Displaying 20 results from an estimated 589 matches for "revoking".
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
...h-keygen --help gives me
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ...
so... option -z is not the serial of the certificate, it is the
version-number of the KRL-File...
My openssh-Verision from Debian is 1:7.4p1-10+deb9u7. Maybe, this
openssh-version does not support revoking a certificate by it's
serialnumber. This leads me to the next question... The serial-number of
a certificate is uniq over all certificates, or is it allowed, to
increment serial-numbers for each certificate separate? How is the design?
thank you
jakob
Am 16.09.19 um 04:18 schrieb Damien Mil...
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
...signed-bugs at mindrot.org
Reporter: webmaster at mmf-research.de
1. Create a blank binary revocation list:
ssh-keygen -Qlf my.krl
# KRL version 0
# Generated at 20240122T162948
2. Revoke a key, and a certificate:
ssh-keygen -kuf my.krl user1_id25519.pub user2_id25519-cert.pub
Revoking from user1_id25519.pub
Revoking from user2_id25519-cert.pub
3. Check the successful revocation:
ssh-keygen -Qf my.krl user1_id25519.pub user2_id25519-cert.pub
> user1_id25519.pub (USER1 ID): REVOKED
> user2_id25519-cert.pub (USER2 ID): REVOKED
4. Displaying the updated content of th...
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there!
What am I doing wrong?
I created a ssh-certificate
id_user_rsa-cert.pub with this dump:
id_user_rsa-cert.pub:
root at host # ssh-keygen -Lf id_user_rsa-cert.pub
??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate
??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk
??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs
??????? Key ID:
2013 Dec 02
1
imap-login hangs after receiving revoked SSL certificate
Good time of the day!
My English is not very good, excuse me if I said something wrong.
I use dovecot-2.1.16 on Gentoo Linux amd64.
I need to setup dovecot (imap and pop3) for SSL and non-SSL connection
simultaneously. For SSL connections client must submit a valid SSL
certificate. Now SSL part of dovecot.conf looks like this:
-----------------
ssl = yes
ssl_cert =
2010 Apr 21
3
revoked host can't be re-added?
I have a problem I can''t figure out. I was having cert problems with a
host - it seemed to have multiple host names (mot likely from dns
changes in the past) and all the certs were valid. Although it was
giving an error about a cert I could not identify. So I tried:
puppetca --revoke hostname
puppetca --clean hostname
restart puppetmaster
puppetca --list --all
(host does not show up -
2011 Feb 22
4
When running puppetd the cert goes straight up to revoked?
This is the first time is happening... and It happens consecutively
with all the hosts.
Fresh kickstarted host (never set up before the name so its not on the
revocation list), I just run puppetd -tv (we have autosign on), I just
get the output below:
[root@server182 puppet]# puppetd -tv
info: Creating a new SSL key for server182.domain.com
warning: peer certificate won''t be verified in
2006 Oct 02
0
Kinit failed: Clients credentials have been revoked
I have joined an AD domain the usual way
kinit de7b07k0@ORG1.MYDOMAIN.NET
and
net ads join -U de7b07k0@ORG1.MYDOMAIN.NET
wbinfo -m lists the trusted domains. So far so good.
Unfortunately every few minutes I get error messages in the logfile:
Oct 2 19:52:53 (none) winbindd[31193]: Kinit failed: Clients
credentials have been revoked
Oct 2 19:56:34 (none) winbindd[31193]: [2006/10/02
2011 May 04
2
Puppetmaster revokes just signed certificates
Hi,
I have this problem: when I make a new request and sign the client''s
certificate, then i get a "revoked certificate" error:
err: Could not retrieve catalog from remote server: sslv3 alert certificate
revoked
I am using same version of puppet on master and clients, tried many times,
dates are the same, and cleaned the "ssl" directory.
Can someone help me?
2010 May 31
0
Could not call revoke: Cannot convert into OpenSSL::BN
Hello,
When I try to revoke certificates from my puppet installation, I get
the following error :
/etc/puppet/ssl# puppetca --revoke all
all
notice: Revoked certificate with serial # Inventory of signed
certificates
err: Could not call revoke: Cannot convert into OpenSSL::BN
And nothing gets deleted. I didn''t find any information about this
error, and couldn''t correct it.
