Displaying 20 results from an estimated 63 matches for "keyout".
Did you mean:
kaout
2004 Jul 22
1
(no subject)
2012 Jul 28
1
[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
...y applications use SubjectPublicKeyInfo encoded key.
This change adds SubjectPublicKeyInfo support, to ease integration
with applications.
Examples:
## convert SubjectPublicKeyInfo public key to SSH public key
$ openssl req -newkey rsa:2048 -nodes -pubkey -subj "/CN=test" \
-noout -keyout /dev/null | \
ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
## convert X.509 certificate to SSH public key
$ openssl req -newkey rsa:2048 -nodes -x509 -subj "/CN=test" \
-keyout /dev/null | openssl x509 -pubkey -noout | \
ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
##...
2020 May 24
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
...all,
What are the instructions for making an SSL cert for Dovecot IMAPS?
Two methods have been tried, and work, with Evolution; however generate
the following error when Thunderbird tries to connect.
Thank you,
method 1 : self signed
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout
mykey.key -out mycert.pem
method 2 : Let's Encrypt (LE) CA
Created with Certbot
ERROR
TLS handshaking: SSL_accept() failed: error:14094412:SSL
routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number
42, session=<+oooooo>
-------------- next part --------------
A non-...
2023 Feb 06
2
Still Struggling with Secure Connections
I made a special pair of keys just for Icecast with this command:
$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout
key.pem -out cert.pem
I combined the two files like this:
$ cat cert.pem key.pem > icecast.pem
I placed icecast.pem in /etc/icecast2 and used 'chown icecast2:icecast
icecast.pem' to change owner to icecast2:icecast.
I also changed its protection to 600 with 'chmod 600 icecast.p...
2020 Nov 10
2
SSL alert number 42
...certificate on the Windows/Thunderbird side.
I am using the SSL Certificate that comes with the distribution, so the
conclusion is Thunderbird does not trust it.
I have this in my notes from ages ago, for generating my own self-signed
certificate:
% openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key -out
openssl.crt -days 600 -config san.cnf
See attached the 2 errors that I am getting, one is from the
distribution cert.
Can a kind soul tell me the current way to do this in Linux?
Perhaps I should use a free service? Which?
TIA
Raymond
On 11/10/2020 2:20 PM, Aki Tuomi wrote...
2014 Dec 17
3
Asymmetric encryption for very large tar file
...erver generated a 250G data backup
>> and it?s tar?ed into one tarball file. I want to encrypt this big tarball
>> file. So far I have tried two technologies with no success.
>> 1) generating RSA 2048 public/private key pair via ?openssl req -x509
>> -nodes -newkey rsa:2048 -keyout private.pem -out public.pem? command and
>> uses the public key to encrypt the big tar file. The encryption command I
>> used is "openssl smime -encrypt -aes256 -in backup.tar -binary -outform
>> DEM -out backup.tar.ssl public.pem?. The resulting backup.tar.ssl file is
>...
2006 Jan 23
1
Self-signed certificates
...r the sub-domain but the certificate for
the top-level domain is the certificate that appears. In the <VirtualHost>
section for the sub-domain, I have pointed to the sub-domain key:
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/subdomain.key.
This is how I made the key: openssl req -nodes -keyout private.key -out
subdomain.key
Any help would be greatly appreciated.
2004 Apr 01
1
SSL error and PostgreSQL
...se it with Exim4
and i have a error with SSL
"imap-login: Can't load private key file /var/dovecot/ssl/private/imapd.pem:
error:0906D06C:PEM routine:PEM_read_bio:no start line"
i make my cert with this command (i don't like the included script :))
openssl req -nodes -new -x509 -keyout imapd.pem -out imapd.pem -days 3650
or
openssl req -nodes -new -x509 -out imapd.pem -days 3650
the pem is file is in the right directory and have "a chmod 700,777 or 600" no
one of the this will work.
sorry for my poor english and thanks in advance
2007 May 29
2
Client certificate verification/authentication
I would like to use Client certificate verification/authentication.
My MTA used this function.
I've a problem to make a valid certificate.
For my MTA i used :
openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem
-days 365
openssl ca -out user_signed.pem -infiles user_req.pem
openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12
-export -name "user at hotsname"
user.p12 match in my MTA
Not in Dovecot...
In my log, i've simply :
dovecot: auth(d...
2011 Feb 27
2
opened OpenSSL port
Main question: is it safe, to open a port for an openssl server?
e.g.:
server side - generate a self-signed cert.
time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem
openssl s_server -accept 52310 -cert mycert.pem
Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way?
Are there any iptables rule for restricting connections to dyndns names?
e.g.: only allow connection from "asdfasdf.dynd...
2014 Dec 17
8
Asymmetric encryption for very large tar file
...e are data backup. Every night the server generated a 250G data backup
and it?s tar?ed into one tarball file. I want to encrypt this big tarball
file. So far I have tried two technologies with no success.
