search for: keystore

...nsuring their existence" I thought I''d write up the problem I''m running into. I was chatting on irc about it, I don''t think puppet has a clean solution. Like the other poster, I''m defining an object that takes an array. In my case, I''m defining gpg keystore, which can contain a number of keys. (actually part of a larger svn repository object) It would be called something like: gpg::keystore{ "/svn/repo/conf/pubring.gpg": keys => ["XXXXXX", "YYYYYYY"], } The obvious way to deal with that array, is to use a...

I (somewhat sadly, imo) need to run Tomcat/SSL on a public-facing machine at work. I was really, really hoping I could use the GCJ-compiled version of Tomcat supplied in the base repository. I can't get Tomcat to read a Java keystore created with the keytool utility provided (in java-1.4.2-gcj-compat-1.4.2.0-40jpp.110). The Sun and GNU keytools produce different keystores. I'll use the Tomcat nomenclature to describe the differences. Obviously, I'm looking for the correct "algorithm" (i.e., certificate sig...

...ix Receiver. Here's my old blog article on installing Citrix Receiver on OpenSUSE : * https://www.microlinux.fr/citrix-receiver-opensuse-leap-15-0/ The application's certificate store is incomplete, so here's how I resolved the problem under OpenSUSE : # cd /opt/Citrix/ICAClient/keystore/ # rm -rf cacerts/ # ln -s /etc/ssl/certs cacerts Once this is done, Citric Receiver works perfectly under OpenSUSE. Now I tried to do the same thing under CentOS 7. The certificates are stored in a different directory, so here's what I did. # cd /opt/Citrix/ICAClient/keystore/ # rm...

Hi folks [ Please add me CC. Thanks ] We have here a Jboss app and web server. We signed the SSL-certificate that end-user don't have ugly error messages. I don't understand why we need to import the Root-Cert in PEM format? $ keytool -import -trustcacerts -file rootcert.pem -keystore myserver.keystore -alias root The Root-Cert is in web browser, why there is a must to import in keystore? Did I misunderstood PKI basics? cheers Sven

We have developed and tested an optimization pass using LLVM, and have been able to build other software such as gzip while running our pass by passing "clang" and "-Xclang -load -Xclang <path to .so>" as configure options. Now we would like to try and build android while running our pass only on certain files. It seems that android has its own version of LLVM built into

This would have been a bit easier to review if the keystore changes had been broken out from the tools changes. On Wed, Sep 19, 2018 at 12:37:01PM +0200, Pino Toscano wrote: > @@ -599,13 +621,21 @@ let is_btrfs_subvolume g fs = > if g#last_errno () = Guestfs.Errno.errno_EINVAL then false > else raise exn > > -let inspect_decrypt...

...certificate B: certificate verify failed: [certificate signature failure for /CN=rebitpuppet01.cegedim]* I tried a lot of things following the different threads but I only managed to mess a little bit more with my server :-( At least, I know my truststore should be wrong as "*keytool -list -keystore /etc/puppetdb/ssl/truststore*" and "*openssl x509 -noout -in /var/lib/puppet/ssl/ca/ca_crt.pem -fingerprint*" do not match. The only thing is that I do not have the first idea on how to solve this... Any idea ? Puppetmaster, dashboard & puppedb are on the same server (Distro...

...g; skipping run I''m thinking the problem is that I''m using gaia.local as the host name. Puppet.local is an alias for gaia.local. *Extra info:* For completeness, the error on the puppetdb is: WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null cert chain keystore.jks on the puppetdb has puppetdb.local with print 8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47 truststore.jks on puppetdb has ''puppetdb ca'' with print 62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E $ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.p...

https://bugzilla.mindrot.org/show_bug.cgi?id=2090 Bug ID: 2090 Summary: SSH/SSHD hang with a Match User setting in sshd_config . Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: AIX Status: NEW Severity: critical Priority: P5

...-1.3.0-1.el6.noarch Installed from yum packages: Running Transaction Installing : puppetdb-1.3.0-1.el6.noarch 1/1 Certificate was added to keystore Backing up /etc/puppetdb/conf.d/jetty.ini to /etc/puppetdb/conf.d/jetty.ini.bak.1368570333 before making changes Updated default settings from package installation for ssl-host in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for ssl-port in /etc/puppetdb/con...

