search for: geotrust

Hi I have renew my geotrust certificate using sha2, and I have problem with Dovecot 2.0.9 and redhat 6.7. The same certificate is working in Apache. The error is dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. and the configuration file is ssl_cert=</etc/pki/dovecot/certs/2015/ne...

...rom the backend. The inode atime of ca-root-nss.crt is never updated, either at Dovecot start or when it connects to the backend, so Dovecot (via the openssl library) never reads the file. Sep 20 19:59:48 dovecot: pop3-login: Invalid certificate: unable to get local issuer certificate: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G4 Sep 20 19:59:48 dovecot: pop3-login: Invalid certificate: certificate not trusted: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA - G4 Sep 20 19:59:48 dovecot: pop3-login: Error: proxy: Received invalid SSL certificate...

...erify the first certificate verify return:1 It look likes dovecot lmtp send 3 times the same certificate. I made the same test for imap in the same dovecot instance: #openssl s_client -connect localhost:143 -showcerts -starttls imap -CApath /etc/ssl/certs/ CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3 verify return:1 depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl verify return:1 For imap it look...

If any of you have been so bold as to install the Shorewall CA Certificate in your browser(s), the current certificate will expire on 11/13. There is a new 10-year certificate available for installation at: http://lists.shorewall.net/Shorewall_CA_html.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

...inet_listener sieve { port = 14190 } inet_listener sieve_deprecated { port = 12000 } inet_listener sieves { port = 14191 ssl = yes } } service pop3 { process_limit = 4096 } service stats { fifo_listener stats-mail { mode = 0666 } } ssl_ca = </etc/pki/tls/certs/geotrust-intermediate.pem ssl_cert = </etc/pki/tls/certs/wildcard-geotrust.geneseo.edu.pem ssl_key = </etc/pki/tls/private/wildcard-geotrust.geneseo.edu.key userdb { driver = passwd } verbose_proctitle = yes protocol lmtp { mail_plugins = zlib quota mail_log notify fts fts_squat stats sieve } prot...

...s, I haven't had to "purchase" and do it "myself" for some time. i always had someone else dealing with it. I am wondering what you folks on the list are using on your centos web and mail servers :-) Are you making your own or are you purchasing them from godaddy, thawte, geotrust, verisign, others? What is the best and the least expensive implementation that most browsers and other clients are happy with without phone calls to admins or the NOC or other problems? Thanks for your feedback in advance. - rh -- Abba Communications Spokane, WA www.abbacomm.net

...urn:1 > > It look likes dovecot lmtp send 3 times the same certificate. > I made the same test for imap in the same dovecot instance: > > #openssl s_client -connect localhost:143 -showcerts -starttls imap -CApath > /etc/ssl/certs/ > CONNECTED(00000003) > depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA > verify return:1 > depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3 > verify return:1 > depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = > Domain Control Validated - RapidSSL(R), CN = mail.active24.pl > ver...

...-postscript-imap user = root } service imap { executable = imap imap-postlogin } service pop3-postlogin { executable = script-login /usr/local/sbin/dovecot-postscript-pop3 user = root } service pop3 { executable = pop3 pop3-postlogin } ssl_ca = </usr/share/ssl/certs/mail_artio_net-2012-geotrust.ca ssl_cert = </usr/share/ssl/certs/mail_artio_net-2012-geotrust.crt ssl_key = </usr/share/ssl/private/mail_artio_net-2012-geotrust.key userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol lda { mail_plugins = sieve quota } protocol imap { mail_max_userip_connec...

...tinue to reviewboard.asterisk.org. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. Websites prove their identity via certificates, which are issued by certificate authorities. Most browsers no longer trust certificates issued by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign. reviewboard.asterisk.org uses a certificate from one of these authorities and so the website’s identity cannot be proven. I see that the cert is signed by RapidSSL Doug

Hi, I need to add my own and other/new self-signed ca/root cert in CentOS pki database/system, for all/most type of apps to use. Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from https://fedoraproject.org/keys site, which is using root cert with following info: CN = GeoTrust Global CA O = GeoTrust Inc. C= US MD5 f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 I have tried: wget https://fedoraproject.org/static/DE7F38BD.txt But 'wget' showed following warning, its not able to verify cert & failing to download file over HTTPS : [wget msg] ... Connecting to f...

