How to Make a Self-Signed SSL Certificate which uses TLS

apache-2.4opensslssl-certificateubuntu-12.04

After upgrading Apache and PHP to the latest version on Ubuntu 12.01 LTS the SSL sites on it became inaccessible, stating error, "ssl_error_no_cypher_overlap".

I have tried generating a new Self-Signed SSL certificate using openssl req -x509 -nodes -days 1826 -newkey rsa:2048 -keyout apache_x509_RSA-2048_days-1826_013115.key -out apache_x509_RSA-2048_days-1826_013115.crt

But when I run:
/etc/ssl/our_certs# sslscan --no-failed mydomain.com

I see:

                   _
           ___ ___| |___  ___ __ _ _ __                                           
          / __/ __| / __|/ __/ _` | '_ \                                          
          \__ \__ \ \__ \ (_| (_| | | | |                                         
          |___/___/_|___/\___\__,_|_| |_|                                         

                  Version 1.8.2                                                   
             http://www.titania.co.uk                                             
        Copyright Ian Ventura-Whiting 2009                                        

Testing SSL server mydomain.com on port 443

  Supported Server Cipher(s):
    Accepted  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  256 bits  CAMELLIA256-SHA
    Accepted  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  CAMELLIA128-SHA

  Prefered Server Cipher(s):
    SSLv3  256 bits  ECDHE-RSA-AES256-SHA

  SSL Certificate:
    Version: 2
    Serial Number: -17181615592741643472
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=PH/ST=NCR/L=Manila/O=Our_Company/CN=mydomain.com/emailAddress=support@snowweb.net
    Not valid before: Sep  5 00:40:40 2013 GMT
    Not valid after: Sep  3 00:40:40 2023 GMT
    Subject: /C=PH/ST=NCR/L=Manila/O=Our_Company/CN=mydomain.com/emailAddress=support@mydomain.com
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
      Public-Key: (2048 bit)
      Modulus:
          00:df:c2:a9:69:9b:df:09:25:b9:6d:15:d2:2e:3c:
          d2:bf:48:40:97:7f:c9:d5:9b:d0:0c:13:0d:26:67:
          98:3e:be:fe:0a:fd:e7:da:24:90:7c:f4:51:de:6e:
          a0:98:2a:e1:23:fb:cc:0c:ab:1d:53:6a:f5:d6:f9:
          51:b4:d5:f4:f3:1b:9c:25:fa:39:83:f4:3c:3b:f4:
          c1:50:5f:b0:8d:8e:13:53:fb:05:be:4d:5c:b9:98:
          a8:58:15:76:5a:18:b9:fb:88:a8:ec:a1:c4:4e:83:
          d6:7d:9a:ce:1f:91:68:31:ae:fa:64:90:8a:e0:77:
          51:ad:ba:46:98:d8:c1:c6:1c:3d:93:c3:5f:c2:28:
          8a:0d:6f:05:58:15:d8:df:81:05:20:de:18:cf:98:
          8c:12:42:27:b4:40:5e:fb:b5:98:94:d0:d2:ae:41:
          a5:b5:a2:60:39:9f:f7:56:a0:e8:fb:6c:2c:64:d7:
          82:11:96:9f:f0:27:e1:6b:7d:fd:2c:0d:be:82:ee:
          df:39:ff:8f:f2:db:cf:0b:01:c3:31:93:a5:35:83:
          2c:4f:b2:a8:4b:66:4e:66:79:79:01:91:ef:d0:bb:
          75:6c:e3:ca:95:e2:b8:fe:3c:81:21:7b:58:49:7e:
          21:a5:12:1f:eb:8a:40:c6:4d:80:78:0f:4e:0a:3b:
          a2:2d
      Exponent: 65537 (0x10001)
    X509v3 Extensions:
      X509v3 Subject Key Identifier:
        B3:66:DF:F6:36:5C:F6:B0:A5:AF:D0:09:80:0A:88:58:04:B4:C6:04
      X509v3 Authority Key Identifier:
        keyid:B3:66:DF:F6:36:5C:F6:B0:A5:AF:D0:09:80:0A:88:58:04:B4:C6:04

      X509v3 Basic Constraints:
        CA:TRUE
  Verify Certificate:
    self signed certificate

If I understand correctly both SSL 2 and 3 are now considered insecure and I need to be using TLSv1, v1.1 or v1.2?

What I need to know is how to generate a certificate which uses those TLS versions and anything else that it should also accept?

I should perhaps mention that the certificate is to be used on multiple domains. Thanks.

Additional Info:

openssl version -a

OpenSSL 1.0.1 14 Mar 2012
built on: Fri Jan  9 17:52:49 UTC 2015
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

apache2 -v

Server version: Apache/2.4.10 (Ubuntu)
Server built:   Jul 22 2014 22:57:50

php -v

PHP 5.5.21-1+deb.sury.org~precise+2 (cli) (built: Jan 26 2015 20:02:42)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies

uname -a

Linux s2.mydomain.com 3.13.0-34-generic #60~precise1-Ubuntu SMP Wed Aug 13 15:55:33 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Best Answer

The certificate does not determine whether the connection uses TLS or SSL; that is entirely up to the configuration of the webserver (apache in this case).

The configuration option you need to look at is SSLProtocol, probably using:

SSLProtocol all -SSLv2 -SSLv3

if you want to disable the SSL protocols but leave all the versions of TLS.

Related Solutions

SSL Certificate – How to Download SSL Certificate from a Website

In order to download the certificate, you need to use the client built into openssl like so:

echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \
    | openssl x509 > /tmp/$SERVERNAME.cert

That will save the certificate to /tmp/$SERVERNAME.cert.

The -servername is used to select the correct certificate when multiple are presented, in the case of SNI.

You can use -showcerts if you want to download all the certificates in the chain. But if you just want to download the server certificate, there is no need to specify -showcerts. The x509 at the end will strip out the intermediate certs, you will need to use sed -n '/-----BEGIN/,/-----END/p' instead of the x509 at the end.

echo -n gives a response to the server, so that the connection is released

openssl x509 removes information about the certificate chain and connection details. This is the preferred format to import the certificate into other keystores.

Openssl update 1.0.1f to 1.0.1g broke sendmail (SSL23_GET_SERVER_HELLO:tlsv1 alert decode error)

Circumstances forced me to compile openssl 1.0.1g from sources and I encountered behavior identical to that reported above. This is under Fedora 18 on a 64-bit Intel. Like the original poster reports, most mail went out OK but one mail destination suffered the same TLS handshake failures.

The openssl change log (brief CL here, detailed CL here) showed only three changes from 1.0.1f to 1.0.1g:

a security update
another security update
Add TLS padding extension workaround for broken servers.

Speculating that third change was responsible for the problem I commented out one line in ssl/tls1.h that appears to control presence of this "TLS padding" modification, like so:

/* #define TLSEXT_TYPE_padding 21 */

Compiled again, put the library .so files in place, restarted sendmail, and out went the queued mail with no problems. I hope I haven't opened up new issues as a result.