search for: certfic

...tch the agent''s private key. Certificate fingerprint: 8F:24:92:B9:89:0C:E7:04:C5:3F:B6:11:F8:13:4B:6A:9E:F4:EA:08:E7:4E:75:1B:DA:1C:A6:47:04:DB:55:81 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean netadmin.domain.tld On the agent: rm -f /var/lib/puppet/ssl/certs/netadmin.domain.tld.pem puppet agent -t Error: Try ''puppet help ca list'' for usage Does anyone have an idea what is going on here? if not I will open a ticket. -- You...

...k pbx via wss, from sipml5.org demo page (http://sipml5.org/call.htm). I used the guide from https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial , to setup the tls. I could make a secure sip call ( SRTP) using the PhonerLite sip client. ( This confirms my sip - tls settings and tls certficates. ( I'd added the tls client certficate file to the configuration of the the sip client) In the WSS option, I assume browsers negotiates for the the tls certficate and keys. Below are my debug code and the brief logs, http.conf : Here, ssl_err is my addition to debug further, in main/tcp...

How do I initiate a certificate request without going into non-daemon mode ? According to "Pro Puppet" book, so far the only way I know that can trigger a certficate request with puppet master is like this puppet agent --server=puppetmaster.test.com --no-daemonize --verbose but doing so will break my intention of automation I need to create a puppet client package. A control-C is needed to terminate the process. I have puppetmaster configured to be auto g...

...wing: Error: The certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: *<fingerprint removed>* To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean puppetmaster.site On the agent: rm -f /var/lib/puppet/ssl/certs/puppetmaster.site.pem puppet agent -t Error: Try ''puppet help ca list'' for usage I have tried following said instructions which did not work at all. Eventually I was able...

Hello, I wonder if there is some possibility to force dovecot to use more than one ssl certificate. I would like to use a few certficates: one per IP We are hosting many different domains and I had to use stunnel to ensure encrypted connection for our clients using different certificates. But stunnel isn't a good solution and sometimes I need to restart stunnels because of some of it's processes hangs - after some improv...

...penLDAP library still provides support for the older method of securing communication between clients and servers." What is the difference between LDAPs and ldapv3 start-tls ? I select the ldaps protocol in my smb.conf because I don't kown how samba manage certificate. If samba can use a certficate, it's not a problem. But I think that samba use the certificate used with openLDAP client. If is exact can I suggest to add some parameter in smb.cobnf for specify certificate for samba only. thanks St?phane Purnelle - -- St?phane Purnelle <stephane.purnelle@tiscali.be> Site W...

...my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I call the client certificate *.crt in /etc/pki/tls/certs/ . But I notice that there at www.cacert.org there is a Client Certificate folder as well as the Server Certificate folder, and it seems that one can create a "client certificate" there....

I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To

Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not

...certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: E5:B1:52:B2:DC:DE:8C:DE:A7:AF:ED: 19:C8:E3:F5:12 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean client.domain.com On the agent: rm -f /var/lib/puppet/ssl/certs/client.domain.com.pem puppet agent -t If I do what it says, then puppet gets new certs (I guess that''s what it''s doing) and everything works fine. But I cannot figure out w...

...nd what your saying. But i have a "server" certificate, which i use for multple services. And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. And why does the key file ( any certficicate file ) a 6, 4 is sufficient. Its just not logical make copies of the certificates thats not why i have a "server" certificate... Im just not happy with samba "enforcing" my security settings.. So anyway to overrule this? Greetz, Louis > -----Oorspronkelijk...

...ng. > > But i have a "server" certificate, which i use for multple services. > And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. > And why does the key file ( any certficicate file ) a 6, 4 is sufficient. > > Its just not logical make copies of the certificates thats not why i have a "server" certificate... > > Im just not happy with samba "enforcing" my security settings.. > So anyway to overrule this? > > > Greetz, >...

...certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: D1:B4:88:24:24:31:FA:13:90:FA:1F:8A:CB:BF:2D:AB To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean foreman-proxy.example.com On the agent: rm -f /var/lib/puppet/ssl/certs/foreman-proxy.example.com.pem puppet agent -t i have tried the suggested solution, but i have no success. The normal puppet run works without Problems any idea? rgds flo -- You...

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

...ar 11 14:59:18 core postfix/smtp[8250]: verify error:num=19:self signed certificate in certificate chain Mar 11 14:59:18 core postfix/smtp[8250]: Peer verification: CommonName in certificate does not match: tloin.butterzone.net != blade.butterzone.net Mar 11 14:59:18 core postfix/smtp[8250]: Peer certficate could not be verified Mar 11 14:59:18 core postfix/smtp[8250]: 6F63A2798580: to=<r at butterzone.net>, orig_to=<r-ethr at kuci.org>, relay=blade.butterzone.net[208.37.27.136], delay=0, status=sent (250 Ok: queued as 4783AC2C130) Mar 11 14:59:18 core postfix/qmgr[7238]: 6F63A27985...

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

Hello Puppet Users, I need a puppet master (Ubuntu) to push the executable files to the agent (windows 7) and install those executables I believe the manifest file should be set up to push such config to the windows agent. I came up with something like this: class wireshark { exec { ''wireshark'': command =>

...rtificate fingerprint: 4F:08:AE:01:B9:14:AC:A4:EA:A7:92:D7:02:E9:34:39:1C:5F:0D:93:A0:85:1C:CF:68:E4:52:B8:25:D1:11:64 Feb 16 09:35:20 test puppet-master[81728]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. Feb 16 09:35:20 test puppet-master[81728]: On the master: Feb 16 09:35:20 test puppet-master[81728]: puppet cert clean test Feb 16 09:35:20 test puppet-master[81728]: On the agent: Feb 16 09:35:20 test puppet-master[81728]: rm -f /var/puppet/ssl/certs/test.pem Feb 16 09:35:20 test puppet-ma...