search for: hostcert

I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I

...ur clients connect to puppet-$ location.example.com, and if $location is down, we can point the CNAME to another puppet server which has the original puppet-$location in the puppet servers certificate. All puppet servers get the same certificate When we bring on a new DC, we just update the puppet hostcert certificates and send out via puppet. Worked nicely in test, but the first time I do it in real life, it doesn''t quite work that way. Lets see how this works 1. Set all host certs to be the same file in puppet master config hostcert = /local/puppet/etc/ssl/certs/puppet.example.com.pe...

....local with print 8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47 truststore.jks on puppetdb has ''puppetdb ca'' with print 62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E $ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master --configprint hostcert` /etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK (yes, I have the SSL certs in /etc/puppet) If someone could help, that would be great. I''m running in circles here. *Thanks!* kl [1] http://docs.puppetlabs.com/puppetdb/1.3/connect_puppet_master.html -- You received this message be...

...user, execute doveadm expunge mailbox Spam37 savedbefore 3day #User's actual cmd doveadm who #The simplest possible command, for testing It says: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/hostcerts/hostw.cia: Permission denied The actual EPERM occurs trying to traverse a directory in /etc/letsencrypt, but the next configuration item to be read (in the SSL section) is the host's private key, and the user is surely not ever going to get permission to read that. (I did test giving the us...

...veadm expunge mailbox Spam37 savedbefore 3day #User's actual cmd > doveadm who #The simplest possible command, for testing > It says: > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: > Can't open file /etc/ssl/hostcerts/hostw.cia: Permission denied This was mentioned before on this list. See https://dovecot.org/pipermail/dovecot/2020-August/119650.html how to solve this. > The actual EPERM occurs trying to traverse a directory in /etc/letsencrypt, > but the next configuration item to be read (in the S...

...TES:ssl handshake failure rsync: writefd_unbuffered failed to write 5 bytes: phase "unknown": Broken pipe rsync error: error in rsync protocol data stream (code 12) at io.c(836) The server side was run from xinetd like this: server_args = --daemon --ssl --ssl-cert=/pathto/patricia-hostCert.pem --ssl-key=/pathto/patricia-hostKey.pem The server's cert is signed by the CA cert referenced on the client. Does anyone got this patch to work? How should I have set this up? Regards, Graham --

I''m getting certificate errors when I attempt to run puppetd on the puppetmaster. As near as I can tell, this is because I''m using the same puppet.conf for both puppetd and puppetmasterd; but puppetmaster runs as user "puppet" and puppetd runs as user "root", yet both expect the certificates to be readable and chmod 600. I tried telling puppetd to use

...g/dovecot1 mail_location = mbox:/var/spool/vhosts/%d/dovecotprivate/%n:INBOX=/var/spool/vhosts/%d/%n !include /etc/dovecot/conf.d/*.conf passdb { args = /etc/dovecot/passwd driver = passwd-file } userdb { args = /etc/dovecot/passwd driver = passwd-file } ssl_cert = < /etc/dovecot/ssl/hostcert.pem ssl_key = < /etc/dovecot/ssl/hostkey.pem #verbose_ssl = yes plugin { quota = maildir:User quota quota_rule = *:storage=500MB # 10% of 1GB = 100MB quota_rule2 = Trash:storage=+10%% # 20% of 1GB = 200MB # quota_rule3 = Spam:storage=+20%% autocreate = Trash aut...

...= /etc//opt/csw/puppet/ssl/ca/requests serial = /etc//opt/csw/puppet/ssl/ca/serial cacrl = /etc//opt/csw/puppet/ssl/ca/ca_crl.pem cadir = /etc//opt/csw/puppet/ssl/ca capub = /etc//opt/csw/puppet/ssl/ca/ca_pub.pem certdir = /etc//opt/csw/puppet/ssl/certs privatedir = /etc//opt/csw/puppet/ssl/private hostcert = /etc//opt/csw/puppet/ssl/certs/puppet-test.example.net.pem localcacert = /etc//opt/csw/puppet/ssl/certs/ca.pem publickeydir = /etc//opt/csw/puppet/ssl/public_keys passfile = /etc//opt/csw/puppet/ssl/private/password hostprivkey = /etc//opt/csw/puppet/ssl/private_keys/puppet-test.example.net.pem p...

...39;statefile'': ''File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file, :backup=>false, :mode=>"660", :path=>"/var/lib/puppet/state/state.yaml", :loglevel=>:debug}'' Debug: Using settings: adding file resource ''hostcert'': ''File[/var/lib/puppet/ssl/certs/somvat121892.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", :path=>"/var/lib/puppet/ssl/certs/somvat121892.pem", :loglevel=>:debug}'' Debug: Using se...

