search for: revok

...h-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is 1:7.4p1-10+deb9u7. Maybe, this openssh-version does not support revoking a certificate by it's serialnumber. This leads me to the next question... The serial-number of a certificate is uniq over all certificates, or is it allowed, to increment serial-numbers for each certificate separate? How is the design? thank you jakob Am 16.09.19 um 04:18 schrieb Damien...

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh-keygen Assignee: unassi...

...-07-28T02:09:43 ??????? Principals: ??????????????? test ??????? Critical Options: (none) ??????? Extensions: ??????????????? permit-X11-forwarding ??????????????? permit-agent-forwarding ??????????????? permit-port-forwarding ??????????????? permit-pty ??????????????? permit-user-rc Now i try to revoke this certificate with ssh-keygen -s ../user_ca.pub -kf /etc/ssh/revoked_keys -z 17 id_user_rsa-cert.pub The serial is 1 less the serial of my created certificate Check, if my certificate is valid root at host # ssh-keygen -Qf /etc/ssh/revoked_keys id_user_rsa-cert.pub id_user_rsa-cert.pub (tes...

...tc/ssl/dovecot/dovecot.pem ssl_key = </etc/ssl/dovecot/dovecot.pem ssl_ca = </etc/ssl/ca/ca.pem ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes protocol !smtp { auth_ssl_require_client_cert = yes } ----------------- All works fine with valid certificates. But if I submit revoked certificate, dovecot doesn't send error or success messages to mail client, process 'imap-login' eats 100% CPU and completely hangs. Only SIGKILL can terminate it. When dovecot receives revoked certificate, following messages appears in the log: ------------------ Dec 2 13:50:26 mai...

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up - good) On client re-issue puppetd --server puppet --waitforcert 30 --test Error is : err: Could not retrieve catalog: Certificates were not trusted: sslv3 alert certificate revoked So how do...

...s SSL session warning: peer certificate won''t be verified in this SSL session info: Caching certificate for server182.domain.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': sslv3 alert certificate revoked err: /File[/var/lib/puppet/lib]: Could not evaluate: sslv3 alert certificate revoked Could not retrieve file metadata for puppet://puppet/plugins: sslv3 alert certificate revoked info: Creating state file /var/lib/puppet/state/state.yaml err: Could not retrieve catalog from remote server: sslv3 a...

...al way kinit de7b07k0@ORG1.MYDOMAIN.NET and net ads join -U de7b07k0@ORG1.MYDOMAIN.NET wbinfo -m lists the trusted domains. So far so good. Unfortunately every few minutes I get error messages in the logfile: Oct 2 19:52:53 (none) winbindd[31193]: Kinit failed: Clients credentials have been revoked Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Oct 2 19:56:34 (none) winbindd[31193]: Kinit failed: Clients credentials have been revoked Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] libads/kerberos.c:ad...

Hi, I have this problem: when I make a new request and sign the client''s certificate, then i get a "revoked certificate" error: err: Could not retrieve catalog from remote server: sslv3 alert certificate revoked I am using same version of puppet on master and clients, tried many times, dates are the same, and cleaned the "ssl" directory. Can someone help me? Thanks, Matteo -- You r...

Hello, When I try to revoke certificates from my puppet installation, I get the following error : /etc/puppet/ssl# puppetca --revoke all all notice: Revoked certificate with serial # Inventory of signed certificates err: Could not call revoke: Cannot convert into OpenSSL::BN And nothing gets deleted. I didn''t find...

Folks -- I am attempting to retrieve a new certificate on a Puppet client whose certificate was revoked on the Puppet master. The original certificate was revoked using the command: # puppet cert --revoke el5-puptest-2.localdomain I have deleted the /var/lib/puppet/ssl directory on the client, and issued the following command: # puppet agent --test --waitforcert=20 This produces the followi...

...04.2018 12:36, Reio Remma wrote: >> Hello! >> >> I noticed SpamAssassin *spamc* usage has entered the documentation at >> https://wiki2.dovecot.org/HowTo/AntispamWithSieve >> >> I'm wondering if the -C (report) option in sa-learn-ham.sh should >> use revoke instead of report for --ham messages? >> >> I started using imapsieve with spamc myself just a few weeks ago, but >> I haven't used the reporting ability yet. >> >> Reio >> > > Hi! > > As the warning says, the scripts are untested. If you are ab...

https://bugzilla.mindrot.org/show_bug.cgi?id=3204 Bug ID: 3204 Summary: Enable user-relative revoked keys files Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter:...

...com -i user remote-host Up to this point, everything works fine. 7. The user's laptop is stolen, the passphrase guessed, and now the thief is the only person who has access to the user's private key, public key and the certificate. The thief logs into the server. Now the admin needs to revoke the certificate (and ideally the certified key itself, just in case), based on the available information in the logs. In the log, with the default verbosity level, there are lines like this: Sep? 6 16:11:07 test-5-9v sshd[13415]: Accepted publickey for user from 2001:470:<remaining-octets-h...

Greetings all, I have hit a kernel BUG in revoke.c in kernel 2.4.7-ac7 twice today while attempting to perform the same operation (patching stock 2.4.8 kernel src with "patch -p1 < patch-2.4.8-ac4"). Syslog entries follow. Please email me if you want/need my kernel config or any other information. Thanks, jtp

How can I revoke one SSH certificate without having to replace the root certificate and all certificates signed by it? Regarding the second statement, do you have sources? On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1...

...s again. [root@ip-10-196-90-236 ~]# puppet agent -t info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] Could not retrieve file metadata fo...

...t agent --test* Info: Caching certificate for r3.pb Info: Caching certificate_revocation_list for ca Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=m...

I revoked the certificate of one of the clients by issuing the following command on puppetmaster : puppet cert clean <hostname> Then tried to access the catalog from <hostname> via : puppet agent --server=puppet .... and I can still access the catalogs from the master without any er...

https://bugzilla.mindrot.org/show_bug.cgi?id=2600 Bug ID: 2600 Summary: Use Linux capabilities to revoke additional permissions from chrooted users Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Compon...

I get a kinit: Client credentials have been revoked while getting initial credentials when I try to use kinit on the samba4 latest git