search for: certpath

Displaying 20 results from an estimated 24 matches for "certpath".

2016 Dec 28
2
certificates keys on pkcs11 devices
Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,
2011 Jan 07
1
[nut-commits] svn commit r2809 - branches/ssl-nss-port/server
Citeren Emilien Kia <emilienkia-guest op alioth.debian.org>: > Author: emilienkia-guest > Date: Fri Jan 7 14:44:25 2011 > New Revision: 2809 > URL: http://trac.networkupstools.org/projects/nut/changeset/2809 > > Log: > Deprecate CERTFILE conf var to the benefit of CERTPATH : homogenize > conf directive names. > > Modified: > branches/ssl-nss-port/server/conf.c This patch breaks existing OpenSSL installations without valid reason, so I don't think this is a good idea. It would be better to use CERTFILE if OpenSSL is used and CERTPATH (and fr...
2011 Jan 13
1
SSL certificate verification with OpenSSL in NUT trunk
...#39;s certificate verifications discussion in the mailing-list, I have done some tests with nut trunk and - if my config is not too bad - I think ther is a bug with server certificate verification. With a clean trunk checkout, compile and installation; and with the following config : upsmon.conf: CERTPATH /usr/local/ups/etc/cert/ CERTVERIFY 1 FORCESSL 1 Upsd.conf: CERTFILE /usr/local/ups/etc/upsd1.pem And /usr/local/ups/etc/cert/ is empty (no file). When I start upsd and upsmon, there is a valid SSL connection between them. So, do I misunderstand CERTVERIFY directive ? Or is there a bug ? Can yo...
2020 Oct 06
2
Accessing SSH key path using SSH_ASKPASS and passwordstore
Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used
2017 Sep 09
1
Dovecot and Letsencrypt certs
If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: > On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutl...
2011 Jan 07
2
[nut-commits] svn commit r2804 - in branches/ssl-nss-port: clients server
...andled in 'netssl.c', not here. We really don't want to mess with this here, to prevent having to change 'conf.c' too often when something changes in the NSS code. Likewise, it would be useful if this would only be compiled in if the NSS library is actually used (same for CERTPATH and CERTIDENT). It would be better to complain about invalid parameters than to fail later on. Best regards, Arjen -- Please keep list traffic on the list (off-list replies will be rejected)
2011 Jun 27
12
Ruby script to download files without 'puppet agent'
We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn''t get it to work. I don''t know if i got the URL right, i did not find any examples on the REST API documentation for the
2018 Jun 19
2
upsmon Can not initialize SSL context (letsencrypt) #563
...cation driver 0.33 Using subdriver: MGE HID 1.39 nut=standalone for my config I create my conf files: /etc/nut/ups.conf [850PRO] driver = usbhid-ups port = auto desc = "850PRO" /etc/nut/upsd.conf STATEPATH /var/run/nut MAXCONN 1024 # CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem CERTPATH /etc/letsencrypt/live/REDACTED/ # CERTIDENT "my nut server" "MyPasSw0rD" # CERTREQUEST REQUIRE # - 0 to not request to clients to provide any certificate # - 1 to require to all clients a certificate # - 2 to require to all clients a valid certificate LISTEN ::1 3493 LISTEN 1...
2019 Aug 29
2
I broke "yum update" - C7
Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>
2017 Aug 31
1
Can not inialize SSL connection
...ces / NSS Certificate DB: password configured 0.002348 Connected to UPS [eaton]: dummy-ups-eaton 2.592014 SSL handshake done successfully with client 172.28.65.5 2.593174 User nut_nut at 172.28.65.5 logged into UPS [eaton] (SSL) My upsd.conf file is as follows: LISTEN 0.0.0.0 CERTPATH /etc/nut/cert_db/ CERTIDENT Nut\ Server <password here> Permissions on /etc/nut and /etc/nut/cert_db are 0650 while all the files are 640. Everything is owned by user 'root', group 'nut'. What can cause this? Thanks, Gareth
2017 Aug 10
0
E-invoicing to OpenPeppol with Oxalis on CentOS anyone ?
