search for: sectigo

...SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = kumo.kites.org verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=kumo.kites.org i:/C=GB/ST=Greater Manchester/L=Sa...

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

...PEM format, so 3 entires like this: -----BEGIN CERTIFICATE----- [base64 cert] -----END CERTIFICATE----- What you need to do is replace the final certificate with this one (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then restart the server. See here for details: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 . This site talks about "For business processes that depend on very old systems...." but the reality is that this affects everything that uses openssl for https, including curl, svn, etc.

...4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 minutes ago) EXPIRED AFAICT this is the reason: https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 FYI, Gabor

...openssl s_client -connect 188.x.x.x:12333 -crlf -CAfile /etc/pki/tls/cert.pem CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA verify return:1 depth=0 C = FR, postalCode = 34980, ST = Occitanie, L = Montpellier, street = 123 Main str, O = My Company, OU = PremiumSSL Wildcard, CN = *.domain.com verify return:1 . . SSL-Session: Protocol : TLSv1.2...

...ne > (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then > restart the server. You can also export this from Keychain Access on macOS, btw. find "COMODO RSA Certification Authority" and right click, export, PEM format. > See here for details: > https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 > . This site talks about "For business processes that depend on very > old systems...." but the reality is that this affects everything that > uses openssl for https, including curl, svn, etc. Btw. wh...

...ApTQGo67CYDnvprLg5yRME= > > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > > > minutes ago) EXPIRED > > > > > > > > AFAICT this is the reason: > > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > > > > > FYI, > > > > Gabor > > > > > > > > ______________________________________________ > > > > R-devel at r-project.org mailing list > > > >...

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong ? # checking my connexion openssl s_client -showcerts -connect localhost:63...

...c412da > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > minutes ago) EXPIRED > > > > AFAICT this is the reason: > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > FYI, > > Gabor > > > > ______________________________________________ > > R-devel at r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > -- > Peter...

...e > /etc/pki/tls/cert.pem > > ? > > CONNECTED(00000003) > > depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST > Network, CN = USERTrust RSA Certification Authority > > verify return:1 > > depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo > Limited, CN = Sectigo RSA Organization Validation Secure Server CA > > verify return:1 > > depth=0 C = FR, postalCode = 34980, ST = Occitanie, L = Montpellier, > street = 123 Main str, O = My Company, OU = PremiumSSL Wildcard, CN = > *.domain.com > > verify return:1 &gt...

...openssl s_client -connect 188.x.x.x:12333 -crlf -CAfile /etc/pki/tls/cert.pem CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA verify return:1 depth=0 C = FR, postalCode = 34980, ST = Occitanie, L = Montpellier, street = 123 Main str, O = My Company, OU = PremiumSSL Wildcard, CN = *.domain.com verify return:1 . . SSL-Session: Protocol : TLSv1.2...

...; Regards > > Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: >> I have several samba servers on Debian 10 all using : >> >> samba 2:4.9.5+dfsg-5+deb10u1 amd64 >> >> I use tls cafile, tls certfile and tls keyfile with certificates from >> Sectigo (https://cert-manager.com) >> >> And when checking my connexion from the samba server, or from outside, >> I've got "unable to verify the first certificate" even if tls_cafile is >> provided in smb.conf. >> >> What is wrong ? >> >> # che...

...ny clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the samba server, or from outside, > I've got "unable to verify the first certificate" even if tls_cafile is > provided in smb.conf. > > What is wrong ? > > # checking my connexion > >...

...egards > > Le 04/08/2020 ?? 15:18, MAS Jean-Louis via samba a ??crit??: >> I have several samba servers on Debian 10 all using : >> >> samba 2:4.9.5+dfsg-5+deb10u1 amd64 >> >> I use tls cafile, tls certfile and tls keyfile with certificates from >> Sectigo (https://cert-manager.com) >> >> And when checking my connexion from the samba server, or from outside, >> I've got "unable to verify the first certificate" even if tls_cafile is >> provided in smb.conf. >> >> What is wrong ? >> >> # che...

...7f501a899deb3bf7ea8adbbd3aef1c412da > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > minutes ago) EXPIRED > > AFAICT this is the reason: > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > FYI, > Gabor > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel -- Peter Dalgaard, Professor, Center for Statistics, Co...

...56: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > > minutes ago) EXPIRED > > > > > > AFAICT this is the reason: > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > > > FYI, > > > Gabor > > > > > > ______________________________________________ > > > R-devel at r-project.org mailing list > > > https://stat.ethz.ch/mailman/listin...

...o67CYDnvprLg5yRME= >>>>> Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 >>>>> minutes ago) EXPIRED >>>>> >>>>> AFAICT this is the reason: >>>>> https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 >>>>> >>>>> FYI, >>>>> Gabor >>>>> >>>>> ______________________________________________ >>>>> R-devel at r-project.org mailing list >>>&g...