search for: certutil

Hi, I try to add a certificate to a fresh certificate db, but the trust attributes are not set as expected. Neither can I change tham. The cert/pem is valid and double checked :) Any idea/suggestion? certutil -N -d certdb-test certutil -A -n "foobar" -t "u,u,u" -d certdb-test/ -i foobar.pem certutil -L -d certdb-test/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI foobar...

...setup ssl.* ########################################################################### - vi pin.txt secretpw - Create a noise file for the encryption vi noise.txt dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk - Create the key and certificate databases database certutil -N -d . -f pin.txt (results, makes 3 files with db extension) - Generate the encryption key certutil -G -d . -z noise.txt -f pin.txt - Generate the self-signed CA certificate certutil -S -n "CA Certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 9999 -...

...ive it a few Days, the client will retrieve the actual crl faster. But the auth still works. I have tried it. I revoked an cert. Installed a new win10 client and joined the domain. After login with the revoked p12 cert on a yubikey, i can see he queries the CDP and still allows the login. With certutil and a cert in DER format, i tried this: certutil -f -urlfetch -verify testus-cert.cer The output says that the cert is revoked. But login was granted. That is completly strange. Someone an Idea? Am 19.07.2023 um 14:08 schrieb Andrey Repin via samba: > Hello Hans Schulze, > > Wednesday...

...4 to work with NSS support as provided by libnss3 2:3.26.2 on Debian stretch. Currently NSS supports two database formats identified by prefixes "sql:" for the new database and "dbm:" for the legacy database. I created the NSS database in directory /etc/nut with command certutil -N -d dbm:NSS_db --empty-password I copied over public key and certificate from a working NUT+OpenSSL installation and checked them as follows: List certificates: root at gold /etc/nut # certutil -L -d dbm:NSS_db Certificate Nickname Trust Attributes SS...

...l retrieve the > actual crl faster. But the auth still works. > > I have tried it. I revoked an cert. Installed a new win10 client and > joined the domain. After login with the revoked p12 cert on a yubikey, > i can see he queries the CDP and still allows the login. > > With certutil and a cert in DER format, i tried this: > > certutil -f -urlfetch -verify testus-cert.cer > > The output says that the cert is revoked. But login was granted. That > is completly strange. > > Someone an Idea? > > Am 19.07.2023 um 14:08 schrieb Andrey Repin via samba: &gt...

..., I upgraded from 5.3 to 5.4 today on a vpn gateway using openswan. After the upgrade the vpn stopped working. From what I could tell the new version of openswan uses NSS. I tried following the instructions in this thead https://bugzilla.redhat.com/show_bug.cgi?id=508107 without success. # certutil -N -d sql:/etc/ipsec.d certutil: function failed: security library: bad database. If I ran the command without the sql: like this # certutil -N -d sql:/etc/ipsec.d it would create the database files. I would then execute # modutil -fips true -dbdir /etc/ipsec.d followed by # /usr/sbin/...

...an installation? > > > > ------------------------------ > > Message: 19 > Date: Fri, 29 May 2015 09:45:24 +0200 > From: G?tz Reinicke - IT Koordinator <goetz.reinicke at filmakademie.de> > To: CentOS <centos at centos.org> > Subject: [CentOS] NSS Tools certutil buggy ? Centos 6 nss-tools-3.18.0 > Message-ID: <55681914.1040504 at filmakademie.de> > Content-Type: text/plain; charset="utf-8" > > Hi, > > I try to add a certificate to a fresh certificate db, but the trust > attributes are not set as expected. Neither can...

...no option to continue. I know this is gecko related quiestion, but I'm looking for some way to import self signed certificate or to configure gecko to accept it automatically. I found this site https://www.security.spodhuis.org/ where is described how to import certificate with console program certutil, but I cannot find .db file in ~/.wine directory. Any suggestions would be appreciated. P.S. Installng of other browser (i.e. Firefox for windows) is not a solution, because I'm using software that calls the default browser to render some windows, so installin firefox for windows doesn't...

On Friday 31 May 2019 01:29:51 am Manuel Wolfshant wrote: > On 5/31/19 6:54 AM, Gene Heskett wrote: > > Greetings all; > > > > gene at coyote:~$ upsc myups > > Init SSL without certificate database > > battery.charge: 100 > > battery.charge.low: 30 > > [yadda yadda] > > > > Is there a certificate package I should install? > > >

...me to believe the problem is with my certificates. I have even tried the firefox-db2pem.sh, I am not sure it did anything. Does curl need to be recompiled with nss support? Is there a package I need to compile? nss 3.17.2 is installed, non of the man page work. Looking deeper into the nss, # certutil -L certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. I think there is something wrong with my nss certificates, but I have run out of time. Any suggestions. This is on a brand new installation Fedora 20 and Centos 7, I have not...

...e the StartTLS instruction: Connect error Failed to join domain: failed to connect to AD: Connect error I have done below steps:- 1. Configure secure ldap ssl on Active directory. Youtube link <https://www.youtube.com/watch?v=JFPa_uY8NhY> which i refereed. 2. Obtain client certificate. certutil -ca.cert client.crt 3. Copy client certificate to linux machine. 4. run net ads join -U Administrator command *My ldap .conf* cat /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI...

...vailable. Users on Windows 10 v1909 or v2004. This does not happen to all users. We have users connecting to one of our environments using OpenVPN. We have been using the cryptoapicert option in the OpenVPN config and having it reference a certificate/key we import to the user's account using certutil (ex. "certutil -user -importpfx mycertkeypair.p12 NoExport") with the NoExport option (or via mmc). (NoExport is so they can't export private key and move to another system). When the user changes their domain password then tries to connect to the VPN, they get these errors below. If...

...e some time pulling my hair out and trying to figure out why NUT wasn't working properly with SSL enabled. I tried several approaches until I found something interesting. I'm using NUT 2.7.1 in Ubuntu Server 14.04 Trusty Tahr After properly configuring a self signed certificate with "certutil" from libnss3-tools, there was no way to get proper SSL connection eventhough upsd didn't complain in logs. Shell# upsc TEST Init SSL without certificate database Connecting in SSL to 'localhost' (no certificate name specified) Error while connecting to localhost, disconnect Error...

...39;t quickly check, so would fathom a guess that NUT > codebase did not have a reason to bother yet to support that. > Otherwise, your points (4) and (5) make sense and are "doable" > generally, after some effort :) 1. There are miriad of scripts written on top of openssl and certutil that allow implementing a CA and issuance of certificates, with easy-rsa probably leading the lot (and usage basically consists of running ./build-ca followed by ./build-key ( for v2 ) and equivalent parameters passed to the only script that easy-rsa v3 consists of ). Even f-droid provides one...

...in: failed to connect to AD: Connect error >> >> I have done below steps:- >> >> 1. Configure secure ldap ssl on Active directory. Youtube link >> <https://www.youtube.com/watch?v=JFPa_uY8NhY> which i refereed. >> 2. Obtain client certificate. >> certutil -ca.cert client.crt >> 3. Copy client certificate to linux machine. >> 4. run net ads join -U Administrator command >> >> >> *My ldap .conf* >> cat /etc/ldap/ldap.conf >> # >> # LDAP Defaults >> # >> >> # See ldap.conf(5) for detail...

...lkeypk11.so <servername> and in messages, it > reports "ssh-pkcs11-helper: errror:no slots" before failing to let me log > on. > > mark > Assuming 1) that /etc/pki/nssdb/ has been populated with all the appropriate and current gov certificate authorities (CA). certutil -L -d /etc/pki/nssdb/ #list the CAs 2) that you are using the RH/CentOS stock openssh*rpm files. 3) that you have not also gotten a newer card in the same time period, which happens to use a CA that is not in /etc/pki/nssdb/ Have you tried a third different set of ssh commands to use the cac: ln -...

...trying to get a third party application to use the root CA certificate of an SSL proxy - but can't work out how to install the cert for use by all users on CentOS 7 I have the proxy vendor's supplied CA cert in PEM format I can install the cert in a user's home directory using 'certutil' - and the application works OK - but I would like to do 'something' to install this cert somewhere central that will be picked up by all users After a bit of Googling, I've found that by default, EL7 uses 'p11-kit-trust.so' (from the p11-kit-trust package) as a drop-in...

Morning, I am working on enabling the ssl portion of several of my services (https, imaps, ftps, etc). I am using a free certification authorithy (CA) for my certificates. I need to get this CA's root certificate installed in my several windows workstations. All these workstations are part of my samba PDC domain. Is there a way I can use samba, or maybe the logon.bat file, to install this

...ror > Failed to join domain: failed to connect to AD: Connect error > > I have done below steps:- > > 1. Configure secure ldap ssl on Active directory. Youtube link > <https://www.youtube.com/watch?v=JFPa_uY8NhY> which i refereed. > 2. Obtain client certificate. > certutil -ca.cert client.crt > 3. Copy client certificate to linux machine. > 4. run net ads join -U Administrator command > > > *My ldap .conf* > cat /etc/ldap/ldap.conf > # > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable...

...Connect error >>> >>> I have done below steps:- >>> >>> 1. Configure secure ldap ssl on Active directory. Youtube link >>> <https://www.youtube.com/watch?v=JFPa_uY8NhY> which i refereed. >>> 2. Obtain client certificate. >>> certutil -ca.cert client.crt >>> 3. Copy client certificate to linux machine. >>> 4. run net ads join -U Administrator command >>> >>> >>> *My ldap .conf* >>> cat /etc/ldap/ldap.conf >>> # >>> # LDAP Defaults >>> # >>&gt...