search for: incommon

I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!

...t SHA256: 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 minutes ago) EXPIRED AFAICT this is the reason: https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 FYI, Gabor

...for 'https://llvm.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: llvm.org - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 23:59:59 GMT - Issuer: InCommon, Internet2, US - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e (R)eject, accept (t)emporarily or accept (p)ermanently? ... then your client is not happy with the intermediate SSL certificate, but you should be able to accept the certificate and continue using SVN. I&...

...t; - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > Certificate information: > - Hostname: llvm.org > - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 > 23:59:59 GMT > - Issuer: InCommon, Internet2, US > - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e > (R)eject, accept (t)emporarily or accept (p)ermanently? > > ... then your client is not happy with the intermediate SSL certificate, > but you should be able to accept the certificate and...

...t >>>> debug = yes >>>> rawlog_dir = /tmp/oauth2 >>>> #force_introspection = yes >>>> username_attribute = username >>>> #active_attribute = active >>>> #active_value = true >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem >>>> >>>> >>>> --------------- >>>> >>>> >>>> >>>>...

...dbbd3aef1c412da > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > minutes ago) EXPIRED > > > > AFAICT this is the reason: > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > FYI, > > Gabor > > > > ______________________________________________ > > R-devel at r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > -- &gt...

...ate is not issued by a trusted authority. Use the >> fingerprint to validate the certificate manually! >> Certificate information: >> - Hostname: llvm.org >> - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 >> 23:59:59 GMT >> - Issuer: InCommon, Internet2, US >> - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e >> (R)eject, accept (t)emporarily or accept (p)ermanently? >> >> ... then your client is not happy with the intermediate SSL certificate, >> but you should be able to accept...

...1f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection = yes username_attribute = username #active_attribute = active #active_value = true tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem tls_key_file = /etc/pki/dovecot/private/dovecot.pem --------------- The debug log is showing now slightly different msg ex: Dec 5 21:09:59 mktst4 dovecot: auth: Error: oauth2(mizuki,10.0.2.1,<29b4iv+YKuuCx5Tr>): oauth2 fai...

...tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > > > minutes ago) EXPIRED > > > > > > > > AFAICT this is the reason: > > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > > > > > FYI, > > > > Gabor > > > > > > > > ______________________________________________ > > > > R-devel at r-project.org mailing list > > &g...

...c486511e37f501a899deb3bf7ea8adbbd3aef1c412da > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > minutes ago) EXPIRED > > AFAICT this is the reason: > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > FYI, > Gabor > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel -- Peter Dalgaard, Professor, Center for Statis...

...e = post > > > debug = yes > > > rawlog_dir = /tmp/oauth2 > > > #force_introspection = yes > > > username_attribute = username > > > #active_attribute = active > > > #active_value = true > > > tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt > > > tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem > > > tls_key_file = /etc/pki/dovecot/private/dovecot.pem > > > > > > > > > --------------- > > > > > > > > > > > > > > >...

...running Dovecot in Solaris 10 for about 8 months now. Yesterday, Solaris 10's SMF put it in maintenance mode (shut it down) seemingly out of the blue. The only thing going on was that I had updated the ssl certificate. We had previously been using a self signed cert. Now we have a cert from InCommon. We had a problem with a few users who are still on ancient Eudora and didn't have the proper authority chains. We had a problem with a few Thunderbird users who hadn't set up the fully qualified server name in their configuration. The shutdown was coincident (and could be just a coincid...

...> >>>> rawlog_dir = /tmp/oauth2 > >>>> #force_introspection = yes > >>>> username_attribute = username > >>>> #active_attribute = active > >>>> #active_value = true > >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt > >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem > >>>> tls_key_file = /etc/pki/dovecot/private/dovecot.pem > >>>> > >>>> > >>>> --------------- > >>>> > >>>> > &gt...

...Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > > minutes ago) EXPIRED > > > > > > AFAICT this is the reason: > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > > > FYI, > > > Gabor > > > > > > ______________________________________________ > > > R-devel at r-project.org mailing list > > > https://stat.ethz.ch/mailma...

...CrvpApTQGo67CYDnvprLg5yRME= >>>>> Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 >>>>> minutes ago) EXPIRED >>>>> >>>>> AFAICT this is the reason: >>>>> https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 >>>>> >>>>> FYI, >>>>> Gabor >>>>> >>>>> ______________________________________________ >>>>> R-devel at r-project.org mailing list >&g...

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands