL Server Configuration Manger and expand the SQL Server Network Configuration node in the left pane.
Right click Protocols for MSSQLServer and choose properties.
Go to Certificate tab and choose the installed SSL cert from the drop down.
Go to the Flags tab and set force encryption to Yes.
Now, since the SSL cert expired, there is no longer any cert selected in the drop down when I visit step 3 above. However, I put WireShark on the DB server and use SSMS to request some data. The TDS (Tabular Data Stream) packets are still encrypted? When I put WireShark on a different DB Server I set ForceEncryption to NO, those TDS packets are not encrypted as expected.
So my questions are:
How are the TDS packets still encrypted if the cert is expired?
Even when the cert was valid, why didn't I have to select Options > Encrypt Connection to connect to my encrypted DB server? I thought setting ForceEncryption=Yes required ALL client connections to specify Encrypt in their connection string (or the SSMS checkbox)?
If Web APIs are the only method of accessing my DB, and they do so over SSL, is it even necessary to encrypt the SQL Protocol?
1)How are the TDS packets still encrypted if the cert is expired?
you don't need a valid certificate in order to encrypt, you can still encrypt using an expired certificate.
2)Even when the cert was valid, why didn't I have to select Options > Encrypt Connection to connect to my encrypted DB server? I thought setting ForceEncryption=Yes required ALL client connections to specify Encrypt in their connection string (or the SSMS checkbox)?
Do not enable the Force Protocol Encryption option on both the client and the server,
if you enabled force encryption on SQL server you don't need to do it on any client-side
3)If Web APIs are the only method of accessing my DB, and they do so over SSL, is it even necessary to encrypt the SQL Protocol?
To enable SSL you need the certificate to be installed on SQL server so in order to access the DBusing SSL you are doing the same job.
Thank you
I am trying to create a NTP client-server setup using Autokey authentication for server validations. I have followed the instruction on link http://support.ntp.org/bin/view/Support/ConfiguringAutokey to setup client and server on NTP 4.2.6 . The setup I had created is working in some unexpected manner.
I had created server and client certificates using ntp-keygen as mentioned in the above link. I have edited the client's ntp.conf to use autokey to authenticate server. As mentioned in the above link, I have to copy the server key to client for authentication to work, but while testing I have found that client is able to verify the server even if I do not copy the server certificate on the client. The result for "ntpq -c as" show auth field "ok" for the server and ntpq -c "rv 0 certs" shows the server certificate bindings.
Can someone explain me why NTP is able to verify server without copying the server certificate on client ?
If this is not the expected behavior, what are the changes I have to make in the configuration to get it working correctly.
See
CVE-2014-9295
Just don't do it
I'm using plain-C WebSocket library called libwebsockets to make a connection between client and server. When starting server I specify the server's cert and private key to be able to use SSL connection. It works OK.
When making a client's connection to the server I specify an SSL option to be able to create an SSL connection (using self-signed cert). All those things work as expected.
Now, I need somehow to get server's certificate on the client side during the connection establishment (or during handshake). Is there a way to do this? I can't find anything in the official documentation.
Thanks in advance.