...art of the setup requires the exporting of the domain controller DER. These are the instructions... As root, create the /opt/zimbra/lib/ext/adpassword directory As root, copy adPassword.jar into /opt/zimbra/lib/ext/adpassword/ As root, import the DER domain controller certificate into the trusted keystore/opt/zimbra/java/jre/lib/security/cacerts Restart Zimbra Configure authentication settings for your domain Open the Zimbra Administration console Select External LDAP as authentication mechanism Type the LDAP URL and check Use SSL Type samaccountname=%u in the LDAP filter field Specify cn=users,dc...

...ns/keys.c index 74b5497..782bdb6 100644 --- a/options/keys.c +++ b/options/keys.c @@ -121,15 +121,32 @@ read_first_line_from_file (const char *filename) return ret; } -char * -get_key (struct key_store *ks, const char *device) +/* Return the key(s) matching this particular device from the + * keystore. There may be multiple. If none are read from the + * keystore, ask the user. + */ +char ** +get_keys (struct key_store *ks, const char *device) { - size_t i; + size_t i, j, len; + char **r; + char *s; + + /* We know the returned list must have at least one element and not + * more than k...

....list file { "/etc/apt/sources.list": owner => root, group => root, mode => 644, content => template("tclbase/sources.erb"), require => [ Package["lsb-release"], Exec["Import $aptkey_volatile to apt keystore"] ] } -------------------------------------------------------------------------------- This works on some systems, but fails on at least one other with: err: Could not retrieve catalog: Failed to parse template tclbase/sources.erb: Could not find value for ''lsbdistcodename''...

...ns/keys.c index f783066..817508b 100644 --- a/options/keys.c +++ b/options/keys.c @@ -121,17 +121,35 @@ read_first_line_from_file (const char *filename) return ret; } -char * -get_key (struct key_store *ks, const char *device) +/* Return the key(s) matching this particular device from the + * keystore. There may be multiple. If none are read from the + * keystore, ask the user. + */ +char ** +get_keys (struct key_store *ks, const char *device) { - size_t i; + size_t i, j, len; + char **r; + char *s; + + /* We know the returned list must have at least one element and not + * more than k...

I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. Again, All CA's like "Let's Encrypt" - and others that are accepted by the "majors", e.g., Windows, Mozilla make it much easier for the "random" user to use anything you protect with SSL (better TLS) without them having to

Hi folks, I''m about to propose to my current company that we use puppet to manage releases of home grown software. The environment is a mix of Solaris 8/9/10 and RHEL 5&6. I''ve got a handle on how to create recipes to release software into the RHEL environment. The unknown for me is how to manipulate the pkgadd provider to load the locally grown package stream. Can

...ing puppet enterprise manager (master) on a RHEL box. Though the install itself succeeds without any issues, the first run of puppet when it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c ''umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias puppet-master.xyz.com'' returned 1 instead of one of [0] at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: 138 Source: /Stage[main...

...feedback from someone who has gone down this route before, as this is all pretty new to me. If nothing more, I''m hoping to be able to get this working in this situation, so that I can reuse this functionality for other projects. If Puppet is already doing a good job of maintaining a nice keystore, why not use it for other things, too? Thanks! -dant -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubsc...

The first patch fixes a rather serious bug, the second patch allows multiple --key parameters and default parameters. There is a third patch to libguestfs which adds a test, coming up. I did not yet review and fix the documentation. I think we need to centralize it in one place because at the moment the same documentation for --key is copy/pasted all over the tools. Rich.

On Thursday, 20 September 2018 12:15:12 CEST Richard W.M. Jones wrote: > This would have been a bit easier to review if the keystore > changes had been broken out from the tools changes. I actually thought (even too much) about various ways of splitting it; since I wanted to not become a new Buridan's ass [1], then I lumped it all in a single patch. Splitting is not an issue, so if you suggest a preferred layout I can w...