search for: certficates

Hey all, after installing the 3.0.0 version of puppet (debian package from puppetlabs), doing the initial config, doing an initial start of master to generate the certs needed and then starting apache with passenger to control puppetmaster. I can do: puppet ca list --all and get a listing of the certs in the system (initially only the master). afterwards, on the client node, I run: puppet

...k pbx via wss, from sipml5.org demo page (http://sipml5.org/call.htm). I used the guide from https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial , to setup the tls. I could make a secure sip call ( SRTP) using the PhonerLite sip client. ( This confirms my sip - tls settings and tls certficates. ( I'd added the tls client certficate file to the configuration of the the sip client) In the WSS option, I assume browsers negotiates for the the tls certficate and keys. Below are my debug code and the brief logs, http.conf : Here, ssl_err is my addition to debug further, in main/tcptls....

How do I initiate a certificate request without going into non-daemon mode ? According to "Pro Puppet" book, so far the only way I know that can trigger a certficate request with puppet master is like this puppet agent --server=puppetmaster.test.com --no-daemonize --verbose but doing so will break my intention of automation I need to create a puppet client package. A control-C is

Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the ''bad'' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens

Hello, I wonder if there is some possibility to force dovecot to use more than one ssl certificate. I would like to use a few certficates: one per IP We are hosting many different domains and I had to use stunnel to ensure encrypted connection for our clients using different certificates. But stunnel isn't a good solution and sometimes I need to restart stunnels because of some of it's processes hangs - after some improvemen...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I read in samba-howto-collection : "To remedy the first security issue, the ldap ssl |smb.conf| parameter defaults to require an encrypted session (ldap ssl = on) using the default port of |636| when contacting the directory server. When using an OpenLDAP server, it is possible to use the StartTLS LDAP extended operation in the place of

A very ignorant question, sans doute. I get my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I

I did a quick look for it but I could not find it. When it comes to puppet masters, is it required to copy the puppet/ssl/ca directory to each puppet master or is there a configuration to make the puppet master not try to generate its own CA if there is a ca_server option specified? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To

Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not

Ok, I''m new to puppet, but I''ve got everything working for my setup. Almost. I''m trying to set up a new server, using cobbler, and then puppet. CentOS 6.2 Puppet 2.7.11 Cobbler 2.0.11 I have things set up so I can use kickstart to install the server on boot. It installs puppet and facter from the puppetlabs repos and the snippet

Yes, i can understand what your saying. But i have a "server" certificate, which i use for multple services. And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. And why does the key file ( any certficicate file ) a 6, 4 is sufficient. Its just not logical make copies of

On 15/04/16 10:12, L.P.H. van Belle wrote: > Yes, i can understand what your saying. > > But i have a "server" certificate, which i use for multple services. > And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. > And why does the key file ( any certficicate

Hi @all, i have a foreman-proxy server, build from scratch, works fine and i can build unattended hosts. I don''t want to configure all my foreman-proxys manually, so i build them in puppet, and only setup the OS (SL) and basic puppet config manually. I can run the puppet configuration sucsessfully, my config is exactly what i want, but i am unable to build unattended hosts anymore,

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

Hi all, Two users on our system have recently had trouble reading their inbox, and it seems to be a result of their inbox getting corrupted. In the most recent case, their Mailbox file (in /home/eric/Mailbox in this case), has the following as the first line: cnw.igmg-- Here's a piece of the logs below... if you look for "eric", there's a successfully delivery,

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

Hello Puppet Users, I need a puppet master (Ubuntu) to push the executable files to the agent (windows 7) and install those executables I believe the manifest file should be set up to push such config to the windows agent. I came up with something like this: class wireshark { exec { ''wireshark'': command =>

I am wondering how to manually (using openssl instead of puppet cert command) create CA that would be usable by Puppet? The goal would be to script creation of such CA''s to deploy them on multiple puppetmasters, instead of certificates being created on them via puppet cert command. Any ideas on how to do it? I was only able to find something like that: