search for: newcert

...i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without passphrase) *$ openssl rsa < newkey.pem > clearkey.pem* What to do next?? What to put in slapd.conf in order to make it work?? What to put in ldap.conf in order to communicate Really thanks in advance!! David -------------- next part -------------- An...

...text.Gettext + +module G = Guestfs + +let ca_certificates_perform g root = + let typ = g#inspect_get_type root in + if typ <> "windows" then ( + let paths = [ "/etc/pki/CA/certs/*"; + "/etc/pki/CA/crl/*"; + "/etc/pki/CA/newcerts/*"; + "/etc/pki/CA/private/*"; + "/etc/pki/tls/private/*"; + "/etc/pki/tls/certs/*.crt"; ] in + let excepts = [ "/etc/pki/tls/certs/ca-bundle.crt"; + "/etc/pki/tls/certs/ca-bu...

...phrase: <ca pass> Certificate is to be certified until Apr 10 18:58:58 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Certificate: etc.... Signed certificate is in newcert.pem % This creates newcert.pem (server certificate signed by CA) with private key, newreq.pem. Now the certificates can be moved to the desired certificate repository and renamed. % cp demoCA/cacert.pem /etc/ssl/certs/ca.pem % mv newcert.pem /etc/ssl/certs/smb.ahm.nl.pem % mv newreq.pem /e...

Hello, I have the following problem: I want to use publickey authentication by using the publickey of a x509 certificate stored on a java card. I can already extract the publickey of the certificate and write it into a file. The problem i have is that i don't know how to convert the certificate's publickey into an rsa publickey format that openssh will accept. Does anybody have a

...s one Jan 16 09:27:04 ns dovecot: master: Error: service(auth): command startup failed, throttling Please see my configs 10-mail.conf mail_location = maildir:/var/spool/mail/%d/%n 10-ssl.conf # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes ssl_cert = </etc/postfix/newcert.pem ssl_key = </etc/postfix/newkey.pem auth-system.conf.ext #passdb { #driver = passwd-file #args = scheme=cram-md5 username_format=%u /etc/dovecot/passwd #} userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } auth-passwdfile.conf.ext passdb { driver = passwd-file...

...39;s because I am using a self-signed certificate. Now, I'm also using postfix, and it allows for me creating my own CA certificate, and using it to sign my own certificates. The /etc/postfix/main.cf entries are: smtpd_tls_key_file = /etc/postfix/newreq.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem but while I see the following two lines in /etc/dovecot.conf: ssl_cert_file = /usr/share/ssl/certs/dovecot.pem ssl_key_file = /usr/share/ssl/private/dovecot.pem I don't see how to specify my CA cert. I'm pretty much a noob when it comes to...

...ervice imap { name = imap-login } service login/imap { name = imap } service lmtp { name = lmtp } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service login/ssl-params { name = ssl-params } ssl_ca = /opt/etc/domain.ca/myca.pem ssl_cert = /opt/etc/domain.ca/newcerts/imap.cer ssl_key = /opt/etc/domain.ca/private/imap.key protocol lmtp { service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict { name...

...m. This is the configuration I am currently running: # 1.2.beta1: /opt/etc/dovecot/dovecot.conf # OS: Linux 2.6.12.6-arm1 armv5tejl log_path: /opt/var/log/dovecot.log info_log_path: /opt/var/log/dovecot-info.log protocols: imaps ssl_ca_file: /opt/etc/ssl.ca/cacrl.pem ssl_cert_file: /opt/etc/ssl.ca/newcerts/imap.cer ssl_key_file: /opt/etc/ssl.ca/private/imap.key ssl_parameters_regenerate: 24 ssl_cipher_list: ALL:!LOW:!SSLv2 ssl_verify_client_cert: yes disable_plaintext_auth: yes verbose_ssl: yes login_dir: /opt/var/run/dovecot/login login_executable: /opt/libexec/dovecot/imap-login login_user: guest...

...inet_listener lmtp { address = ::1 port = 24 } } service managesieve-login { service_count = 0 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = vmail } user = dovecot } ssl_cert = </ca/mail.roessner-net.de/newcert.pem ssl_key = </ca/mail.roessner-net.de/newkey.pem userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_proctitle = yes protocol lmtp { mail_plugins = quota sieve } protocol lda { mail_plugins = quota sieve acl } protocol imap { imap_client_workarounds = tb-extra-...

