search for: nssdb

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: > rpm -Vv nss [root at stan2 ~]# rpm -Vv nss ......... /etc/pki/nss-legacy ......... c /etc/pki/nss-legacy/nss-rhel7.config ......... /etc/pki/nssdb ......... c /etc/pki/nssdb/cert8.db ......... c /etc/pki/nssdb/cert9.db ......... c /etc/pki/nssdb/key3.db ......... c /etc/pki/nssdb/key4.db ......... c /etc/pki/nssdb/pkcs11.txt ......... c /etc/pki/nssdb/secmod.db ......... /usr/lib64/libnss3.so ......... g /usr/lib64/libnssckbi.so ......

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c /etc/pki/nssdb/key3.db > ......... c /etc/pki/nssdb/key4.db > ......... c /etc/pki/nssdb/pkcs11.txt > ......... c /etc/pki/nssdb/secmod.db > ......... /usr/lib64/libnss3.so > ....

...nd it works. > > > > Clues for the poor? > > > I just tried ssh -I libcoolkeypk11.so <servername> and in messages, it > reports "ssh-pkcs11-helper: errror:no slots" before failing to let me log > on. > > mark > Assuming 1) that /etc/pki/nssdb/ has been populated with all the appropriate and current gov certificate authorities (CA). certutil -L -d /etc/pki/nssdb/ #list the CAs 2) that you are using the RH/CentOS stock openssh*rpm files. 3) that you have not also gotten a newer card in the same time period, which happens to use a CA that...

Folks, I am perplexed. I updated my workstation at work Wed before I left, from 6.7 to 6.8. Then, yesterday, I went to use ssh-add -s libcoolkeypk11.so, which I've done many times before to add the certs from my PIV card... and 100% of the time if fails, letting me SSH_AGENT_FAILURE, cannot add card. Now, using a script called sccr, which uses my public and private key to generate a

...default_realm = CUSTOMER.TLD default_ccache_name = KEYRING:persistent:%{uid} [realms] CUSTOMER.TLD = { kdc = ad.customer.tld admin_server = ad.customer.tld default_domain = customer.tld pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem pkinit_cert_match = <KU>digitalSignature pkinit_kdc_hostname = ad.customer.tld } CORPORATE.TLD = { kdc = ad.corporate.tld admin_server = ad.corporate.tld default_domain = corpo...

...c/profile: Cannot write: No space left on device tar: ./etc/protocols: Cannot write: No space left on device tar: ./etc/securetty: Cannot write: No space left on device tar: ./etc/services: Cannot write: No space left on device tar: ./etc/shells: Cannot write: No space left on device tar: ./etc/pki/nssdb/cert8.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/cert9.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/key3.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/key4.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/pkcs11.txt: Cannot write:...

...c/profile: Cannot write: No space left on device tar: ./etc/protocols: Cannot write: No space left on device tar: ./etc/securetty: Cannot write: No space left on device tar: ./etc/services: Cannot write: No space left on device tar: ./etc/shells: Cannot write: No space left on device tar: ./etc/pki/nssdb/cert8.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/cert9.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/key3.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/key4.db: Cannot write: No space left on device tar: ./etc/pki/nssdb/pkcs11.txt: Cannot write:...

> > > However, I do see that Sieve was accessing the user home directory > > > because for some reason now it just created a ".pki" directory > > > therein, which inside of it has an empty "nssdb" directory. That > > > never happened before...? Not a big problem, but I'd prefer not > > > to have that there. > > > > Sieve doesn't do that. I don't think Dovecot does that either, but I am > > not sure. > > Odd. Some lib Sieve uses? Th...

...new gpg key inside the /etc/pki/rpm-gpg directory HOW TO MANUALLY ADD CA/ROOT CERT IN CENTOS ? (as I need to add OTHER self-signed root cert in CentOS pki database, for all apps to use). so that wget, rpm or other apps can use them without warning. if a self-signed CA/root cert is added in /etc/nssdb/cert8.db then would it allow apps which use nssdb, to use the new root cert automatically ? how to manually add new root cert inside cert8.db or cert9.db ? is it using sqlite ? and, if a self-signed CA/root cert is added inside /etc/pki/tls/certs/ca-bundle.trust.crt or in /etc/pki/tls/certs/ca-bun...

