search for: certfic

Displaying 19 results from an estimated 19 matches for "certfic".

Did you mean: certific
2012 Oct 15
3
Puppet 3 and master cert error ...
...tch the agent''s private key. Certificate fingerprint: 8F:24:92:B9:89:0C:E7:04:C5:3F:B6:11:F8:13:4B:6A:9E:F4:EA:08:E7:4E:75:1B:DA:1C:A6:47:04:DB:55:81 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean netadmin.domain.tld On the agent: rm -f /var/lib/puppet/ssl/certs/netadmin.domain.tld.pem puppet agent -t Error: Try ''puppet help ca list'' for usage Does anyone have an idea what is going on here? if not I will open a ticket. -- You...
2013 Aug 12
0
Asterisk WebRTC Support : WSS connection setup fails with error:00000000
...k pbx via wss, from sipml5.org demo page (http://sipml5.org/call.htm). I used the guide from https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial , to setup the tls. I could make a secure sip call ( SRTP) using the PhonerLite sip client. ( This confirms my sip - tls settings and tls certficates. ( I'd added the tls client certficate file to the configuration of the the sip client) In the WSS option, I assume browsers negotiates for the the tls certficate and keys. Below are my debug code and the brief logs, http.conf : Here, ssl_err is my addition to debug further, in main/tcp...
2011 Jun 17
7
Questions for puppet 2.6.8 client certificate management
How do I initiate a certificate request without going into non-daemon mode ? According to "Pro Puppet" book, so far the only way I know that can trigger a certficate request with puppet master is like this puppet agent --server=puppetmaster.test.com --no-daemonize --verbose but doing so will break my intention of automation I need to create a puppet client package. A control-C is needed to terminate the process. I have puppetmaster configured to be auto g...
2012 Nov 29
7
Puppet CA corruption
...wing: Error: The certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: *<fingerprint removed>* To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean puppetmaster.site On the agent: rm -f /var/lib/puppet/ssl/certs/puppetmaster.site.pem puppet agent -t Error: Try ''puppet help ca list'' for usage I have tried following said instructions which did not work at all. Eventually I was able...
2008 Apr 17
1
Multiple ssl certificates
Hello, I wonder if there is some possibility to force dovecot to use more than one ssl certificate. I would like to use a few certficates: one per IP We are hosting many different domains and I had to use stunnel to ensure encrypted connection for our clients using different certificates. But stunnel isn't a good solution and sometimes I need to restart stunnels because of some of it's processes hangs - after some improv...
2005 Aug 07
1
Question about SSL/TLS for ldap and samba
...penLDAP library still provides support for the older method of securing communication between clients and servers." What is the difference between LDAPs and ldapv3 start-tls ? I select the ldaps protocol in my smb.conf because I don't kown how samba manage certificate. If samba can use a certficate, it's not a problem. But I think that samba use the certificate used with openLDAP client. If is exact can I suggest to add some parameter in smb.cobnf for specify certificate for samba only. thanks St?phane Purnelle - -- St?phane Purnelle <stephane.purnelle@tiscali.be> Site W...
2014 Oct 24
1
What is a client certificate?
...my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I call the client certificate *.crt in /etc/pki/tls/certs/ . But I notice that there at www.cacert.org there is a Client Certificate folder as well as the Server Certificate folder, and it seems that one can create a "client certificate" there....
2012 Aug 13
4
CA and multiple masters
I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To
2016 Apr 15
5
file rights tls key files.
Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not
2012 Feb 29
3
Private key troubles after a new install and a reboot
...certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: E5:B1:52:B2:DC:DE:8C:DE:A7:AF:ED: 19:C8:E3:F5:12 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean client.domain.com On the agent: rm -f /var/lib/puppet/ssl/certs/client.domain.com.pem puppet agent -t If I do what it says, then puppet gets new certs (I guess that''s what it''s doing) and everything works fine. But I cannot figure out w...
2016 Apr 15
0
file rights tls key files.
...nd what your saying. But i have a "server" certificate, which i use for multple services. And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. And why does the key file ( any certficicate file ) a 6, 4 is sufficient. Its just not logical make copies of the certificates thats not why i have a "server" certificate... Im just not happy with samba "enforcing" my security settings.. So anyway to overrule this? Greetz, Louis > -----Oorspronkelijk...
2016 Apr 15
1
file rights tls key files.
...ng. > > But i have a "server" certificate, which i use for multple services. > And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. > And why does the key file ( any certficicate file ) a 6, 4 is sufficient. > > Its just not logical make copies of the certificates thats not why i have a "server" certificate... > > Im just not happy with samba "enforcing" my security settings.. > So anyway to overrule this? > > > Greetz, >...
2012 Mar 26
0
puppetca trouble (The certificate retrieved from the master does not match the agent's private key)
...certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: D1:B4:88:24:24:31:FA:13:90:FA:1F:8A:CB:BF:2D:AB To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean foreman-proxy.example.com On the agent: rm -f /var/lib/puppet/ssl/certs/foreman-proxy.example.com.pem puppet agent -t i have tried the suggested solution, but i have no success. The normal puppet run works without Problems any idea? rgds flo -- You...
2010 Jun 07
3
X509 based certificate authentication in OpenSSH
Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik
2005 Mar 12
2
corrupted inboxes
...ar 11 14:59:18 core postfix/smtp[8250]: verify error:num=19:self signed certificate in certificate chain Mar 11 14:59:18 core postfix/smtp[8250]: Peer verification: CommonName in certificate does not match: tloin.butterzone.net != blade.butterzone.net Mar 11 14:59:18 core postfix/smtp[8250]: Peer certficate could not be verified Mar 11 14:59:18 core postfix/smtp[8250]: 6F63A2798580: to=<r at butterzone.net>, orig_to=<r-ethr at kuci.org>, relay=blade.butterzone.net[208.37.27.136], delay=0, status=sent (250 Ok: queued as 4783AC2C130) Mar 11 14:59:18 core postfix/qmgr[7238]: 6F63A27985...
2003 May 07
4
VPN through BSD for Win2k, totally baffled
Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and
2005 Nov 26
7
Reflections on Trusting Trust
or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are
2012 Jul 09
11
manifest for files executable on windows
Hello Puppet Users, I need a puppet master (Ubuntu) to push the executable files to the agent (windows 7) and install those executables I believe the manifest file should be set up to push such config to the windows agent. I came up with something like this: class wireshark { exec { ''wireshark'': command =>
2013 Feb 16
22
How to manually create Puppet CA and client certificates using openssl?
...rtificate fingerprint: 4F:08:AE:01:B9:14:AC:A4:EA:A7:92:D7:02:E9:34:39:1C:5F:0D:93:A0:85:1C:CF:68:E4:52:B8:25:D1:11:64 Feb 16 09:35:20 test puppet-master[81728]: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. Feb 16 09:35:20 test puppet-master[81728]: On the master: Feb 16 09:35:20 test puppet-master[81728]: puppet cert clean test Feb 16 09:35:20 test puppet-master[81728]: On the agent: Feb 16 09:35:20 test puppet-master[81728]: rm -f /var/puppet/ssl/certs/test.pem Feb 16 09:35:20 test puppet-ma...