search for: pkcs12

...0.bpo.2-amd64 x86_64 Debian 9.8 xfs ?/? The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> ? --------------...

All, I''m stumped. I need to connect to an XML/SOAP feed... that''s normally not an issue. But this one has a hoop that threw me for a loop. Some corporate security geek implented it such that a client certificate (pkcs12) is required to validate my identity before their system will talk to me. The remote system is, of course, running J2EE w/ EJB inside their firewall. But for external parties, they require the certificate on top of the SSL connection. I know how to do it on .Net/IIS (basically we have to create...

....8 xfs > ?/? > > The error message in the log prior to the workaround was : "dovecot: > imap-login: Error: Failed to initialize SSL server context: Couldn't > parse private SSL key: error:06065064:digital envelope > routines:EVP_DecryptFinal_ex:bad decrypt,?error:23077074:PKCS12 > routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, > error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe > crypt error, error:0907B00D:PEM?routines:PEM_read_bio_PrivateKey:ASN1 > lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, > session=<thtmP6iCc9jAqAD+&...

...managed to get NSS support to work with libnss3? How does one specify the dbm: or sql: format? Roger ___________________________________________________________________ PS, for the brave, here is how I import private key and certificate: Import private key: root at gold /etc/nut # openssl pkcs12 -export -inkey ./keys/gold.key \ -in ./keys/gold.crt -out ./keys/gold.p12 -name gold Enter Export Password: sekret Verifying - Enter Export Password: sekret root at gold /etc/nut # pk12util -i ./keys/gold.p12 -d dbm:NSS_db Enter password for PKCS12 file: sekret...

...hen it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c ''umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias puppet-master.xyz.com'' returned 1 instead of one of [0] at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: 138 Source: /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns File: /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp...

...Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1.gz crl2pkcs7.1.gz dgst.1.gz dhparam.1.gz dsa.1.gz dsaparam.1.gz enc.1.gz gendsa.1.gz genrsa...

...ce Name (full name) [Some-State]:Athens # Locality Name (eg, city) []:Aigaleo # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Ebalaskas.Gr # Organizational Unit Name (eg, section) []:Mail Apps # Common Name (eg, YOUR name) []:myhome # Email Address []:ebalaskas at ebalaskas.gr openssl pkcs12 -export -in dovecot.crt -inkey dovecot.key \ -name "dovecot Certificate Client" -out dovecot.p12 openssl ca -gencrl -keyfile dovecot.key -cert dovecot.crt -out dovecot.crl -selfsign I've imported the dovecot.p12 to thunderbird certificates and dovecot.crt to thunderbird authorities...

...hby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: > So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eero > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > >> Sorry but I have looked for over two days. Trying every command I could >> find. >&g...

...lnet.1.gz telnet.1.cat.gz ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1.gz crl2pkcs7.1.gz dgst.1.gz dhparam.1.gz dsa.1.gz dsaparam.1.gz enc.1.gz gendsa.1.gz genrsa...

...0.128.0/22 >> rightsubnet=192.168.1.222/32 >> >> conn site2 >> also=tunnel >> >> >> >> >> >> >> >> >> On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > So you are using pkcs12 on centos: >> > >> > https://www.sslshopper.com/article-most-common-openssl-commands.html >> > -- >> > Eero >> > >> > 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: >> > >> >> Sorry but I have look...

I''m using activerecord outside of rails and find_first generates sql that postgresql doesnt'' like. This is rails 1.1.4, with everything up to date via "gem update". This is the command line: ruby -rrubygems seca -c ../etc/seca.cnf cert --export 1 --format pkcs12 --key root.key >root.pfx This is the error: (PGError: ERROR: argument of WHERE must be type boolean, not type integer : SELECT * FROM certificates WHERE (1) LIMIT 1) This is the code that generates the error: bc = SECA::Backend::Certificate.find_first(options[:certificate_id]) If I change...

So you are using pkcs12 on centos: https://www.sslshopper.com/article-most-common-openssl-commands.html -- Eero 2016-04-01 17:44 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > Sorry but I have looked for over two days. Trying every command I could > find. > > There is obviously a misunderstandin...

...from the working config file. This is even after compiling dovecot with openssl 0.9.8l on centos 4.8 If I copy the same "client_ca.crt" from centos 4.8 to centos 5.4 then centos 5.4 does not problem in verifying client cert. That file contain CRL as well as certificate which signs the pkcs12 file installed on the client. The following log entries do not appear on centos 5.4 ------------------ Feb 27 21:17:33 localhost dovecot: pop3-login: Invalid certificate: unable to get certificate CRL: /C=US/ST=New York/L=Astoria/O=SnakeOil Inc./OU=Email Administration/CN=web at example.com Feb 27...

...ke to use Client certificate verification/authentication. My MTA used this function. I've a problem to make a valid certificate. For my MTA i used : openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user at hotsname" user.p12 match in my MTA Not in Dovecot... In my log, i've simply : dovecot: auth(default): Client didn't present valid SSL certificate Also, in the documentation The username is taken fro...

...s crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp...

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

...RASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto -L/space/local/lib s_server.o: In function `sv_body': s_server.o(.text+0x10a4): undefined reference to `shutdown' s_server.o(.text+0x142c): undefined reference to `shutdown' s_server.o: In function `close_acc...

...cement Part ================ Outside of the above fix it would be wonderful if ssh-keygen could just import an entire x509 and spit out a complete openssh public & private key. Right now I do this with a script something like the following (i omitted the steps on cert validation etc) openssl pkcs12 -in cavanaug.p12 -clcerts -out id_rsa openssl x509 -in id_rsa -pubkey -noout > x pubkey2ssh x comment > id_rsa.pub Id love to just be able to do something directly with ssh-keygen -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail...

...inux-gnueabi/usr/include/openssl/opensslv.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/ossl_typ.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/pem2.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/pem.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/pkcs12.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/pkcs7.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/pq_compat.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/rand.h /usr/armv5tel-softfloat-linux-gnueabi/usr/include/openssl/rsa.h /usr/armv5tel-softfloat-linux-gn...

...;, where Certificate Name is CA Certificate) - Generate the Directory Server Client Certificate certutil -S -n "server-cert" -s "cn=FQDN,cn=Directory Server" -c "CA Certificate" -t "u,u,u" -m 1001 -v 9999 -d . -z noise.txt -f pin.txt - Convert to pkcs12 format (note these files will be used within the AD system, and the prompted password for the commands below will need to match password in pin.txt file) pk12util -d . -o cacert.pk12 -n "CA Certificate" pk12util -d . -o dscert.pk12 -n "server-cert" ####################...