search for: digicert

...stan2 ~]# date > Fri 30 Aug 09:45:27 BST 2019 > [root at stan2 ~]# rpm -qa|grep cert > ca-certificates-2018.2.22-70.0.el7_5.noarch > [root at stan2 ~]# That's good. Now please verify that the ca-certificates RPM is healthy: rpm -V ca-certificates In addition you can grep for the DigiCert certificates which are used by the fedoraproject.org mirror servers for EPEL (concentrating on a single broken HTTPS repo for now): # grep "DigiCert" /etc/pki/tls/certs/ca-bundle.crt # DigiCert Assured ID Root CA # DigiCert Assured ID Root G2 # DigiCert Assured ID Root G3 # DigiCert Gl...

...ndle.crt > CApath: none > * Server certificate: > * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North > Carolina,C=US > * start date: Feb 01 00:00:00 2017 GMT > * expire date: May 01 12:00:00 2020 GMT > * common name: *.fedoraproject.org > * issuer: CN=DigiCert SHA2 High Assurance Server > CA,OU=www.digicert.com,O=DigiCert Inc,C=US > * NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER) > * Peer's Certificate issuer is not recognized. So here we are. While the current ca-certificates package of CentOS 7 ca-certificates-2018.2.22-70.0.el7_5.noarch d...

...isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Self-signed SSL Certificate in chain: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA and many other Root certificates are missing ... Greetings, Walter

...occurr. I do not see anywhere where it could have been from any action that I have taken, including deleting the contents of the yum cache. > That's good. Now please verify that the ca-certificates RPM is healthy: > > rpm -V ca-certificates > > In addition you can grep for the DigiCert certificates which are used by > the fedoraproject.org mirror servers for EPEL (concentrating on a single > broken HTTPS repo for now): > > # grep "DigiCert" /etc/pki/tls/certs/ca-bundle.crt > # DigiCert Assured ID Root CA > # DigiCert Assured ID Root G2 > # DigiCe...

...gcwx6h4+UUSLac0LN/i+Q2LcHa6fg/kH59Yt2oIzkJrVRSHn11R8iUHiLgW3X2 XL9BgCZHqI8t3OaJpXLHmvA0pKDIvjFK9+CDcXZWQbZyLlMzGxVyrZfK+rBjL05h QQ3CTy9JJ3/1//AD1mSgog3qSejMQ7ZK01ZZv4lDoEU8ADGFA6VKlV/CiaYz5Ztk -----END CERTIFICATE----- ?1 s:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3 ???i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA -----BEGIN CERTIFICATE----- MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMTQxMTE4...

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

Hi, I recognised some funny behaviour on my server. IMAP clients which won't send an Server Name Indication (SNI) sometimes get the wrong certificate. I would expect that those clients always get the default certificate (of my new domain), instead in about 20 to 50% of connections the certificate of my old domain will be presented. (sample rate was 3 times 30 connections) Clients sending SNI

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard...

On 8/30/19 5:52 AM, Gary Stainburn wrote: > Incidentally, the*good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran It's possible that the error is unrelated to the ca-certificates file.? You'll only see it if yum selects a mirror that uses a Let's Encrypt

...ny more - > most sites show this: > > /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > > /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust > External TTP Network/CN=AddTrust External CA Root > > Self-signed SSL Certificate in chain: /C=US/O=DigiCert > Inc/OU=www.digicert.com/CN=DigiCert Global Root CA > > and many other Root certificates are missing ... > Not sure why they were removed but in the past, root certificates are removed due to problems with the certificate authorities that mean their signatures no longer mean the sit...

...ow this: >> >> /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) >> >> /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust >> External TTP Network/CN=AddTrust External CA Root >> >> Self-signed SSL Certificate in chain: /C=US/O=DigiCert >> Inc/OU=www.digicert.com/CN=DigiCert Global Root CA >> >> and many other Root certificates are missing ... >> > > Not sure why they were removed but in the past, root certificates are > removed due to problems with the certificate authorities that mean > thei...

...b * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Feb 01 00:00:00 2017 GMT * expire date: May 01 12:00:00 2020 GMT * common name: *.fedoraproject.org * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US * NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER) * Peer's Certificate issuer is not recognized. * Closing connection 29 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's Certificate issuer is not recogniz...

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name imap.mail.test.domain.com { ? ssl_cert = </etc/dovecot/ssl/imap.mail.test.do...

...eed to use 443 because of network rules here. I can view the Icecast2 Status pages and listen to a stream, but once I add https:// I get 'Secure Connection Failed' on Firefox and 'This site can’t be reached' from Chrome. Both can view and stream non-ssl content. I have tried both a Digicert and a self-signed cert. I have followed the pem rules from Digicert. I have set the permissions to the user Icecast2 from the group Icecast. I have read almost everything on this and I have tried Walter York's instructions to pre-install a number of packages that icecast needs to successfully e...

> > If you can convince openssl to use it. Does anybody have any hints on how it may be done, if possible at all? Stavros

On 20/12/2018 12:37, Marc Roos wrote: > > You have to create your own ca, and then create the certificate. I doubt > if you will be able to find companies like DigiCert or Comodo to do > this. > > If you want, I can try sign it with our own 'internal' CA. The only > thing you have to do is of course adding our CA to your ca bundle but > that is very easy in CentOS7 > Thank you, Marc. We created our own CA and certificates just fin...

...sdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Feb 01 00:00:00 2017 GMT * expire date: May 01 12:00:00 2020 GMT * common name: *.fedoraproject.org * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US * NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER) * Peer's Certificate issuer is not recognized. * Closing connection 29 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized...

...network rules here. I can view the Icecast2 Status > pages and listen to a stream, but once I add https:// I get 'Secure > Connection Failed' on Firefox and 'This site can’t be reached' from > Chrome. Both can view and stream non-ssl content. >   > I have tried both a Digicert and a self-signed cert. I have followed > the pem rules from Digicert. I have set the permissions to the user > Icecast2 from the group Icecast. I have read almost everything on > this and I have tried Walter York's instructions to pre-install a > number of packages that icecast nee...

Thanks Michael I will check with the free cert lets encrypt to test it. Remo > Il giorno 7 set 2019, alle ore 02:09, Michael Hallager via dovecot <dovecot at dovecot.org> ha scritto: > > ?On 2019-09-07 12:25, remo--- via dovecot wrote: >> What is the best way to adopt multiple certs? >> Thanks. > > /etc/dovecot/conf.d/10-ssl.conf > > Primary SSL

My icecast https stream (https://vertenradio.com:8443/stream) does not work on a Sonos ONE player. It might have something to do with the ssl handshake. >From the developer page from sonos i found this: Some common reasons for SSL handshake failures include: ? Expired certificate: Every certificate has a validity window before it expires. You need to present Sonos with unexpired