TLS issue after system upgrade

I've just upgraded my server (Slackware64-14.0) and installed freeDiameter-1.1.6 and now I can't run this app. The error "The certificate hasn't got a known issuer" received.

Cerificate is generated by provided with sources make_certs.sh script.

Logfile:
root@rad1a:/usr/local/src/freeDiameter-1.1.6/build# freeDiameterd libfdproto initialized.
libgnutls '3.0.23' initialized.
TLS: Local certificate chain '/usr/local/etc/freeDiameter/mycert' is invalid :
 - The certificate hasn't got a known issuer.
ERROR: in '__v__ = (fd_conf_parse())': Invalid argument
ERROR: in '__v__ = (fd_core_parseconf(conffile))': Invalid argument

Is there any simple solution for this?

1 Answer

OMG,
I just discovered that config file format has changed...After editing TLS problem disappears.

Sorry for the false alarm.

answer Jun 6, 2013 by anonymous

Similar Questions

+1 vote

SSL/TLS and ciphers vulnerability

I've been off the list for a bit, getting ducks in a row here and everything.

I noticed a number of posts about SSL & TLS security settings lately and I wanted to point out that maintaining your SSL configurations is an on-going processes.

New exploits are discovered and released quite often, and often the fault lies with a cipher and not necessarily an overall SSL/TLS protocol.

So using a cipher list like "all except RC4" is probably not sufficient anymore. And what is secure may depend completely on the SSL/TLS software you use, be it OpenSSL or Java's built in SSL libraries.

For example, with OpenSSL, you should be using 1.0.1t or higher, and even then only TLS1.2 with a handful of ciphers. I'm not sure what the recommended options for java's libraries are at the moment. A really good, free tool is Qualys' SSL Labs server test tool located at: https://www.ssllabs.com/ssltest/ Run that against your implementation and follow its recommendations.

Of course, at the end of the day, it will be up to you and your firm to decide what risks you are willing to take with your SSL communications and whether or not you need to support insecure browsers, i.e. browsers that cannot negotiate up to the most secure protocol and ciphers.

+1 vote

TLS certificate configuration in Tomcat 9

Is the PEM-based certificate configuration available for both JSSE-based and APR-based connectors in Tomcat 9 at this point? The documentation says e.g. the "certificateFile" attribute is for "OpenSSL Only", and when I try to launch Tomcat using the NIO connector and a PEM-based certificate file, Tomcat says that the keystore is corrupted (even though no keystore was actually specified).

+2 votes

SSL Library Error with TLS enabled

I'm trying to set TLS protocol with the next parameter into the ssl.conf file:

 SSLProtocol all -SSLv2 -SSLv3

but then my web application fails. I only can see next error in log file

[info] SSL library error 1 in handshake (server my.server:443, client xx.xx.xx.xx)
[info] SSL Library Error: 336027900 error:140760FC:SSL routines:func(118):reason(252)
[info] Connection to child 4 closed with abortive shutdown(server my.server:443, client xx.xx.xx.xx)

I can`t see as well, into the customlog file, a "GET" that I can see when all protocols are enabled (no forcing TLS):

10.5.137.162 - - [03/Feb/2015:09:30:47 0100] "GET /application/resources/css/template_v6.0.xsl HTTP/1.0" 200 28323

Any help will be appreciated

+2 votes

How to enable TLSV1.1 or above on Apache

Currently my Apache server supports SSLV2, V3, TLSV1. My client requirement is to enable TLSV1.1 or above on the webserver.

Current Version of Apache: Apache V2.2.16 When I tried to Add SSLProtocol All TLSv1.1 TLSv1.2. Server has thrown the error saying Illegal Protocol.

Please do let me know the steps for enabling TLSV1.1 or above.

+3 votes

Which of the component or layer provides TLS "Transport Layer Security" in diameter protocol stack ?

TLS issue after system upgrade [CLOSED]

1 Answer

Your comment on this answer: