search for: democa

..._PublicKey:unknown public key type debug3: ssh_x509_verify: return 0 key_verify failed for server_host_key ######################## # sshd server - test run ######################## debug2: read_server_config: filename /usr/local/etc/sshd_config debug3: x509rsa sigtype=0 debug2: hash dir '/root/demoCA' added to x509 store debug2: file '/root/.ssh/ca-bundle.crt' added to x509 store debug2: hash dir '/usr/local/etc/ca/crl' added to x509 revocation store debug1: sshd version OpenSSH_3.8p1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key b...

...bytes/sec total size is 335 speedup is 0.80 I thought at first it was kashmir that was the problem, but I am able to initiate a sync from kashmir to my Mac: kashmir:~> rsync -avz -e ssh myca archer:/Users/mikec/tmp mikec@archer's password: building file list ... done myca/ myca/CA.pl myca/demoCA/ [...] myca/mail.aviate.org.pem myca/newreq.pem wrote 7454 bytes read 148 bytes 50.51 bytes/sec total size is 11967 speedup is 1.57 kashmir:~> Archer -> Kashmir also works fine: [archer:~/Pictures] mikec% rsync -avz -e ssh ~/Pictures kashmir:/export/home/mikec/temp/tmp rsync: open connec...

...############################################## LDAP CONF: -------------------------- ######################## # certificats et clefs TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem TLSCertificateFile /opt/openldap/pem/ldapcert.pem TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem ############################################## SMB CONF: -------------------------- # LDAP: ldap server = obiwan ldap port = 389 ldap suffix = "ou=samba, dc=obiwan,dc=fr" # LDAP SSL: ldap ssl = no # Root LDAP ldap admin dn = "cn=Manager,dc=obiwan,d...

...te or Province Name (full name) [Some-State]:Noordholland Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Internet Widgits Pty Ltd]:AHM Organizational Unit Name (eg, section) []:Suckers from Hell Common Name (eg, YOUR name) []:smb.ahm.nl Email Address []:. % This creates demoCA/cacert.pem and demoCA/private/cakey.pem (CA cert and private key). Make your server certificate signing request (CSR): Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:Noordholland Locality Name (eg, city) []:Amsterdam Organization Name (eg, company) [Inter...

...rootdn can always read and write EVERYTHING! # equivalent to TLS_CACERT TLSCertificateFile /etc/ssl/ldapcert.pem # selbst-signiertes Zertifikat # equivalent to TLS_KEY TLSCertificateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivalent to TLS_CERT TLSCACertificateFile /etc/ssl/demoCA/cacert.pem # Certificate Authority # this is equivalent to TLS_REQCERT #TLSVerifyClient allow #TLSVerifyClient try #TLSVerifyClient demand #Verfahrensweise TLSCipherSuite HIGH:MEDIUM:+SSLv2 ####################################################################### # BDB...

Dear sir, I have to set up a mail gateway which will be explored to Internet and a secure mail server in the Intranet. I need a smart imap proxy in the mail gateway which will fetch the mail from server and present to user through either a stand alone mail client or a web mail client. All authentication is through ldap server. I have installed Dovecot 2.2 Unstable in my Ubuntu 12.04 with ssl

Hi all, I've been searching the lists and web for an answer but i'm stumped hope some one here has an answer for me. As I'm new to this sysadmin role. I have set up OpenLDAP to authenticate our linux users and exim MTAs. This all works fine with OpenLDAP only providing a ldaps:/// connection on 636. However I cannot for the life of me get samba to speak tls to it. I've seen

...M8/${EXTEN:0},30,rt) [general] tlsenable=yes tlsbindaddr=172.16.200.60 ;tlsprivatekey=/usr/local/ssl/misc/asteriskkey.pem ;tlscertfile=/usr/local/ssl/misc/asteriskcert.pem tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL ;tlscafile=/usr/local/ssl/misc/demoCA/cacert.pem tlsclientmethod=tlsv1 [6001] type=friend secret=erasmus123 callerid="Mitch-MacBook" <6001> ;nat=yes host=dynamic ;canreinvite=no context=myphones allow=ulaw allow=gsm allow=g726 ;transport=udp transport=tls encryption=yes port=5061 regexten=6001 [6002] type=friend secre...

...nt. However, when I first set a very long password, it couldn't work.) (2) Common name must be used as fully qualified domain name. For example: mis3.fgs.org.tw mis3# openssl req -new -nodes -keyout newreq.pem -out newreq.pem mis3# ../misc/CA.sh -sign mis3# cp demoCA/cacert.pem . mis3# mv newcert.pem servercrt.pem mis3# mv newreq.pem privatekey.pem mis3# chmod 600 privatekey.pem Reference: http://www.openldap.org/faq/data/cache/185.html (b) Configure OpenLDAP (1) Open /usr/local/etc/openldap/lapd.conf (OpenLDAP clien...

...e (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax tls_ciphers HIGH:MEDIUM:SSLv2 # C...

...e (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax tls_ciphers HIGH:MEDIUM:SSLv2 # Cl...