search for: revoked

Displaying 20 results from an estimated 580 matches for "revoked".

2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
...t;> ??????????????? permit-agent-forwarding >> ??????????????? permit-port-forwarding >> ??????????????? permit-pty >> ??????????????? permit-user-rc >> >> >> Now i try to revoke this certificate with >> >> ssh-keygen -s ../user_ca.pub -kf /etc/ssh/revoked_keys -z 17 >> id_user_rsa-cert.pub >> >> The serial is 1 less the serial of my created certificate >> >> Check, if my certificate is valid >> >> root at host # ssh-keygen -Qf /etc/ssh/revoked_keys id_user_rsa-cert.pub >> id_user_rsa-cert.pub (test on...
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh-keygen Assignee: unassign...
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
...l Options: (none) ??????? Extensions: ??????????????? permit-X11-forwarding ??????????????? permit-agent-forwarding ??????????????? permit-port-forwarding ??????????????? permit-pty ??????????????? permit-user-rc Now i try to revoke this certificate with ssh-keygen -s ../user_ca.pub -kf /etc/ssh/revoked_keys -z 17 id_user_rsa-cert.pub The serial is 1 less the serial of my created certificate Check, if my certificate is valid root at host # ssh-keygen -Qf /etc/ssh/revoked_keys id_user_rsa-cert.pub id_user_rsa-cert.pub (test on myhost - created by ansible (1564358942)): REVOKED Why? I thougt, wh...
2013 Dec 02
1
imap-login hangs after receiving revoked SSL certificate
...tc/ssl/dovecot/dovecot.pem ssl_key = </etc/ssl/dovecot/dovecot.pem ssl_ca = </etc/ssl/ca/ca.pem ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes protocol !smtp { auth_ssl_require_client_cert = yes } ----------------- All works fine with valid certificates. But if I submit revoked certificate, dovecot doesn't send error or success messages to mail client, process 'imap-login' eats 100% CPU and completely hangs. Only SIGKILL can terminate it. When dovecot receives revoked certificate, following messages appears in the log: ------------------ Dec 2 13:50:26 mail...
2010 Apr 21
3
revoked host can't be re-added?
...puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up - good) On client re-issue puppetd --server puppet --waitforcert 30 --test Error is : err: Could not retrieve catalog: Certificates were not trusted: sslv3 alert certificate revoked So how do I get rid of it? I can''t find a cert anywhere with either a valid cert or revoked.. Did I do this wrong? How do you remove and re- add a host? thanks ~J~ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to th...
2011 Feb 22
4
When running puppetd the cert goes straight up to revoked?
...s SSL session warning: peer certificate won''t be verified in this SSL session info: Caching certificate for server182.domain.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate'': sslv3 alert certificate revoked err: /File[/var/lib/puppet/lib]: Could not evaluate: sslv3 alert certificate revoked Could not retrieve file metadata for puppet://puppet/plugins: sslv3 alert certificate revoked info: Creating state file /var/lib/puppet/state/state.yaml err: Could not retrieve catalog from remote server: sslv3 ale...
2006 Oct 02
0
Kinit failed: Clients credentials have been revoked
...al way kinit de7b07k0@ORG1.MYDOMAIN.NET and net ads join -U de7b07k0@ORG1.MYDOMAIN.NET wbinfo -m lists the trusted domains. So far so good. Unfortunately every few minutes I get error messages in the logfile: Oct 2 19:52:53 (none) winbindd[31193]: Kinit failed: Clients credentials have been revoked Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Oct 2 19:56:34 (none) winbindd[31193]: Kinit failed: Clients credentials have been revoked Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02 19:56:34, 0] libads/kerberos.c:ads_...
2011 May 04
2
Puppetmaster revokes just signed certificates
Hi, I have this problem: when I make a new request and sign the client''s certificate, then i get a "revoked certificate" error: err: Could not retrieve catalog from remote server: sslv3 alert certificate revoked I am using same version of puppet on master and clients, tried many times, dates are the same, and cleaned the "ssl" directory. Can someone help me? Thanks, Matteo -- You rec...
