search for: caroot

Thanks for the response. My current chain is as follows: caroot -> child-ca1 -> server cert My cacert.pem file has both the caroot and the child-ca1 certs. I have recompiled libvirt on my machine with some extra debug statements and verified that both the caroot cert and the child-ca1 certs are being loaded. But when I try to connect the caroot and child...

I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these

On Tue, Apr 22, 2014 at 08:24:43AM -0600, Nathaniel Cook wrote: > Thanks for the response. > > My current chain is as follows: > > caroot -> child-ca1 -> server cert > > My cacert.pem file has both the caroot and the child-ca1 certs. I have > recompiled libvirt on my machine with some extra debug statements and > verified that both the caroot cert and the child-ca1 certs are being > loaded. But when I try to con...

...f } The file dovecot-ldap.conf is correct and LDAP authentication is working well. We would like to make it possible for users with a X.509 client certificate to log in without providing LDAP or any other credentials. Is there something like: passdb x509 { args = /pfx/etc/dovecot/dovecot-caroots.pem nopwd = yes } ...avaibable, or is there another solution? Thanks, Brian

...ertificate CA names" look > right. The problem is that the certificate chain is just the single server > cert and does not include the intermediate cert or root cert. As a result > clients from other intermediate CAs fail to verify the libvirtd process. If you have a chain of CAs caroot -> child-ca1 -> child-ca2 -> server cert Then the cacert.pem file you create on the clients / server must include the certs for caroot, child-ca1 and child-ca2 all in one file. You can basically just concatenate the .pem files for all the CAs into one file and gnutls will load all the CA...

...e the DNS to bind9_DLZ. But now we know where to look, Rowland may be able to say things about the internal DNS. Everything below here is atm, not really relevant, above needs to be fixed first. Few other questions, are you running a Cert server on the MS server, if so, make sure you export the CARoot cert and add it on you samba servers and create the samba client certificates. After thats done, and the dns is checked again then we can look at: > '(&(flatname=DARAM)(objectclass=primaryDomain))' base: > 'cn=Primary Domains': No such object: dsdb_search at > ../...

Hello, I think I really need some help on this. Since Samba 4.2.11 upgrade my Windows 10 clients are unable to synchronize group policies. I have asked about this already here <https://lists.samba.org/archive/samba/2016-April/199226.html>. Now I re-investigate the issue with Windows 10 1607 update and still face the same issue which prevents me from rolling out this configuration in

...a_AD_DC ( missing on that site : add TLS_REQCERT allow  to ldap.conf )     Or a simple setup with own cert. https://www.spinics.net/lists/samba/msg134098.html Its debian minded but translate it to your os, most is same.   Or make them manually https://www.google.nl/search?q=setup+own+caroot#q=openssl+create+self+signed+certificate pik one.     Now, for the other problem, after above is done/checked.   You can clear you GPO history on the pc. Its recreated when you reboot/login again, so now worries..   @echo off DEL /S /F /Q “%ALLUSERSPROFILE%\Application Data\Microsoft\...

Hai, I had a quick look. Barry, can you get this script and run it. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Then post the results to the list. It collects all info i need to have a better look. I have a few ideas, this might be a resolving order problem, i've based on the errors below. Can you also post the output of bind from the point its