search for: certificates

I suggest deprecating proprietary SSH certificates and move to X.509 certificates. The reasons why I suggest this change are: X.509 certificates are the standard on the web, SSH certificates provide no way to revoke compromised certificates, and SSH certificates haven't seen significant adoption, It's also a bad idea to roll your own crypto...

...Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: sapdisk.intranet.ufz.de] ---pins--- On sapdisk, I see two certificates (puppet cert list --all), one for the server (sapdisk) itself, one for the client (rz36test2). The client certificate is transferred to the client - it is present in /var/lib/puppet/ssl/certs. How do I get around this error? Regards, Werner -- -- You received this message because you are subs...

In reading through the mailing list, this question seems to have come up before, but never quite answered. I bought a certificate from Digital Signature Trust which is a well known certificate authority. The reason I bought my certificate, was so that email clients connecting to my imaps server wouldn't be bothered with warnings of unrecognized certificate authority as they would see with a

...RSION" "1.0" OK "Dovecot ready." STARTTLS OK "Begin TLS negotiation now." --> At this point the TLS process does not proceed. When I press CTRL-D I get the following output: *** Starting TLS handshake - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA Elektroanlagen GmbH,OU=Mail Server,CN=mail.novanetwork.local', issuer `C=DE,ST=Baden-Wuerttemberg,O=NOVA Elektroanlagen GmbH,OU=NOVA Intermediate CA,CN=NOVA Intermediate CA', RSA key 2048 bits, signed usi...

How can I revoke one SSH certificate without having to replace the root certificate and all certificates signed by it? Regarding the second statement, do you have sources? On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: > >> SSH certificates provide no >> way to rev...

Excuse dopey question. I'm not exactly clear about certificates. Apache2 default install has this snake oil certificate Can make a new one for apache Can make one for dovecot Can make one for ssl Is there supposed to be the one (self signed ) certificate pair in one place for the machine that each process hands out ? Can they be moved to another machine ? mic...

Hi, I have a puppet master and agent installed. I want to generate and configure master-agent certificate and followed the steps: Master: ========== 1. Cleaned up all certificate on Master: [root@puppet-server manifests]# puppet cert sign --all No waiting certificate requests to sign [root@puppet-server manifests]# puppet cert clean --all notice: Revoked

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not

...able to one person. On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: >> How can I revoke one SSH certificate without having to replace the >> root certificate and all certificates signed by it? > > there is no chaining of ssh certificates. > >> Regarding the second statement, do you have sources? > > yes. my day job. > >> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote: >>> On Thu, May 24, 2018 at 8:36 PM,...

Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I''ll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot

...9;'t be verified in this SSL session notice: Did not receive certificate info: Requesting certificate warning: peer certificate won''t be verified in this SSL session info: Retrieving facts err: fact_collector/file=/usr/local/.aqadmin/puppet/var/facts/source: Could not describe /facts: Certificates were not trusted: certificate verify failed notice: fact_collector/file=/usr/local/.aqadmin/puppet/var/facts: source puppet://xxxxxxxxxxxx/facts does not exist err: fact_collector/file=/usr/local/.aqadmin/puppet/var/facts/source: Could not describe /facts: Certificates were not trusted: certific...

Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never able to generate a certificate because my server never shows any pending certificate requests. Put differently, on the server I am running puppetmasterd and on the client I am able to connect to the server, but the client continues printing notice: Did not receive certificate warning: peer certificate

Thanks Ralph, i?ll look into that. I think let?s encrypt uses certbot though and it can?t do email certificates (although i?m sure i can convert the cert i get from let?s encrypt, i?ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > > On 09.08.2017 17:20, Alef Veld wrote: > >> So i?m using dovecot, and i created a self signed certifi...

Here we go with puppet 0.25 certificate problems again. I had a system where puppet was running fine. I reinstalled it. Running puppet on the client causes this: "Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key". Fine... so I run ''puppetca --clean

I see these messages every time fetchmail pops my mail. I don't understand what certificates it is talking about, or how to straighten this out. fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com fetchmail: Server certificate verification error: self signed certificate fetchmail: Server certificate verification error: certificate has expired What do I need to read up o...

>>>>>> facing [ no shared cipher ] error with EC private keys. >>>>> the client connecting to your instance has to support ecdsa >>>>> >>>>> >>>> It does - Thunderbird 60.0b10 (64-bit) >>>> >>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >>>> >>>> It seems there is

...3650 mail.example.com My doubt is , 1. I have to install a SSL certificate for for web server (apache case). I am planning to purchase a SSL certificate and put it. The same certificate will be useful for both web server and mail server OR both web and mail server needs to separate separate SSL certificates. 2. I hope for web server case, one must purchase a ssl certificate and use it (so that browsers will work smoothly without complain). For mail server can one use locally generated ssl certificate? Kindly let me know. Best Regards Austin

Dear All, The good news is that the new llvm.org SSL certificate is installed and appears to be configured correctly. The bad news is that some machines seem to recognize the intermediate SSL certificate (which is apparently used to sign the SSL certificates UIUC buys starting this year) while others do not. In particular, our internal Linux machines show no errors, while our Macs and llvm.org's SVN client do. If you see this error message: Error validating server certificate for 'https://llvm.org:443': - The certificate is not issu...

...When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two intermediates. Apparently it’s reading the intermediate from both files and using both for all situations, rather than using only the intermediate in the RSA file for RSA certificates, and the intermediate in the ECDSA file for ECDSA certificates. I expect this will be a bigger problem when Let’s Encrypt starts using ECDSA intermediates. </div> </blockquote> <blockquote type="cite"> <div> Removing the intermediate from the ssl...

Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using, when configuring Thunderbird, the same CN that was signed by Verisign for the web usage i've enabled verbose_ssl and got when thun...