search for: privkey

...#39;s Encrypt ssl certificate for webRTC calls : [Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled [Jun 2 14:29:28] ERROR[27360][C-00000ae5]: res_rtp_asterisk.c:1441 ast_rtp_dtls_set_configuration: Specified certificate file '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance '0x7f920c538a78' could not be used [Jun 2 14:29:28] ERROR[27360][C-00000ae5]: chan_sip.c:5941 dialog_initialize_dtls_srtp: Attempted to set an invalid DTLS-SRTP configuration on RTP instance '0x7f920c538a78' (ws.mydomain.tld is of course masked) Any...

...domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem I got a warning of course when using my second domain, mydomain2.fr. If I do the config : local_name mail.mydomain.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydoma...

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

...isten directive: ??? listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { ? protocol imap { ???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ???? ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem ???? service imaps_login { ?????? inet_listener imaps { ???????? address=mail.example.com ?????? } ?????? inet_listener imap { ???????? address=mail.example.com ?????? } ???? } ? } } mail.example.com has IPv4 and IPv6 addresses in DNS When I run doveconf -n the local configuration is only ge...

hi all, i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain privkey & self-signed domain cert. to that end, my dovecot.conf includes: ssl_key_file = /var/Security/mail.testdomain.com.privkey.rsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem ssl_ca_file = /var/Security/MyCertificateAuthor...

...th passwords.? -------- Original message -------- From: Dan Kaminsky <dan at doxpara.com> Date: 05/23/2013 5:39 PM (GMT-08:00) To: "Dan Mahoney, System Admin" <danm at prime.gushi.org> Cc: openssh-unix-dev at mindrot.org Subject: Re: Utility to scan for unpassworded SSH privkeys? Effectively nobody passphrases their ssh keys.? They're used as a way to *suppress* password entry in the real world -- use this, and things just work rather than poking you each time. Sent from my iPhone On May 23, 2013, at 5:19 PM, "Dan Mahoney, System Admin" <danm at prim...

...ECDSA-AES128 > -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- > AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Thanks, it still says SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 Why does it even say ssl3 despite tlsv1_2 is set? Is there a way to see which cipher(s) a client is trying to us...

...ecot -n # 2.2.devel (87404ea): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (215349a) # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10 [...] ssl_cert = </etc/letsencrypt/live/v083.violet.fastwebserver.de/fullchain.pem [...] ssl_key = </etc/letsencrypt/live/v083.violet.fastwebserver.de/privkey.pem [...] local_name imap.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem ssl_key = </etc/letsencrypt/live/fahrerlager.langzeittest.de/privkey.pem } local_name mail.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeitt...

...ert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert = </etc/letsencrypt/live/fqn.myserver/fullchain.pem ssl_key = </etc/letsencrypt/live/fqn.myserver/privkey.pem is fullchain.pem and privkey.pem is what I should be using ? anythought how to force an iphone to reload cert ? actual cert was renewed 15/7, old/previous one expired earlier today ls /etc/letsencrypt/live/fqn.myserver/ cert.pem chain.pem fullchain.pem privkey.pem (if I open mailserver...

...Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key = </etc/letsencrypt/live/...../privkey.pem On 5/25/20 11:11 AM, Aki Tuomi wrote: > The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. > > If you are using LE cert you should configure > > ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem...

...x/private/auth postfix/main.cf: smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_starttls_timeout = 20s smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may 16 -rw------- 1 root 443 4152 May 20 21:08 fullchain-1558408117.pem 0 lrwx------ 1 root 443 24 May 20 21:08 fullchain.pem -> fullchain-1558408117.pem 8 -rw------- 1 root 443 3243 May 20 21:08 pr...