Hello anyone used OpenSSL before? Why do we need to pay for expensive SSL certs when there is OpenSSL which is provided free? Is there a difference? I''ve got an ecommerce website, and wondering if OpenSSL is enough? Your thoughts will be appreciated -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this

...r lmtp { port = 124 } } service managesieve-login { inet_listener sieve { port = 14190 } inet_listener sieve_deprecated { port = 12000 } } service pop3 { process_limit = 4096 } service stats { fifo_listener stats-mail { mode = 0666 } } ssl_ca = </etc/pki/tls/certs/geotrust-intermediate.pem ssl_cert = </etc/pki/tls/certs/wildcard-geotrust.geneseo.edu.pem ssl_key = </etc/pki/tls/private/wildcard-geotrust.geneseo.edu.key userdb { driver = passwd } verbose_proctitle = yes protocol lmtp { mail_plugins = zlib quota mail_log notify fts fts_squat stats sieve } prot...

...ded root CAs shipped with Firefox by manually removing all of their trust flags. I do the same with any other browser I use. I then add back in those trusts essential for my browser operation as empirical evidence warrants. So I must trust certain DigiCert certificates for GitHub and DuckDuckGo, GeoTrust for Google, COMODO for Wikipedia, and so forth. These I set the trust flags for web services only. The rest can go pound salt as we used to say. [1] https://nakedsecurity.sophos.com/2013/12/09/serious-security-google-finds-fake-but-trusted-ssl-certificates-for-its-domains-made-in-france/ -- **...

...forwarding Not authoritative for 'api.twitter.com', forwarding Not authoritative for 'api.twitter.com', forwarding Not authoritative for 'clients1.google.com', forwarding Not authoritative for 'clients1.google.com', forwarding Not authoritative for 'rapidssl-ocsp.geotrust.com', forwarding Not authoritative for 'rapidssl-ocsp.geotrust.com', forwarding Not authoritative for 'gtglobal-ocsp.geotrust.com', forwarding Not authoritative for 'gtglobal-ocsp.geotrust.com', forwarding Not authoritative for 'ocsp.verisign.com', forwarding Not...

...esieve-login { inet_listener sieve-local { address = 127.0.0.1 port = 4190 } inet_listener sieve { address = 192.168.120.70 port = 4190 } process_min_avail = 5 service_count = 1 vsz_limit = 64 M } ssl = required ssl_ca = /var/CA/ctfn.ca/RapidSSLWildcard/2017/geotrust.intermediate.pem ssl_cert = <//var/CA/ctfn.ca/RapidSSLWildcard/2017/ctfn.ca.pem ssl_client_ca_dir = /etc/ssl/certs ssl_key = # hidden, use -P to show it userdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext default_fields = uid=vmail gid=vmail imapc_password=%w home=/CTFN/mail/%Ln...

...erisk.org. If you visit this site, attackers could try to > steal information like your passwords, emails, or credit card details. > > Websites prove their identity via certificates, which are issued by > certificate authorities. Most browsers no longer trust certificates issued > by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign. > reviewboard.asterisk.org uses a certificate from one of these authorities > and so the website’s identity cannot be proven. > > I see that the cert is signed by RapidSSL > Reviewboard is a legacy site and will likely be shutdown. Is there...

Trying to setup UM with Office 365 which requires TLS. I've tried under 1.8.5.0 and under 1.6.2.16.1 and I get the same error: [Aug 11 06:50:20] VERBOSE[3023] tcptls.c: SSL certificate ok [Aug 11 06:50:20] VERBOSE[3023] tcptls.c:?? == Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0) [Aug 11 06:50:20] WARNING[3023] tcptls.c: FILE * open failed! Following the

...> Firefox by manually removing all of their trust flags. I do the same > with any other browser I use. I then add back in those trusts > essential for my browser operation as empirical evidence warrants. > So I must trust certain DigiCert certificates for GitHub and > DuckDuckGo, GeoTrust for Google, COMODO for Wikipedia, and so forth. > These I set the trust flags for web services only. The rest can go > pound salt as we used to say. > > > [1] > https://nakedsecurity.sophos.com/2013/12/09/serious-security-google-finds-fake-but-trusted-ssl-certificates-for-its-d...

...d (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * Server certificate: * subject: CN=*.free-mobile.fr * start date: 2016-05-24 00:00:00 GMT * expire date: 2018-06-23 23:59:59 GMT * subjectAltName: smsapi.free-mobile.fr matched * issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA * SSL certificate verify ok. > GET /sendmsg?user=195xxxxxx&pass=jeXXUxxxxxxxxx&msg=Coupure%20electrique HTTP/1.1 > User-Agent: curl/7.38.0 > Host: smsapi.free-mobile.fr > Accept: */* > < HTTP/1.1 200 OK * Server nginx is not blacklisted &...

Hello, Well... thanks to the input of all of you I have my dovecot->ldap connection working for almost all of my clients, however... on outlook, a message for certificates being trusted comes up, the user clicks yes and connection fails. Questions: Do I have to get an ssl certificate to make it work? ( cost ouch!) Is there a way around this using my own self-signed certificates? Is there