Displaying 9 results from an estimated 9 matches for "digitalsignatur".
Did you mean:
digitalsignature
2016 Apr 19
2
VPN suggestions centos 6, 7
...t in my openssl.cnf file. Lots of bits
>ellided for clarity's sake:
>
>### start ###
>[ ca ]
>default_ca = CA_default
>
>[ CA_default ]
>x509_extensions = server_cert
>
>[ server_cert ]
>basicConstraints=CA:FALSE
>keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment
>extendedKeyUsage = serverAuth, clientAuth
>nsCertType = server, client
>### end ###
>
>I think the nsCertType directive may be unnecessary these days, but
>I keep it around because it doesn't hurt anything.
>
>The important bit is the extendedKeyUsage...
2023 Nov 02
2
Issues with AD trusts and UID/GID ranges
...sistent:%{uid} [realms]
CUSTOMER.TLD = {
kdc = ad.customer.tld
admin_server = ad.customer.tld
default_domain = customer.tld
pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem
pkinit_cert_match = <KU>digitalSignature
pkinit_kdc_hostname = ad.customer.tld
}
CORPORATE.TLD = {
kdc = ad.corporate.tld
admin_server = ad.corporate.tld
default_domain = corporate.tld
pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem...
2016 Apr 18
2
VPN suggestions centos 6, 7
>
>
>Folks
>
>I would like to have my windows 7 laptop communicate with my home
>server via a VPN, in such a way that it appears to be "inside" my
>home network. It should not only let me appear to be at home for
>any external query, but also let me access my computers inside my home.
>
>I already have this working using M$'s PPTP using my home
2016 Apr 18
0
VPN suggestions centos 6, 7
...n the right place.
Here's how I managed that in my openssl.cnf file. Lots of bits ellided
for clarity's sake:
### start ###
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = server_cert
[ server_cert ]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
nsCertType = server, client
### end ###
I think the nsCertType directive may be unnecessary these days, but I
keep it around because it doesn't hurt anything.
The important bit is the extendedKeyUsage line; I'm pretty sure that...
2010 May 15
1
SSL Bug
...ndedKeyUsage = 1.3.6.1.5.5.7.3.1
If you just do that, then the SSL certificate doesn't work in dovecot
(it will work fine in Apache, or Postfix etc etc). You also need the
certificate to be valide for client side work:
[ client_and_server_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.1
I believe this is a fault with Dovecot. This is with the Debian package
for Dovecot 1.2.11 (Version: 1:1.2.11-1). The default self-signed
certificate the Debian post-install script generates pops out a
certificate that is va...
2014 Mar 24
1
Problem with TLS/SRTP with Asterisk 11.8.1
Hi,
I followed the TLS/SRTP tutorial on the wiki [0] using Asterisk 11.8.1
on CentOS 6.5 x86_64 and CSipSimple on a Nexus with Android 4.4.x local
wifi. The phone seems to register but directly after that things fall
apart (turning SELinux off made no difference):
*CLI> -- Registered SIP 'encrypted' at 10.0.0.137:58079
> Saved useragent
2016 Apr 19
0
VPN suggestions centos 6, 7
...clarity's sake:
>>
>> ### start ###
>> [ ca ]
>> default_ca = CA_default
>>
>> [ CA_default ]
>> x509_extensions = server_cert
>>
>> [ server_cert ]
>> basicConstraints=CA:FALSE
>> keyUsage = nonRepudiation, dataEncipherment, digitalSignature,
>> keyEncipherment
>> extendedKeyUsage = serverAuth, clientAuth
>> nsCertType = server, client
>> ### end ###
>>
>> I think the nsCertType directive may be unnecessary these days, but I keep
>> it around because it doesn't hurt anything.
>>...
2002 Jan 31
7
x509 for hostkeys.
...uick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
keyUsage=$ENV::CERTUSAGE
[x509v3_IPAddr]
subjectAltName=IP:$ENV::CERTIP
[x509v3_DNSName]
subjectAltName=DNS:$ENV::CERTDNS
EOF
$ CERTDNS=myipaddr; export CERTDNS
$ openssl req -new...
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...inbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
EXAMPLE.COM = {
pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature
pkinit_eku_checking = kpServerAuth
pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so
pkinit_kdc_hostname = example.com
}
[appdefaults]
pam = {
mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM
}
```
>From what I understand, that works because I have `krb5_auth = yes` in pam_winbind.con...