Debian Curl/PHP/wget etc show an certificate error falsely

Problem: curl php wget and others show a cert error like the following since 6. Oct 2021, even though the cert has not expired: The asked server uses a Letsencrypt certificate. Discussion: Currently Letsencrypt includes two chains for validation of the certificate: Cert -> R3 -> ISRG Root X1 (in new trust store) Cert -> …

Continue reading ‘Debian Curl/PHP/wget etc show an certificate error falsely’ »

Generate CSR using openssl

Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days. So it’s time to renew certificates from Thawte, Godaddy, etc You can generate a new Certificate Signing Request with openssl with this command: openssl req -nodes -newkey rsa:2048 -keyout servername.key -out servername.csr -sha256 “servername.csr” is an ascii file you can send …

Continue reading ‘Generate CSR using openssl’ »

Howto generate an SSL key and self signed cert with openssl

For SSH, HTTPS, TLS SMTP,POPS, IMAPS you need a RSA key pair. Most Linux package installers produce this pairs automatically, but if you like, you can generate them yourself. The quickest method I found is: openssl req -x509 -nodes -newkey rsa:2048 -keyout servername.key -out servername.crt -days 1024 This command asks you some questions. The most …

Continue reading ‘Howto generate an SSL key and self signed cert with openssl’ »