Displaying 20 results from an estimated 59 matches for "keystore".
Did you mean:
key_store
2009 Jul 30
7
arrays, loops, etc
...nsuring
their existence" I thought I''d write up the problem I''m running into. I
was chatting on irc about it, I don''t think puppet has a clean solution.
Like the other poster, I''m defining an object that takes an array. In
my case, I''m defining gpg keystore, which can contain a number of
keys. (actually part of a larger svn repository object) It would be
called something like:
gpg::keystore{ "/svn/repo/conf/pubring.gpg":
keys => ["XXXXXX", "YYYYYYY"],
}
The obvious way to deal with that array, is to use a...
2007 Mar 21
0
CentOS 5 (beta): tomcat/keystore issue
I (somewhat sadly, imo) need to run Tomcat/SSL on a public-facing
machine at work. I was really, really hoping I could use the
GCJ-compiled version of Tomcat supplied in the base repository.
I can't get Tomcat to read a Java keystore created with the keytool
utility provided (in java-1.4.2-gcj-compat-1.4.2.0-40jpp.110).
The Sun and GNU keytools produce different keystores. I'll use the
Tomcat nomenclature to describe the differences. Obviously, I'm
looking for the correct "algorithm" (i.e., certificate sig...
2019 Apr 22
1
Citrix receiver and certificates on CentOS 7
...ix Receiver.
Here's my old blog article on installing Citrix Receiver on OpenSUSE :
* https://www.microlinux.fr/citrix-receiver-opensuse-leap-15-0/
The application's certificate store is incomplete, so here's how I
resolved the problem under OpenSUSE :
# cd /opt/Citrix/ICAClient/keystore/
# rm -rf cacerts/
# ln -s /etc/ssl/certs cacerts
Once this is done, Citric Receiver works perfectly under OpenSUSE.
Now I tried to do the same thing under CentOS 7. The certificates are
stored in a different directory, so here's what I did.
# cd /opt/Citrix/ICAClient/keystore/
# rm...
2010 Jan 21
1
[PKI concepts] Why Jboss need (signed cert and) root-cert in PEM format?
Hi folks
[ Please add me CC. Thanks ]
We have here a Jboss app and web server. We signed the SSL-certificate
that end-user don't have ugly error messages. I don't understand why
we need to import the Root-Cert in PEM format?
$ keytool -import -trustcacerts -file rootcert.pem -keystore
myserver.keystore -alias root
The Root-Cert is in web browser, why there is a must to import in keystore?
Did I misunderstood PKI basics?
cheers Sven
2014 Jul 18
2
[LLVMdev] Running an LLVM pass during an android compile
We have developed and tested an optimization pass using LLVM, and have been able to build other software such as gzip while running our pass by passing "clang" and "-Xclang -load -Xclang <path to .so>" as configure options. Now we would like to try and build android while running our pass only on certain files. It seems that android has its own version of LLVM built into
2018 Sep 20
2
Re: [PATCH 2/2] Introduce a --key option in tools that accept keys
This would have been a bit easier to review if the keystore
changes had been broken out from the tools changes.
On Wed, Sep 19, 2018 at 12:37:01PM +0200, Pino Toscano wrote:
> @@ -599,13 +621,21 @@ let is_btrfs_subvolume g fs =
> if g#last_errno () = Guestfs.Errno.errno_EINVAL then false
> else raise exn
>
> -let inspect_decrypt...
2013 Jul 03
1
Certificate errors
...certificate B: certificate verify failed:
[certificate signature failure for /CN=rebitpuppet01.cegedim]*
I tried a lot of things following the different threads but I only managed
to mess a little bit more with my server :-(
At least, I know my truststore should be wrong as "*keytool -list -keystore
/etc/puppetdb/ssl/truststore*" and "*openssl x509 -noout -in
/var/lib/puppet/ssl/ca/ca_crt.pem -fingerprint*" do not match. The only
thing is that I do not have the first idea on how to solve this...
Any idea ?
Puppetmaster, dashboard & puppedb are on the same server (Distro...
2013 May 08
14
PuppetDB: SSL problems
...g; skipping run
I''m thinking the problem is that I''m using gaia.local as the host name.
Puppet.local is an alias for gaia.local.
*Extra info:*
For completeness, the error on the puppetdb is:
WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null
cert chain
keystore.jks on the puppetdb has puppetdb.local with print
8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47
truststore.jks on puppetdb has ''puppetdb ca'' with print
62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E
$ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.p...
2013 Apr 15
12
[Bug 2090] New: SSH/SSHD hang with a Match User setting in sshd_config .
https://bugzilla.mindrot.org/show_bug.cgi?id=2090
Bug ID: 2090
Summary: SSH/SSHD hang with a Match User setting in sshd_config
.
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: AIX
Status: NEW
Severity: critical
Priority: P5
2013 May 14
1
PuppetDB Cannot Find Postgresql Driver
...-1.3.0-1.el6.noarch
Installed from yum packages:
Running Transaction
Installing : puppetdb-1.3.0-1.el6.noarch
1/1
Certificate was added to keystore
Backing up /etc/puppetdb/conf.d/jetty.ini to
/etc/puppetdb/conf.d/jetty.ini.bak.1368570333 before making changes
Updated default settings from package installation for ssl-host in
/etc/puppetdb/conf.d/jetty.ini.
