1

How do I get a successful request for a certificate from one Linux server to a Linux server that is a certificate authority? I'm using Centos 7 on both servers on the network. I'm using an OpenSSL version from January 2013 on each server.

My /etc/ssh/sshd_config file on both Linux servers is configured to allow ports 22, 443, 8140, and 61610. I tested these ports being open with ssh -p commands so there are no firewall issues stopping me. I ran openssl s_client -connect :8140 --showcerts

The output showed this:

... no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 0 bytes. --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session ...

The server that I ran it on needs to get a certificate on the remote server. Other commands leading up to this post brought me to this point. I have a Linux server that needs a certificate for my project. It isn't working.

How do I interpret this output to ensure OpenSSL is working? I can SSH between the machines. But problems arising from my separate project lead me to believe that OpenSSL isn't configured properly.

Can two Linux servers use SSH when different versions of OpenSSL are installed in each of them? I have tried the openssl command above when both versions were the exactly same. I also tried a newer version of OpenSSL on one server.

Improve this question
3
  • 1
    If a port, here apparently 8410, is served by sshd, it is using the SSH protocol. You can only connect to that port using the SSH protocol, such as the ssh program. The OpenSSL package, and the openssl program, implement the SSL/TLS protocol which is a different protocol and cannot connect to a port of a program running the SSH protocol like sshd. Different versions of SSL/TLS are upward compatible, and there is only one version of SSH currently in use, different variants of which are compatible, but no version of SSL/TLS is compatible with SSH. Commented Jan 16, 2016 at 5:24
  • My testing suggests that this isn't true. I did some basic OpenSSL commands. I think you mean port 8140. Commented Jan 20, 2016 at 2:42
  • Yes I mistyped your port number. I assume(d) by 'sshd_config ... allow ports' you meant adding/changing Port values in sshd_config. If so, sshd listens on those ports and accepts connections using SSH protocol only. openssl s_client does not do SSH protocol, period full stop. I don't know what you did do unless you give specifics, but I'll bet $100 right now you can't connect to sshd with openssl s_client (unless you've completely replaced the source of openssl/apps/s_client.c). Commented Jan 21, 2016 at 4:07

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.