2013 Oct 04
2
Issue retrieving new certificate on host after original certificate was revoked
Folks --
I am attempting to retrieve a new certificate on a Puppet client whose
certificate was revoked on the Puppet master.
The original certificate was revoked using the command:
# puppet cert --revoke el5-puptest-2.localdomain
I have deleted the /var/lib/puppet/ssl directory on the client, and issued
the following command:
# puppet agent --test --waitforcert=20
This produces the
2018 Apr 17
2
spamc scripts in IMAPSieve docs.
On 17.04.18 12:38, Aki Tuomi wrote:
>
>
>
> On 17.04.2018 12:36, Reio Remma wrote:
>> Hello!
>>
>> I noticed SpamAssassin *spamc* usage has entered the documentation at
>> https://wiki2.dovecot.org/HowTo/AntispamWithSieve
>>
>> I'm wondering if the -C (report) option in sa-learn-ham.sh should
>> use revoke instead of report for --ham
2020 Aug 28
2
[Bug 3204] New: Enable user-relative revoked keys files
https://bugzilla.mindrot.org/show_bug.cgi?id=3204
Bug ID: 3204
Summary: Enable user-relative revoked keys files
Product: Portable OpenSSH
Version: 8.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2001 Aug 14
1
[BUG] linux-2.4.7-ac7 Assertion failure in journal_revoke() at revoke.c:307
Greetings all,
I have hit a kernel BUG in revoke.c in kernel 2.4.7-ac7 twice today while
attempting to perform the same operation (patching stock 2.4.8 kernel src
with "patch -p1 < patch-2.4.8-ac4"). Syslog entries follow. Please
email me if you want/need my kernel config or any other information.
Thanks,
jtp
2018 May 25
3
Suggestion: Deprecate SSH certificates and move to X.509 certificates
How can I revoke one SSH certificate without having to replace the
root certificate and all certificates signed by it?
Regarding the second statement, do you have sources?
On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote:
> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:
>
>> SSH certificates provide no
>> way to
2024 Jun 10
1
SeDiskOperatorPrivilege_Privilege
On Sun, 9 Jun 2024 18:52:39 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Update:
>
> I have revoked the privilege to BUILIN\Administratos. As before, no
> root mapping.
>
> root at member:/# net rpc rights revoke "BUILTIN\Administrators"
> SeDiskOperatorPrivilege -U "MAD\luis" Password for [MAD\luis]:
> Successfully revoked
2012 Dec 28
1
err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
Hi,
I am trying to bootstrap a new agent from my master node as below.
puppet node_aws bootstrap \
--region us-east-1 \
--image ami-cc5af9a5 \
--login root \
--keyfile /root/.ssh/private.pem \
--install-script=puppet-enterprise \
--installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \
--installer-answers=/usr/local/puppet/agent.txt \
--keyname icos-client \
--type t1.micro
Node is created
2013 Jun 06
2
Trouble getting puppet config from client to master (Certificate verify failed).
Hello,
I''m having trouble between the client and the master. Please help!
*root@r3:~# puppet agent --test*
Info: Caching certificate for r3.pb
Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed:
2013 Apr 11
3
Understanding how Puppet SSL works !
I revoked the certificate of one of the clients by issuing the following
command on puppetmaster :
puppet cert clean <hostname>
Then tried to access the catalog from <hostname> via :
puppet agent --server=puppet ....
and I can still access the catalogs from the master without any error.
I checked that the certificate is no longer there in the puppetmaster for
this
2024 Jun 10
1
SeDiskOperatorPrivilege_Privilege
On Mon, 10 Jun 2024 08:33:13 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sun, 9 Jun 2024 18:52:39 +0100
> Luis Peromarta via samba <samba at lists.samba.org> wrote:
>
> > Update:
> >
> > I have revoked the privilege to BUILIN\Administratos. As before, no
> > root mapping.
> >
> > root at member:/# net rpc rights