2010 May 31
0
Could not call revoke: Cannot convert into OpenSSL::BN
Hello, When I try to revoke certificates from my puppet installation, I get the following error : /etc/puppet/ssl# puppetca --revoke all all notice: Revoked certificate with serial # Inventory of signed certificates err: Could not call revoke: Cannot convert into OpenSSL::BN And nothing gets deleted. I didn''t find any information about this error, and couldn''t correct it. I''m using a gem installed puppet, version 0.25.5, wi...
2013 Oct 04
2
Issue retrieving new certificate on host after original certificate was revoked
Folks -- I am attempting to retrieve a new certificate on a Puppet client whose certificate was revoked on the Puppet master. The original certificate was revoked using the command: # puppet cert --revoke el5-puptest-2.localdomain I have deleted the /var/lib/puppet/ssl directory on the client, and issued the following command: # puppet agent --test --waitforcert=20 This produces the following...
2018 Apr 17
2
spamc scripts in IMAPSieve docs.
On 17.04.18 12:38, Aki Tuomi wrote: > > > > On 17.04.2018 12:36, Reio Remma wrote: >> Hello! >> >> I noticed SpamAssassin *spamc* usage has entered the documentation at >> https://wiki2.dovecot.org/HowTo/AntispamWithSieve >> >> I'm wondering if the -C (report) option in sa-learn-ham.sh should >> use revoke instead of report for --ham
2020 Aug 28
2
[Bug 3204] New: Enable user-relative revoked keys files
https://bugzilla.mindrot.org/show_bug.cgi?id=3204 Bug ID: 3204 Summary: Enable user-relative revoked keys files Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: ma...
2018 Sep 06
4
Some wishes regarding revoked keys
...et's suppose it is unique), or key hash SHA256:KdBh..., and no other kind of hash is known. The SHA256 hash is useless, because (at least according to the documentation) "ssh-keygen -k" only accepts SHA1 hashes. So let's try the ID. echo 'id: user' | ssh-keygen -k -f revoked_keys -s ca /dev/stdin OK, after transferring the result to the server and setting the RevokedKeys option in sshd_config, it works. But, as an admin, I would also like to revoke the key itself (not only the certificate) where I can. And I don't have any information to do so - is it because m...
2001 Aug 14
1
[BUG] linux-2.4.7-ac7 Assertion failure in journal_revoke() at revoke.c:307
Greetings all, I have hit a kernel BUG in revoke.c in kernel 2.4.7-ac7 twice today while attempting to perform the same operation (patching stock 2.4.8 kernel src with "patch -p1 < patch-2.4.8-ac4"). Syslog entries follow. Please email me if you want/need my kernel config or any other information. Thanks, jtp
2018 May 25
3
Suggestion: Deprecate SSH certificates and move to X.509 certificates
How can I revoke one SSH certificate without having to replace the root certificate and all certificates signed by it? Regarding the second statement, do you have sources? On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: > >> SSH certificates provide no >> way to
2012 Dec 28
1
err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
...s again. [root@ip-10-196-90-236 ~]# puppet agent -t info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] Could not retrieve file metadata for...
2013 Jun 06
2
Trouble getting puppet config from client to master (Certificate verify failed).
...t agent --test* Info: Caching certificate for r3.pb Info: Caching certificate_revocation_list for ca Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ''eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=mas...
2013 Apr 11
3
Understanding how Puppet SSL works !
I revoked the certificate of one of the clients by issuing the following command on puppetmaster : puppet cert clean <hostname> Then tried to access the catalog from <hostname> via : puppet agent --server=puppet .... and I can still access the catalogs from the master without any erro...
2016 Jul 20
0
[Bug 2600] New: Use Linux capabilities to revoke additional permissions from chrooted users
https://bugzilla.mindrot.org/show_bug.cgi?id=2600 Bug ID: 2600 Summary: Use Linux capabilities to revoke additional permissions from chrooted users Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement
2012 May 07
0
I get a kinit: Client credentials have been revoked while getting initial credentials
I get a kinit: Client credentials have been revoked while getting initial credentials when I try to use kinit on the samba4 latest git