...personal scripts (but not > global ones). No .svbin gets generated, no errors, just nothing. > However, I do see that Sieve was accessing the user home directory > because for some reason now it just created a ".pki" directory > therein, which inside of it has an empty "nssdb" directory. That > never happened before...? Not a big problem, but I'd prefer not > to have that there. Sieve doesn't do that. I don't think Dovecot does that either, but I am not sure. > Re: mail_debug, this relates to another post I made that didn't get any >...

....1-14.el6 @base nss-util.i686 3.16.1-3.el6 @base nss-util.x86_64 3.16.1-3.el6 @base nss-util-devel.x86_64 3.16.1-3.el6 @base [root at inet3 ~]# modutil -list -dbdir /etc/pki/nssdb Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Service...

On 3/10/2015 8:11 PM, E.B. wrote: >> Last time I had a few stupid problems in the releases, so >> I'll follow >> Timo's example and I release an RC first. >> >> The highlights include the implementation of the index and >> metadata >> extensions. Quite a few bugs are fixed as well. > When I compiled and installed this, Sieve scripts were being

...: certificate is not valid for any names, but wanted to match repo.local ? > curl -v https://repo.local:5000/v1/users/ * About to connect() to repo.local port 5000 (#0) * Trying 1xx.xx.x.xx... * Connected to repo.local (1xx.xx.x.xx) port 5000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=repo.local,OU=OU,O=Enterprise,L=City,ST=Country,C=DE * start date: Okt 09 14:31:40 2017 GMT * expire date: Aug 18 14:31:40 2...

...45 opening local file "/var/cache/yum/x86_64/7/epel/metalink.xml.tmp" with mode wb * About to connect() to mirrors.fedoraproject.org port 443 (#29) * Trying 8.43.85.67... * Connected to mirrors.fedoraproject.org (8.43.85.67) port 443 (#29) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Feb 01 00:00:00 2017 GMT * expire date: May 01 12:00:00 2020 GMT * common name: *.fedoraproject.org * issuer: CN=D...

...tion failed: security library: bad database. If I ran the command without the sql: like this # certutil -N -d sql:/etc/ipsec.d it would create the database files. I would then execute # modutil -fips true -dbdir /etc/ipsec.d followed by # /usr/sbin/ipsec newhostkey --configdir /etc/ipsec.d/nssdb --password password1 --output /etc/ipsec.d/host.secrets After replacing the hostkey in the file I tried to bring the connection up but the connection would not start and the following error message was in the log file. unable to locate my private key for RSA Signature sending notification...

...zer.ks b/recipe/common-minimizer.ks index 0b33be7..4151f49 100644 --- a/recipe/common-minimizer.ks +++ b/recipe/common-minimizer.ks @@ -296,6 +296,7 @@ keep /lib/firmware/aic94xx-seq.fw drop /lib/kbd/consolefonts drop /etc/pki/tls +keep /etc/pki/tls/openssl.cnf drop /etc/pki/java drop /etc/pki/nssdb drop /etc/pki/rpm-gpg -- 1.7.4.4

...but not > > global ones). No .svbin gets generated, no errors, just nothing. > > However, I do see that Sieve was accessing the user home directory > > because for some reason now it just created a ".pki" directory > > therein, which inside of it has an empty "nssdb" directory. That > > never happened before...? Not a big problem, but I'd prefer not > > to have that there. > > Sieve doesn't do that. I don't think Dovecot does that either, but I am > not sure. Odd. Some lib Sieve uses? These directories do not appear in us...

...t will throw an error like this: [chip at machine ~]$ curl -v https://example.com:8001/mountpoint About to connect() to example.com port 8001 (#0) Trying 192.168.1.50… connected Connected to example.com (192.168.1.50) port 8001 (#0) Initializing NSS with certpath: sql:/etc/pki/nssdb CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Peer’s certificate issuer is not recognized: ‘CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US’ NSS error -8179 Closing connection #0 Peer certificate cannot be authenticated with known CA certificates curl: (6...

...0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0 * About to connect() to www.kraxel.org port 443 (#0) * Trying 217.197.83.6... * Connected to www.kraxel.org (217.197.83.6) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Error in TLS handshake, trying SSLv3... > GET /repos/jenkins/repodata/repomd.xml HTTP/1.1 > User-Agent: cu...