.../etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/ File[/etc/opt/csw/puppet/puppet.conf]: Autorequiring File[/etc/opt/csw/ puppet] debug: Finishing transaction 69323770 with 0 changes /opt/csw/lib/ruby/site_ruby/1.8/puppet/sslcertificates/support.rb: 36:in `read_cert'': Could not read hostcert: header too long (Puppet::SSLCertificates::Support::InvalidCertificate) from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/ http_pool.rb:34:in `read_cert'' from /opt/csw/lib/ruby/site_ruby/1.8/puppet/network/ http_pool.rb:47:in `cert_setup'' from /opt...

...b/facter facts_terminus = facter factsignore = .svn CVS factsource = puppet://puppet/facts/ factsync = false fileserverconfig = /etc/puppet/fileserver.conf filetimeout = 15 freeze_main = false genconfig = false genmanifest = false graph = false graphdir = /var/lib/puppet/state/graphs group = puppet hostcert = /var/lib/puppet/ssl/certs/vusion-production.pem hostcrl = /var/lib/puppet/ssl/crl.pem hostcsr = /var/lib/puppet/ssl/csr_vusion-production.pem hostprivkey = /var/lib/puppet/ssl/private_keys/vusion-production.pem hostpubkey = /var/lib/puppet/ssl/public_keys/vusion-production.pem http_compression =...

I''d like to extend my use of puppet to manage my desktop/notebook macs. As others have noted, the hostname of the mobile machines tends to change frequently, so basing the node name (in my site.pp) and the corresponding cert and private key names seems to be an issue. I seem to recall somewhat talking about this at Puppet Camp last week….. Generally my signing strategy is always to

...9;'File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file, >> :backup=>false, :mode=>"660", :path=>"/var/lib/puppet/state/state.yaml", >> :loglevel=>:debug}'' >> Debug: Using settings: adding file resource ''hostcert'': >> ''File[/var/lib/puppet/ssl/certs/somvat121892.pem]{:links=>:follow, >> :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", >> :path=>"/var/lib/puppet/ssl/certs/somvat121892.pem", :loglevel=>:debug...

Hi all, Last week I noticed that the CertChecker in the Go implementation of x/crypto/ssh seems to be doing host principal validation incorrectly and filed the following bug: https://github.com/golang/go/issues/20273 By default they are looking for a principal named "host:port" inside of the certificate presented by the server, instead of just looking for the host as I believe OpenSSH

...9;' debug: certificates: Setting privatekeydir to ''$ssldir/private_keys'' debug: certificates: Setting hostpubkey to ''$publickeydir/puppet1.abc.net.pem'' debug: certificates: Setting privatedir to ''$ssldir/private'' debug: certificates: Setting hostcert to ''$certdir/puppet1.abc.net.pem'' debug: certificates: Setting passfile to ''$privatedir/password'' debug: certificates: Setting localcacert to ''$certdir/ca.pem'' debug: certificates: Setting certdir to ''$ssldir/certs'' debug: ca:...

Hello, I searched through the archive of the google group but did not found any solution or hint for my problem. I want to assign the following parameterized class to a node. class httpd($certMail, $certOU) { ... } This is the node statement to assign the class to a node. node "someserver" inherits basenode { class { httpd: certEMail =>

I too have been pushed into Puppet 3.0. Clients and PuppetMaster are now at 3.0.0. Not sure if this is a version change or syntax error that I am experiencing. We''ll use ''ntp'' as the example and the "build" host is a VM. The old way: class baseline::ntpd { package { "ntp": ensure => $virtual ? { physical => present,

Hi, i recently updated our windows 2008 r2 servers to puppet 3.3.0 . Im getting the following error* (only on our exchange 2010 db servers)*ever since: LevelMessageSourceFileLineTimeerrCould not retrieve local facts: undefined method `gsub'' for nil:NilClassPuppet13.09.2013 15:12 CESTerrFailed to apply catalog: Could not retrieve local facts: undefined method `gsub'' for

...ic_keys/ puppetmaster25.balkon.statystyka.net.pem statedir = /var/puppet/state authconfig = /etc/puppet/namespaceauth.conf publickeydir = /etc/puppet/ssl/public_keys pluginsource = puppet://puppet/plugins privatedir = /etc/puppet/ssl/private factpath = /var/puppet/facts/ hostcert = /etc/puppet/ssl/certs/ puppetmaster25.balkon.statystyka.net.pem localcacert = /etc/puppet/ssl/certs/ca.pem logdir = /var/puppet/log certdir = /etc/puppet/ssl/certs requestdir = /etc/puppet/ssl/certificate_requests httplog = /var/puppet/log/http.log libdir = /var/puppet/lib...