search for: certpath

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Citeren Emilien Kia <emilienkia-guest op alioth.debian.org>: > Author: emilienkia-guest > Date: Fri Jan 7 14:44:25 2011 > New Revision: 2809 > URL: http://trac.networkupstools.org/projects/nut/changeset/2809 > > Log: > Deprecate CERTFILE conf var to the benefit of CERTPATH : homogenize > conf directive names. > > Modified: > branches/ssl-nss-port/server/conf.c This patch breaks existing OpenSSL installations without valid reason, so I don't think this is a good idea. It would be better to use CERTFILE if OpenSSL is used and CERTPATH (and fr...

...#39;s certificate verifications discussion in the mailing-list, I have done some tests with nut trunk and - if my config is not too bad - I think ther is a bug with server certificate verification. With a clean trunk checkout, compile and installation; and with the following config : upsmon.conf: CERTPATH /usr/local/ups/etc/cert/ CERTVERIFY 1 FORCESSL 1 Upsd.conf: CERTFILE /usr/local/ups/etc/upsd1.pem And /usr/local/ups/etc/cert/ is empty (no file). When I start upsd and upsmon, there is a valid SSL connection between them. So, do I misunderstand CERTVERIFY directive ? Or is there a bug ? Can yo...

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: > On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutl...

...andled in 'netssl.c', not here. We really don't want to mess with this here, to prevent having to change 'conf.c' too often when something changes in the NSS code. Likewise, it would be useful if this would only be compiled in if the NSS library is actually used (same for CERTPATH and CERTIDENT). It would be better to complain about invalid parameters than to fail later on. Best regards, Arjen -- Please keep list traffic on the list (off-list replies will be rejected)

We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn''t get it to work. I don''t know if i got the URL right, i did not find any examples on the REST API documentation for the

...cation driver 0.33 Using subdriver: MGE HID 1.39 nut=standalone for my config I create my conf files: /etc/nut/ups.conf [850PRO] driver = usbhid-ups port = auto desc = "850PRO" /etc/nut/upsd.conf STATEPATH /var/run/nut MAXCONN 1024 # CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem CERTPATH /etc/letsencrypt/live/REDACTED/ # CERTIDENT "my nut server" "MyPasSw0rD" # CERTREQUEST REQUIRE # - 0 to not request to clients to provide any certificate # - 1 to require to all clients a certificate # - 2 to require to all clients a valid certificate LISTEN ::1 3493 LISTEN 1...

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

...ces / NSS Certificate DB: password configured 0.002348 Connected to UPS [eaton]: dummy-ups-eaton 2.592014 SSL handshake done successfully with client 172.28.65.5 2.593174 User nut_nut at 172.28.65.5 logged into UPS [eaton] (SSL) My upsd.conf file is as follows: LISTEN 0.0.0.0 CERTPATH /etc/nut/cert_db/ CERTIDENT Nut\ Server <password here> Permissions on /etc/nut and /etc/nut/cert_db are 0650 while all the files are 640. Everything is owned by user 'root', group 'nut'. What can cause this? Thanks, Gareth

Hello list, I'm desperately trying to get the latest Oxalis software (https://github.com/difi/oxalis ) to run in Tomcat on CentOS 6.9 but I'm getting a obscure Java error. Something about a a method not found: Java.lang.NoSuchMethodError: sun.security.provider.certpath.OCSP.check(Ljava/security/cert/X509Certif Has anyone succesfully implemented this on CentOS 6.x ? Tomcat is running fine behind Apache. All software up to date. Tried many things already, also install Oxalis from source but that fails with different problems. I found that OSCP checking is defau...

...al:5000/v1/users/: x509: certificate is not valid for any names, but wanted to match repo.local ? > curl -v https://repo.local:5000/v1/users/ * About to connect() to repo.local port 5000 (#0) * Trying 1xx.xx.x.xx... * Connected to repo.local (1xx.xx.x.xx) port 5000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=repo.local,OU=OU,O=Enterprise,L=City,ST=Country,C=DE * start date: Okt 09 14:31:40 2017 GMT * expire dat...

...2019-08-29 17:23:17,345 opening local file "/var/cache/yum/x86_64/7/epel/metalink.xml.tmp" with mode wb * About to connect() to mirrors.fedoraproject.org port 443 (#29) * Trying 8.43.85.67... * Connected to mirrors.fedoraproject.org (8.43.85.67) port 443 (#29) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Feb 01 00:00:00 2017 GMT * expire date: May 01 12:00:00 2020 GMT * common name: *.fedoraproject...

I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing

I'm using acme.sh to get my Let's Encrypt certificates.? The install command is: acme.sh --installcert -d imap.example.com \ ??????? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ??????? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ??????? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ??????? --reloadcmd???? "systemctl reload dovecot.service" Notice the --reloadcmd. Bill On 12/26/2017 6:16 PM, Aki Tuomi wrote: >> On December 26, 2017...

Hello All 2015-03-26 9:03 GMT+01:00 Arnaud Quette <arnaud.quette at gmail.com>: > > > What I will do is to move ssl initializing after usering and forking, > than add key file right checking where ssl was initialized before (before > forking). > > As keys should be owned by nut user, this would not be a problem. > > And moving this code, independently of SSL

.../nut → certutil -K -d dbm:NSS_db certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa df7b376946c8cfe59d74095dfc4b882d081b981b gold My upsd.conf is # upsd.conf LISTEN 0.0.0.0 3493 CERTPATH /etc/nut/NSS_db CERTIDENT gold sekret but when I run systemctl start nut-server I get the message Jul 10 15:02:51 gold upsd[15961]: Connected to UPS [heartbeat]: dummy-ups-heartbeat Jul 10 15:02:51 gold upsd[15961]: Connected to UPS [Eaton]: usbhid-ups-Eaton Jul 10 15:02:51 gold upsd[15961]: l...

...py with your SSL cert it will throw an error like this: [chip at machine ~]$ curl -v https://example.com:8001/mountpoint About to connect() to example.com port 8001 (#0) Trying 192.168.1.50… connected Connected to example.com (192.168.1.50) port 8001 (#0) Initializing NSS with certpath: sql:/etc/pki/nssdb CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Peer’s certificate issuer is not recognized: ‘CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US’ NSS error -8179 Closing connection #0 Peer certificate cannot be authenticated with known CA certi...

...* Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0 * About to connect() to www.kraxel.org port 443 (#0) * Trying 217.197.83.6... * Connected to www.kraxel.org (217.197.83.6) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Error in TLS handshake, trying SSLv3... > GET /repos/jenkins/repodata/repomd.xml HTTP/1.1...

On 8/30/19 5:52 AM, Gary Stainburn wrote: > Incidentally, the*good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran It's possible that the error is unrelated to the ca-certificates file.? You'll only see it if yum selects a mirror that uses a Let's Encrypt