Updated default settings from package installation for ssl-port in
/etc/puppetdb/con...
2014 Oct 08
1
Samba4 Exporting a DER
...art
of the setup requires the exporting of the domain controller DER.
These are the instructions...
As root, create the /opt/zimbra/lib/ext/adpassword directory
As root, copy adPassword.jar into /opt/zimbra/lib/ext/adpassword/
As root, import the DER domain controller certificate into the trusted
keystore/opt/zimbra/java/jre/lib/security/cacerts
Restart Zimbra
Configure authentication settings for your domain
Open the Zimbra Administration console
Select External LDAP as authentication mechanism
Type the LDAP URL and check Use SSL
Type samaccountname=%u in the LDAP filter field
Specify cn=users,dc...
2019 Nov 26
0
[PATCH common v2 2/3] options: Allow multiple --key parameters.
...ns/keys.c
index 74b5497..782bdb6 100644
--- a/options/keys.c
+++ b/options/keys.c
@@ -121,15 +121,32 @@ read_first_line_from_file (const char *filename)
return ret;
}
-char *
-get_key (struct key_store *ks, const char *device)
+/* Return the key(s) matching this particular device from the
+ * keystore. There may be multiple. If none are read from the
+ * keystore, ask the user.
+ */
+char **
+get_keys (struct key_store *ks, const char *device)
{
- size_t i;
+ size_t i, j, len;
+ char **r;
+ char *s;
+
+ /* We know the returned list must have at least one element and not
+ * more than k...
2009 Feb 23
3
Require package not working as expected
....list
file { "/etc/apt/sources.list":
owner => root,
group => root,
mode => 644,
content => template("tclbase/sources.erb"),
require => [ Package["lsb-release"], Exec["Import $aptkey_volatile
to apt keystore"] ] }
--------------------------------------------------------------------------------
This works on some systems, but fails on at least one other with:
err: Could not retrieve catalog: Failed to parse template
tclbase/sources.erb: Could not find value for ''lsbdistcodename''...
2019 Nov 12
0
[PATCH 2/2] options: Allow multiple --key parameters and default keys.
...ns/keys.c
index f783066..817508b 100644
--- a/options/keys.c
+++ b/options/keys.c
@@ -121,17 +121,35 @@ read_first_line_from_file (const char *filename)
return ret;
}
-char *
-get_key (struct key_store *ks, const char *device)
+/* Return the key(s) matching this particular device from the
+ * keystore. There may be multiple. If none are read from the
+ * keystore, ask the user.
+ */
+char **
+get_keys (struct key_store *ks, const char *device)
{
- size_t i;
+ size_t i, j, len;
+ char **r;
+ char *s;
+
+ /* We know the returned list must have at least one element and not
+ * more than k...
2017 Aug 11
4
is a self signed certificate always invalid the first time?
I have looked at let's encrypt. Key issue for me is having to add a lot
python stuff that would otherwise not be on any server.
Again, All CA's like "Let's Encrypt" - and others that are accepted by
the "majors", e.g., Windows, Mozilla make it much easier for the
"random" user to use anything you protect with SSL (better TLS) without
them having to
2011 Dec 28
3
packages and Solaris
Hi folks,
I''m about to propose to my current company that we use puppet to manage
releases of home grown software. The environment is a mix of Solaris
8/9/10 and RHEL 5&6.
I''ve got a handle on how to create recipes to release software into the
RHEL environment. The unknown for me is how to manipulate the pkgadd
provider to load the locally grown package stream. Can
2012 May 22
11
Puppet First Run after Install failing in module pe_mcollective
...ing puppet enterprise manager (master) on a RHEL box.
Though the install itself succeeds without any issues, the first run
of puppet when it tries to deploy the pe_mcollective module fails with
the following error.
Message:
change from notrun to 0 failed: sh -c ''umask 077; keytool -
importkeystore -deststorepass puppet -destkeypass puppet -destkeystore
broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype
PKCS12 -alias puppet-master.xyz.com'' returned 1 instead of one of [0]
at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp:
138
Source:
/Stage[main...
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
...feedback from someone who has gone down this route before, as
this is all pretty new to me. If nothing more, I''m hoping to be able
to get this working in this situation, so that I can reuse this
functionality for other projects. If Puppet is already doing a good
job of maintaining a nice keystore, why not use it for other things,
too?
Thanks!
-dant
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubsc...
2019 Nov 12
4
[PATCH 1/2] options: Fixes and enhancements to --key parsing.
The first patch fixes a rather serious bug, the second patch allows
multiple --key parameters and default parameters.
There is a third patch to libguestfs which adds a test, coming up.
I did not yet review and fix the documentation. I think we need to
centralize it in one place because at the moment the same
documentation for --key is copy/pasted all over the tools.
Rich.
2018 Sep 20
0
Re: [PATCH 2/2] Introduce a --key option in tools that accept keys
On Thursday, 20 September 2018 12:15:12 CEST Richard W.M. Jones wrote:
> This would have been a bit easier to review if the keystore
> changes had been broken out from the tools changes.
I actually thought (even too much) about various ways of splitting it;
since I wanted to not become a new Buridan's ass [1], then I lumped it
all in a single patch.
Splitting is not an issue, so if you suggest a preferred layout I can
w...