search for: privkeys

Hello I get the following error when using our Let's Encrypt ssl certificate for webRTC calls : [Jun 2 14:29:28] == DTLS ECDH initialized (secp256r1), faster PFS enabled [Jun 2 14:29:28] ERROR[27360][C-00000ae5]: res_rtp_asterisk.c:1441 ast_rtp_dtls_set_configuration: Specified certificate file '/etc/letsencrypt/live/ws.mydomain.tld/privkey.pem' for RTP instance

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key =

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

I have a mail server with multiple IP addresses and associated DNS names In the dovecot configuration I have a listen directive: ??? listen = mail.example.com.com,mail.otherexample.com,localhost Multiple local stanzas are of the form: local mail.example.com { ? protocol imap { ???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ???? ssl_key =

hi all, i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain privkey & self-signed domain cert. to that end, my dovecot.conf includes: ssl_key_file = /var/Security/mail.testdomain.com.privkey.rsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem ssl_ca_file =

...th passwords.? -------- Original message -------- From: Dan Kaminsky <dan at doxpara.com> Date: 05/23/2013 5:39 PM (GMT-08:00) To: "Dan Mahoney, System Admin" <danm at prime.gushi.org> Cc: openssh-unix-dev at mindrot.org Subject: Re: Utility to scan for unpassworded SSH privkeys? Effectively nobody passphrases their ssh keys.? They're used as a way to *suppress* password entry in the real world -- use this, and things just work rather than poking you each time. Sent from my iPhone On May 23, 2013, at 5:19 PM, "Dan Mahoney, System Admin" <danm at prime...

On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote: > On 1/21/2020 9:18 PM, hw wrote: > > [transport-tls] > > type = transport > > protocol = tls > > bind = 0.0.0.0:5061 > > tos = cs5 > > cert_file = /etc/asterisk/cert/asterisk.pem > > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > > method = sslv23 > > This is what mine

Hi, I'm using the Dovecot Prebuilt Binary: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration). Since my last update I get some warnings: doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an

I've installed LE certs on my Dovecot a while back, and, it has been working OK since, but, today, an iPhone user said he can't get emails as iphone says 'cert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert =

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

Getting this: auth-worker(5045): Error: pam(kremels,xxx.xxx.xxx.xxx: pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) # cat /etc/pam.d/dovcot auth required pam_unix.so nullok account required pam_unix.so (file was last updated in April of 2018) passdb { username_filter = "!*@*" driver = pam } userdb { driver = passwd } service auth {

Problem: We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we upgraded openSUSE to Leap 15.0. In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer works and I haven't figured out how to downgrade to the older working version. The key issue seems to be the change to requiring dh.pem and changing s sl_protocols to ssl_min_protocols.?I think I've navigated

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

Aki hello, thank you. Hopefully excerpts and top posting are acceptable in the mailing list?? On that assumption: Thanks for the input. I've checked out your suggestions (details below) but unfortunately no joy. I also restored my backup 10-ssl.conf. It indeed has the "<" sign with a space before the explicit paths to the files: ? ? ssl_cert =

I've got an idea for using OpenSSH to establish a sort of internal secure network, where everything going back and forth between certain services (i.e. MySQL, how horrid) is encrypted even if the application/server doesn't support launching the service over SSL. This has some issues; so I'm probing for ideas on a new feature that would resolve them and make this easier. Let's

I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months. However - Icecase says. ssl-certificate If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file.

Do you have restarted Dovecot to reload the renewed certificate? Am 22. Juli 2018, 15:04, um 15:04, Voytek Eymont <voytek at sbt.net.au> schrieb: >I've installed LE certs on my Dovecot a while back, and, it has been >working OK since, but, today, an iPhone user said he can't get emails >as >iphone says 'cert is expired', searching around, I see some other

FYI? dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI.?As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of?the default cert,? --Perhaps dovecot just utilises the last used cert? One speciality?of my certs is, that both share the same Common Name (CN) but differ

We are using OpenSSH (portable) version 3.0.1p1 on Linux 2.2.14-10 with RedHat's distribution of PAM 0.72-20.6.x for rsync'ing RRDTool data between two machines (among other things). When running 'rsync -essh -avz', everything works fine but the system log on the sshd side shows: PAM_pwdb[8021]: authentication failure; (uid=0) -> rrd for sshd service sshd[8021]: Accepted

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]