Hello list, I'm desperately trying to get the latest Oxalis software (https://github.com/difi/oxalis ) to run in Tomcat on CentOS 6.9 but I'm getting a obscure Java error. Something about a a method not found: Java.lang.NoSuchMethodError: sun.security.provider.certpath.OCSP.check(Ljava/security/cert/X509Certif Has anyone succesfully implemented this on CentOS 6.x ? Tomcat is running fine behind Apache. All software up to date. Tried many things already, also install Oxalis from source but that fails with different problems. I found that OSCP checking is defau...
2018 Jun 07
0
Docker Update 1.13.1-53 -> 1.13.1-63 certificate error
...al:5000/v1/users/: x509: certificate is not valid for any names, but wanted to match repo.local ? > curl -v https://repo.local:5000/v1/users/ * About to connect() to repo.local port 5000 (#0) * Trying 1xx.xx.x.xx... * Connected to repo.local (1xx.xx.x.xx) port 5000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=repo.local,OU=OU,O=Enterprise,L=City,ST=Country,C=DE * start date: Okt 09 14:31:40 2017 GMT * expire dat...
2019 Aug 30
0
I broke "yum update" - C7
...2019-08-29 17:23:17,345 opening local file "/var/cache/yum/x86_64/7/epel/metalink.xml.tmp" with mode wb * About to connect() to mirrors.fedoraproject.org port 443 (#29) * Trying 8.43.85.67... * Connected to mirrors.fedoraproject.org (8.43.85.67) port 443 (#29) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Feb 01 00:00:00 2017 GMT * expire date: May 01 12:00:00 2020 GMT * common name: *.fedoraproject...
2017 Dec 26
2
Renewing certificates
I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing
2017 Dec 27
1
Renewing certificates
I'm using acme.sh to get my Let's Encrypt certificates.? The install command is: acme.sh --installcert -d imap.example.com \ ??????? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ??????? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ??????? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ??????? --reloadcmd???? "systemctl reload dovecot.service" Notice the --reloadcmd. Bill On 12/26/2017 6:16 PM, Aki Tuomi wrote: >> On December 26, 2017...
2015 Apr 04
1
SSL only working in DEBUG mode
Hello All 2015-03-26 9:03 GMT+01:00 Arnaud Quette <arnaud.quette at gmail.com>: > > > What I will do is to move ssl initializing after usering and forking, > than add key file right checking where ssl was initialized before (before > forking). > > As keys should be owned by nut user, this would not be a problem. > > And moving this code, independently of SSL
2018 Jul 10
0
NSS on Debian Stretch with libnss3: Can not initialize SSL context
.../nut → certutil -K -d dbm:NSS_db certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa df7b376946c8cfe59d74095dfc4b882d081b981b gold My upsd.conf is # upsd.conf LISTEN 0.0.0.0 3493 CERTPATH /etc/nut/NSS_db CERTIDENT gold sekret but when I run systemctl start nut-server I get the message Jul 10 15:02:51 gold upsd[15961]: Connected to UPS [heartbeat]: dummy-ups-heartbeat Jul 10 15:02:51 gold upsd[15961]: Connected to UPS [Eaton]: usbhid-ups-Eaton Jul 10 15:02:51 gold upsd[15961]: l...
2020 Feb 07
0
Icecast streaming https
...py with your SSL cert it will throw an error like this: [chip at machine ~]$ curl -v https://example.com:8001/mountpoint About to connect() to example.com port 8001 (#0) Trying 192.168.1.50… connected Connected to example.com (192.168.1.50) port 8001 (#0) Initializing NSS with certpath: sql:/etc/pki/nssdb CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Peer’s certificate issuer is not recognized: ‘CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US’ NSS error -8179 Closing connection #0 Peer certificate cannot be authenticated with known CA certi...
2014 Oct 18
0
curl: (35) Cannot communicate securely with peer:
...* Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0 * About to connect() to www.kraxel.org port 443 (#0) * Trying 217.197.83.6... * Connected to www.kraxel.org (217.197.83.6) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Error in TLS handshake, trying SSLv3... > GET /repos/jenkins/repodata/repomd.xml HTTP/1.1...
2019 Aug 30
4
I broke "yum update" - C7
On 8/30/19 5:52 AM, Gary Stainburn wrote: > Incidentally, the*good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran It's possible that the error is unrelated to the ca-certificates file.? You'll only see it if yum selects a mirror that uses a Let's Encrypt