...S SL/DovecotConfiguration 1. We have created /etc/dovecot/dh.pem (yes it took five hours)? 2. We have edited 10-ssl.conf as directed by the Wiki: ssl = yes ssl_cert = /etc/certbot/live/privustech.com/fullchain.pem ssl_key = /etc/certbot/live/privustech.com/privkey.pem ssl_dh = /etc/dovecot/dh.pem #(yes, it took five hours to create...) ssl_min_protocol = TLSv1 ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_prefer_server_ciphers = no...

...file >> perms, tried with several new key gens, several versions of thunderbird >> and created completely new thunderbird profiles. >> >> Thank you, >> >> ssl_cert = </etc/letsencrypt/live/...../fullchain.pem >> ssl_key = </etc/letsencrypt/live/...../privkey.pem >> >> >> On 5/25/20 11:11 AM, Aki Tuomi wrote: >>> The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. >>> >>> If you are using LE cert you should configure >>> >&...

...gestions (details below) but unfortunately no joy. I also restored my backup 10-ssl.conf. It indeed has the "<" sign with a space before the explicit paths to the files: ? ? ssl_cert = </etc/certbot/live/privustech.com/fullchain.pem ? ? ssl_key = </etc/certbot/live/privustech.com/privkey.pem ?It returns several complaints after restarting dovecot which I addressed: ? ??https://wiki2.dovecot.org/Upgrading/2.3 ? ??https://github.com/dovecot/core/blob/master/doc/example-config/conf .d/10-ssl.conf ? Changed ssl_protocols?to?ssl_min_protocol = TLSv1 ? Added?ssl_dh = </etc/dovecot/dh....

...68.40.${i}:3306:localhost:1433 & i=$(( $i + 1 )) done The obvious problem here: We have some weird script bringing up 100 ssh clients with 100 connections. What if we could tell ssh to load a file and do it, where the file contained something like: # Set default authentication default auth=privkey:/home/sshfwd/.ssh/id_rsa user=sshfwd # listen (-L; listen-dynamic is -D) # nmap syntax for addresses (i.e. 192.168.1-20.35-123) # MySQL servers listen bind=10.10.10.20 listen-address=192.168.30.50-100 \ listen-port=3306 forward-address=localhost forward-port=3306 # MS SQL 2000 and 2005 servers li...

I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file.

...d, I see some other >iPhone >similar issues reported, do I have my conf correct, I have; > ># cat dovecot.conf | grep ssl >ssl = required >verbose_ssl = no > >ssl_cert = </etc/letsencrypt/live/fqn.myserver/fullchain.pem >ssl_key = </etc/letsencrypt/live/fqn.myserver/privkey.pem > >is fullchain.pem and privkey.pem is what I should be using ? > >anythought how to force an iphone to reload cert ? > >actual cert was renewed 15/7, old/previous one expired earlier today > >ls /etc/letsencrypt/live/fqn.myserver/ >cert.pem chain.pem fullchain.pem...

...rypt certificates. > ? On the 10-ssl.conf, when I only use one domain, like this, it works > : > > ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem > ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem > ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem > > I got a warning of course when using my second domain, mydomain2.fr. > > If I do the config : > > local_name mail.mydomain.fr { > ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem > ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem > ss...

We are using OpenSSH (portable) version 3.0.1p1 on Linux 2.2.14-10 with RedHat's distribution of PAM 0.72-20.6.x for rsync'ing RRDTool data between two machines (among other things). When running 'rsync -essh -avz', everything works fine but the system log on the sshd side shows: PAM_pwdb[8021]: authentication failure; (uid=0) -> rrd for sshd service sshd[8021]: Accepted

...emote: Accepted by .rhosts. debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root server_user root debug1: authentications that can continue: publickey,password,hostbased debug1: userauth_hostbased: no more client hostkeys debug1: next auth method to try is publickey debug1: try privkey: /root/.ssh/identity debug1: try privkey: /root/.ssh/id_rsa debug1: try privkey: /root/.ssh/id_dsa debug1: next auth method to try is password root at m2's password: What did I miss? -- Kevin DeGraaf