1) generating RSA 2048 public/private key pair via ?openssl req -x509
-nodes -newkey rsa:2048 -keyout private.pem -out public.pem? command and
uses the public key to encrypt the big tar file. The encryption command I
used is "openssl smime -encrypt -aes256 -in backup.tar -binary -outform
DEM -out backup.tar.ssl public.pem?. The resulting backup.tar.ssl file is
only 2G then encryption process...
2020 Mar 16
3
signing modules
HI all- Thanks for the comments. However -I'm getting no where.
Let me start again.
My 'hardware" does not have the ability to turn off secure boot. Its an
Intel NUC7C - not possible.
SO instead of my generic "image" i have that I copy to physical disk (has
all my install,setup etc... everything ready).
I created a new UEFI disk that again has everything setup and ready.
2009 May 23
0
RMTPE specification
...e itself
and 42 bytes for the SWF verification response.
swfvk = serversig[RTMP_SIG_SIZE-SHA256DL:RTMP_SIG_SIZE-1]
SWFDigest = SWFVerifySig + bigendian32(SWFsize) + bigendian32(SWFsize) +
HMACsha256(SWFHash, swfvk)
Initialise ARC4 Send / Receive Keys:
The ARC4 keys KeyIn and KeyOut are used to decrypt and encrypt
incoming and outgoing data, respectively.
KeyIn = ARC4Key(HMACsha256(DHPublicKeyS, DHSharedSecret)[0:15])
KeyOut = ARC4Key(HMACsha256(DHPublicKeyC, DHSharedSecret)[0:15])
Explanation in words:
To calculate the ARC4 key for the data received by the cli...
2016 Oct 09
1
SSL.
...ocket>
<port>8483</port>
<ssl>1</ssl>
</listen-socket>
and ssl-certificate :
<ssl-certificate>/usr/local/share/icecast/icecast.pem</ssl-certificate>
I generated the certificate with the commands :
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365
cat key.pem >> crt.pem
But when I start the server, everything is fine but I can’t load the page https://server.domain.local:8483/admin <https://server.domain.local:8483/admin>
The browser hangs and close the connection with an error : « can’t es...
2017 Aug 28
3
SSL Cert Woes
...... I believe it to be setup correctly... the RPM has a libssl
> > requirement... and the fact that it tries to check the SSL cert file
> > indicates that it has capability...
> I agree.
> I generated the certificate with:
> openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout
> /usr/share/icecast2/icecast.pem -out /usr/share/icecast2/icecast.pem Then
> you need only change owner and group, nothing more.
Well... I was able to get it to work with a self-signed cert... so, something must be up with my Starfield signed cert... looks like they're configuring certs...
2017 Aug 28
2
SSL Cert Woes
...t; > > > requirement... and the fact that it tries to check the SSL cert
> > > > file indicates that it has capability...
> > >
> > > I agree.
> > > I generated the certificate with:
> > > openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout
> > > /usr/share/icecast2/icecast.pem -out /usr/share/icecast2/icecast.pem
> > > Then you need only change owner and group, nothing more.
> >
> > Well... I was able to get it to work with a self-signed cert... so,
> > something must be up with my Starfield signed...
2017 Aug 28
2
SSL Cert Woes
...; > > > > > cert
> > > > > > file indicates that it has capability...
> > > > >
> > > > > I agree.
> > > > > I generated the certificate with:
> > > > > openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout
> > > > > /usr/share/icecast2/icecast.pem -out
> > > > > /usr/share/icecast2/icecast.pem
> > > > > Then you need only change owner and group, nothing more.
> > > >
> > > > Well... I was able to get it to work with a self-signed ce...
2005 Feb 22
1
Problems with Dovecot and self-signed cert
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided
to try using Dovecot as my IMAP server, as I was impressed with the
dedication to security that seems to be the core development goal. I'm
really happy with it, but I can't get it to work with a self-signed cert.
Normally, on a RHEL system, you just go into
1999 Sep 24
0
Re: POP secure access?? {result}
...e the mail server name is
recorded). If the name do not match, a warning dialog box would pop
up. The link is still encrypted but it would be a nuisance to the
users who have to endure the persistent warning dialog box.
Command:
cd /var/ssl/certs/
/usr/bin/req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
ln -s server.pem '/usr/bin/x509 -noout -hash < server.pem'.0
A file (server.pem) would be generated from the command in line 2
above. Chmod the server.pem file (600) in order to restrict
access. Note also that the server cert would only be effective the
next day. As...
2009 Jan 05
1
New SSL certificate problem
...certificate. Over the past year, we've
been using a Digicert Wildcard Plus certificate for almost all of our
machines, and I wanted to switched over our DC mailserver.
I used the following command to generate the CSR and key:
openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard College IT/OU=Bard College /CN=*.bard.edu"
The resultant CSR verified and I submitted it to digicert and got back our cert, plus their intermediate and Trusted root certs.
I killed the root instance of dovecot and waited for all the c...