search for: cakey

...on.. and it works, but I have to manage a lot of keys. And certify each kind of users with the right key. Is there a way to add in the client certificate the name of the host authorized to log in to? With that I could still use only one CA and certify anyone behind it, a kind of: ssh-keygen -s CAKey -I CA -n user1 -O destination_address server1,192.168.19.2 user_rsa_key.pub But the destination_address option doesn't exists... So, am I doing rights with my multiple CA? Or there is a better way? Thanks, Envoy? avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com

...txt cd /opt/LocalCA PATH=/opt/openssl/bin:$PATH export PATH OPENSSL_CONF=/opt/LocalCA/LocalCA.cnf export OPENSSL_CONF openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1825 Then made following files: /opt/LocalCA/cacert.pem # CA public certificate /opt/LocalCA/private/cakey.pem # CA private key Then i performed 2 actions: mv /opt/LocalCA/cacert.pem /usr/share/ssl/certs/dovecot.pem mv /opt/LocalCA/cakey.pem /usr/shar/ssl/private/dovecot.pem Now,I run service dovecot start & i received following line: Starting IMAP daemon (dovecot): [ OK...

...::CERTPATHLEN keyUsage=$ENV::CERTUSAGE [x509v3_IPAddr] subjectAltName=IP:$ENV::CERTIP [x509v3_DNSName] subjectAltName=DNS:$ENV::CERTDNS EOF $ CERTDNS=myipaddr; export CERTDNS $ openssl req -new -key /etc/ssh_host_rsa_key -out HOSTKEY.csr $ openssl x509 -req -days 365 -in HOSTKEY.csr -CA ca.crt \ -CAkey ca.key -CAcreateserial \ -extfile x509v3.cnf -extensions x509v3_DNSName \ -out HOSTKEY.crt $ umask 077 $ cat /etc/ssh_host_rsa_key HOSTKEY.crt > /etc/ssh_host_rsa_key+cert $ echo HostKey /etc/ssh_host_rsa_key+cert > sshd_config-test $ sudo sshd -p 2222 -ddd -f sshd_config-test Index: auth...

...imap pop3" service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_ca = >/etc/ssl/certs/01.pem ssl_cert = </etc/ssl/certs/cacert.pem ssl_key = </etc/ssl/private/cakey.pem ssl_key_password = # hidden, use -P to show it ssl_protocols = TLSv1 ssl_verify_client_cert = yes userdb { driver = passwd } ---------------------------------------------------------- Thanhs & Regards Baskaranand

...referring to : https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login I have my forest working , users .etc. I'm now trying to generate the root CA. Using the template in the wiki , When I try to openssl req -new req -new -x509 -days 3650 -sha256 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf I get the following error : problem creating object msSmartcardLogin=1.3.6.1.4.1.311.20.2.2 140375913190464:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:698: I already tried to replace sca...

...(to use in internal web/email servers) but the process is aborting. I can generate the CA OK but when I try to generate the client... openssl ca -days 365 -out certs/xxxx.crt -in csr/xxx.csr -config ../tls/openssl.cnf Using configuration from ../tls/openssl.cnf Enter pass phrase for ../CA/private/cakey.pem: wrong number of fields on line 1 (looking for field 6, got 1, '' left) Any ideas? The openssl.cnf is the one that comes with the distro with the following modification: --- ../tls/openssl.cnf 2006-06-01 16:29:56.000000000 -0400 +++ ../tls/openssl.cnf.orig 2006-06-01 15:29:15.0...

...reated using SWAT # from localhost (127.0.0.1) # Date: 2000/07/04 11:04:02 # Global parameters [global] encrypt passwords = Yes lock directory = /var/lock/samba smb passwd file=/private/smbpasswd ssl=yes ssl server cert=/etc/certificates/cacert.pem ssl server key=/etc/certificates/private/cakey.pem ssl CA certDir=/etc/certificates [home] comment = Home Directories path = /home/selma valid users = selma writeable = Yes create mask = 0750 browseable = No [tmp] comment = Temporary file space path = /tmp writeable = Yes guest ok = Yes [public] comment = Public Stuff path = /ho...

...n"].value - name += "." + domain - end cert = Certificate.new( - :name => name, + :name => Puppet[:caname], :cert => @config[:cacert], :encrypt => @config[:capass], :key => @config[:cakey],

...drwxr-xr-x 96 root root 12288 Aug 12 04:02 /etc drwxr-xr-x 5 root root 4096 Aug 11 15:44 /etc/mail dr-xr-xr-x 2 mail mail 4096 Aug 11 14:42 /etc/mail/certs [root at mail ~]# ls -l /etc/mail/certs -rw------- 1 mail mail 1371 Aug 11 12:15 cacert.pem -rw------- 1 mail mail 963 Aug 11 12:15 cakey.pem -rw-r--r-- 1 root root 1952422 Aug 11 14:26 revoke.crl -rw------- 1 mail mail 2258 Aug 11 12:16 sendmail.pem Any ideas, what I should check next? This might be a Sendmail bug - it resembles this Debian bug, which also gives a "unsafe - no permission" error as a symptom. http://w...