...are my configs/data: OS => Gentoo Linux uname -a => 2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686 Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux dovecot --version => 1.1.beta14 dovecot -n => protocols: imaps ssl_listen: *:993 ssl_cert_file: /etc/ssl/dovecot/newcert.pem ssl_key_file: /etc/ssl/dovecot/newkey.pem ssl_parameters_regenerate: 0 ssl_cipher_list: ALL:!LOW:!SSLv2 disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login verbose_proctitle: yes mail_uid: 5000 mail_gid: 5000 mail_locat...

...me -a => > 2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686 > Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux > > dovecot --version => > 1.1.beta14 > > dovecot -n => > protocols: imaps > ssl_listen: *:993 > ssl_cert_file: /etc/ssl/dovecot/newcert.pem > ssl_key_file: /etc/ssl/dovecot/newkey.pem > ssl_parameters_regenerate: 0 > ssl_cipher_list: ALL:!LOW:!SSLv2 > disable_plaintext_auth: no > verbose_ssl: yes > login_dir: /var/run/dovecot/login > login_executable: /usr/libexec/dovecot/imap-login > verbose_proctitle: yes...

...1.2.10: /opt/etc/dovecot/dovecot.conf # OS: Linux 2.6.12.6-arm1 armv5tejl ext3 base_dir: /opt/var/run/dovecot/ log_path: /opt/var/log/dovecot/messages info_log_path: /opt/var/log/dovecot/info protocols: imaps listen: [::] ssl_ca_file: /opt/etc/domain.ca/cacrl.pem ssl_cert_file: /opt/etc/domain.ca/newcerts/mail.cer ssl_key_file: /opt/etc/domain.ca/private/mail.key ssl_cipher_list: ALL:!LOW:!SSLv2 ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /opt/var/run/dovecot//login login_executable: /opt/libexec/dovecot/imap-login login_process_size: 32 mail_location: dbox:/share/MD0_DATA/mail/%u mail_...

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

...long password, it couldn't work.) (2) Common name must be used as fully qualified domain name. For example: mis3.fgs.org.tw mis3# openssl req -new -nodes -keyout newreq.pem -out newreq.pem mis3# ../misc/CA.sh -sign mis3# cp demoCA/cacert.pem . mis3# mv newcert.pem servercrt.pem mis3# mv newreq.pem privatekey.pem mis3# chmod 600 privatekey.pem Reference: http://www.openldap.org/faq/data/cache/185.html (b) Configure OpenLDAP (1) Open /usr/local/etc/openldap/lapd.conf (OpenLDAP client config.) with text editor...

...ctory permissions to only allow the root user. If the mysql user cannot read all ssl files SSL will not work. [root at example.com CA]# ls -l /etc/pki/CA/ total 16 drwxr-xr-x 2 root root 4096 Jan 20 11:32 certs drwxr-xr-x 2 root root 4096 Jan 20 11:32 crl drwxr-xr-x 2 root root 4096 Jan 20 11:32 newcerts drwx------ 2 root root 4096 Jan 20 11:32 private 2. Regarding your replication specific user not being able to connect to the master. It may not work until SSL is fully working since you specifically stated to require and SSL connection. So the symptom of this might be resolved when SSL is...

Hey everybody, I'm trying to get mysql master/slave replication to work under SSL. I've created the certs for both the slave and the master. I've configured the master and slave my.cnf. And it does appear that replication is actually working. Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is MySQL (version 5.5.41-log). But there are two issues I'd like to

...ot user. If the mysql user > cannot read all ssl files SSL will not work. > > > [root at example.com CA]# ls -l /etc/pki/CA/ > total 16 > drwxr-xr-x 2 root root 4096 Jan 20 11:32 certs > drwxr-xr-x 2 root root 4096 Jan 20 11:32 crl > drwxr-xr-x 2 root root 4096 Jan 20 11:32 newcerts > drwx------ 2 root root 4096 Jan 20 11:32 private > > > > 2. Regarding your replication specific user not being able to connect to > the master. It may not work until SSL is fully working since you > specifically stated to require and SSL connection. So the symptom of th...

So I just upgraded from Dovecot 0.99 to the latest 1.0 RC2 because I was having all sorts of Authentication problems and crashes in 0.99. The upgrade did not solve the problem apparently. Dovecot still crashes periodically and always needs to be manually rebooted. The log file errors at the time of the crash: dovecot: Jul 12 14:30:59 Error: imap-login: Can't connect to auth server at