search for: server_cert

...;>the server and really think that the certificates are in the right place. > >Here's how I managed that in my openssl.cnf file. Lots of bits >ellided for clarity's sake: > >### start ### >[ ca ] >default_ca = CA_default > >[ CA_default ] >x509_extensions = server_cert > >[ server_cert ] >basicConstraints=CA:FALSE >keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment >extendedKeyUsage = serverAuth, clientAuth >nsCertType = server, client >### end ### > >I think the nsCertType directive may be unnecessary these...

..., ST=California, L=San Francisco, OU=Certificate Authority, O=XXXX, CN=X.X.X Mon Apr 18 05:34:50 2016 Certificate does not have key usage extension Mon Apr 18 05:34:50 2016 VERIFY KU ERROR Mon Apr 18 05:34:50 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Mon Apr 18 05:34:50 2016 TLS Error: TLS object -> incoming plaintext read error Mon Apr 18 05:34:50 2016 TLS Error: TLS handshake failed

...39;s, unless I'm wrong. I checked the server and really > think that the certificates are in the right place. Here's how I managed that in my openssl.cnf file. Lots of bits ellided for clarity's sake: ### start ### [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = server_cert [ server_cert ] basicConstraints=CA:FALSE keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth nsCertType = server, client ### end ### I think the nsCertType directive may be unnecessary these days, but I keep it around because...

...require ''http-access2'' user = ''fwkaufm'' wsdl = ''ProxyUser.wsdl'' soap = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver soap.options[''protocol.http.ssl_config.client_cert''] = ''/etc/certs/ssl.crt/server_cert.crt'' soap.options[''protocol.http.ssl_config.client_key'']=''/etc/certs/ssl.crt/server_key_nopass.pem'' soap.options[''protocol.http.ssl_config.ca_file'']=''/etc/certs/ssl.crt/ca.crt'' dn = soap.getDn(user) puts...

...> are in the right place. >> >> Here's how I managed that in my openssl.cnf file. Lots of bits ellided for >> clarity's sake: >> >> ### start ### >> [ ca ] >> default_ca = CA_default >> >> [ CA_default ] >> x509_extensions = server_cert >> >> [ server_cert ] >> basicConstraints=CA:FALSE >> keyUsage = nonRepudiation, dataEncipherment, digitalSignature, >> keyEncipherment >> extendedKeyUsage = serverAuth, clientAuth >> nsCertType = server, client >> ### end ### >> >> I t...

...when viewing the emails via Thunderbird or a webmail client, they are truncated. *** START 'dovecot -n' *** # 1.0.13: /etc/dovecot/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/mail.log info_log_path: /var/log/mail.log protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/server_certs/mail.example.com.crt ssl_key_file: /etc/ssl/server_certs/mail.example.com.key ssl_cipher_list: ALL:!LOW disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(...

> I guess we have to look at the conf files then, first these two: Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth. Unfortunately it's still erroring out: (7) mschap: Creating