...eddir = /etc//opt/csw/puppet/ssl/ca/signed autosign = /etc//opt/csw/puppet/autosign.conf cert_inventory = /etc//opt/csw/puppet/ssl/ca/inventory.txt cacert = /etc//opt/csw/puppet/ssl/ca/ca_crt.pem caprivatedir = /etc//opt/csw/puppet/ssl/ca/private capass = /etc//opt/csw/puppet/ssl/ca/private/ca.pass cakey = /etc//opt/csw/puppet/ssl/ca/ca_key.pem csrdir = /etc//opt/csw/puppet/ssl/ca/requests serial = /etc//opt/csw/puppet/ssl/ca/serial cacrl = /etc//opt/csw/puppet/ssl/ca/ca_crl.pem cadir = /etc//opt/csw/puppet/ssl/ca capub = /etc//opt/csw/puppet/ssl/ca/ca_pub.pem certdir = /etc//opt/csw/puppet/ssl/cer...

...ess = "" bucketdir = /var/lib/puppet/bucket ca = true ca_days = "" ca_md = md5 ca_name = Puppet CA: vusion-production ca_port = 8140 ca_server = puppet ca_ttl = 5y cacert = /var/lib/puppet/ssl/ca/ca_crt.pem cacrl = /var/lib/puppet/ssl/ca/ca_crl.pem cadir = /var/lib/puppet/ssl/ca cakey = /var/lib/puppet/ssl/ca/ca_key.pem capass = /var/lib/puppet/ssl/ca/private/ca.pass caprivatedir = /var/lib/puppet/ssl/ca/private capub = /var/lib/puppet/ssl/ca/ca_pub.pem catalog_format = "" catalog_terminus = compiler cert_inventory = /var/lib/puppet/ssl/ca/inventory.txt certdir = /var/...

...te a keypair, request, then sign with the above CA and save the files ssldir/public_keys/puppetsrv.pem, ssldir/private_keys/puppetsrv.pem, ssldir/certificate_requests/puppetsrv.pem, ssldir/certs/puppetsrv.pem (All certs work fine with openssl verify) 3. Puppet configuration file: ca = false cakey=$ssldir/ca.prk passfile=$ssldir/ca.pass cacert=$ssldir/ca.crt capub=$ssldir/ca.puk 4. run puppet master: /usr/sbin/puppetmasterd --no-daemonize --verbose --debug --certname puppetsrv Full log (added some breakpoints and printed some tracebacks): debug: Failed to load library ''...

...to ''1024'' debug: ca: Setting autosign to ''$confdir/autosign.conf'' debug: ca: Setting cacrl to ''$cadir/ca_crl.pem'' debug: ca: Setting ca to ''true'' debug: ca: Setting serial to ''$cadir/serial'' debug: ca: Setting cakey to ''$cadir/ca_key.pem'' debug: ca: Setting capub to ''$cadir/ca_pub.pem'' debug: ca: Setting ca_ttl to ''5y'' debug: ca: Setting cacert to ''$cadir/ca_crt.pem'' debug: fileserver: Setting fileserverconfig to ''$confdir/fileser...

...-State]:Noordholland Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Internet Widgits Pty Ltd]:AHM Organizational Unit Name (eg, section) []:Suckers from Hell Common Name (eg, YOUR name) []:smb.ahm.nl Email Address []:. % This creates demoCA/cacert.pem and demoCA/private/cakey.pem (CA cert and private key). Make your server certificate signing request (CSR): Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:Noordholland Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Internet Widgits Pty Ltd]:AHM Organizati...

...nd client. They don''t differ from the generated defaults only in --genconfig = false, but here are they: [main] genconfig = false railslog = /var/puppet/log/rails.log dblocation = /var/puppet/state/clientconfigs.sqlite3 cert_inventory = /etc/puppet/ssl/ca/inventory.txt cakey = /etc/puppet/ssl/ca/ca_key.pem caprivatedir = /etc/puppet/ssl/ca/private capass = /etc/puppet/ssl/ca/private/ca.pass cadir = /etc/puppet/ssl/ca capub = /etc/puppet/ssl/ca/ca_pub.pem csrdir = /etc/puppet/ssl/ca/requests serial = /etc/puppet/ssl/ca/serial cacert = /etc/pu...

...keylength = 1024 # The name to use the Certificate Authority certificate. # The default value is ''Puppet CA: $certname''. ca_name = Puppet CA: ip-10-36-11-244.ec2.internal # The CA private key. # The default value is ''$cadir/ca_key.pem''. cakey = /etc/puppet/ssl/ca/ca_key.pem # Where the CA stores private certificate information. # The default value is ''$cadir/private''. caprivatedir = /etc/puppet/ssl/ca/private # Tags to use to find resources. If this is set, then # only resources tagged with the s...

.../ssl/ca/signed]{:links=>:follow, :ensure=>:directory, :backup=>false, :mode=>"770", :loglevel=>:debug, :path=>"/var/lib/puppet/.puppet/ssl/ca/signed"}'' Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: Using settings: adding file resource ''cakey'': ''File[/var/lib/puppet/.puppet/ssl/ca/ca_key.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :mode=>"660", :loglevel=>:debug, :path=>"/var/lib/puppet/.puppet/ssl/ca/ca_key.pem"}'' Aug 7 14:33:38 puppetmaster-02 puppet-master[27...

Warning - Puppet newby here. I am trying to set up a puppetmaster 3.3.2 and have run into a snag right out of the box. I want to add a new directory to modulepath= in /etc/puppet/puppet.conf So I added the following line in the [main] header modulepath = /etc/puppet/modules:/opt/our-repo/puppetmaster/modules And populated new new directory with modules I have written. I then run puppet

I''m running a previously working set of modules with the Puppet master version 3.1.0-rc2. I''m getting the Error: stack level too deep Here is a chunk of the debug Debug: Scope(Class[Zabbix]): Retrieving template zabbix/zabbix.conf.php.erb Debug: template[/etc/puppet/environments/production/modules/zabbix/templates/zabbix.conf.php.erb]: Bound template variables for