search for: ssl_certif

...nvironment is: Debian 10 (Buster) I tried the standard debian package but there is no SSL capability at all. So I compiled the icecast-2.4.4.tar.gz contents with ./configure --with-curl --with-openssl; make; make install I always get the error: [2020-02-05 17:35:36] INFO connection/get_ssl_certificate No SSL capability on any configured ports The parts of the icecast.xml are: <listen-socket> <port>8780</port> </listen-socket> <listen-socket> <port>9780</port> <ssl>1</ssl> </listen-s...

...ied the standard debian package but there is no SSL capability at all. > > > > So I compiled the icecast-2.4.4.tar.gz contents with ./configure > --with-curl --with-openssl; make; make install > > > > I always get the error: [2020-02-05 17:35:36] INFO > connection/get_ssl_certificate No SSL capability on any configured ports > > > > The parts of the icecast.xml are: > > > > <listen-socket> > > <port>8780</port> > > </listen-socket> > > <listen-socket> > > <port>97...

...and build-essential. Do I need some other stuff ? Question 3: So I compiled the icecast-2.4.4.tar.gz contents with ./configure --with-curl --with-openssl; make; make install. I changed the icecast.xml and icecast is running. But the errorlog allways has: [2020-02-05 17:35:36] INFO connection/get_ssl_certificate No SSL capability on any configured ports http is working fine, but no connection via https. The firewall is ok. "wget" mentions a TLS error. The relevant parts of the icecast.xml are: <listen-socket> <port>8780</port> </listen-socket> &lt...

...ient doesn't have a certificate, he gets the following error: 400 Bad Request The SSL certificate error ------------------------------------------------------------------------ nginx/0.6.39 I've tried the following: server { listen 8443; ssl on; ssl_certificate /etc/httpd/ssl/proxy-ssl.cer; ssl_certificate_key /etc/httpd/ssl/server.key; ssl_client_certificate /etc/httpd/ssl/ca-bundle.crt; ssl_verify_client on ............................................................................................. ............................

....1:8140; # server pserver02:8140; } upstream puppetca { server primaryca:8140; server secondaryca:8140 backup; } server { listen 192.168.122.14:8140; server_name loadbalancer01; ssl on; ssl_session_timeout 5m; ssl_certificate /var/lib/puppet/ssl/certs/loadbalancer01.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/ loadbalancer01.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-...

...n.com; > return 301 https://$server_name$request_uri; > } > > server { > listen 443 ssl; > server_name software.mydomain.com; > ssl_protocols TLSv1.3 TLSv1.2; > ssl_stapling off; > ssl_stapling_verify on; > ssl_certificate /etc/letsencrypt/live/ > software.mydomain.com/fullchain.pem; > ssl_certificate_key /etc/letsencrypt/live/ > software.mydomain.com/privkey.pem; > ssl_ciphers > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES25...

...e it does not speak SSL. So my issue is : how to be sure things stay secure in the way that the proxy should be the one speaking ssl and making client ssl certificate signature verification. I read the pound and the ngnix wiki article and i am a bit confused here. Lets see for nginx: ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem (and ssl_verify_client on; in the server setting) So here i took the debian default ssl config and added the last line ''ssl_client_certificate'' with th...

...ginx/logs/access.log main; sendfile on; #tcp_nopush on; server { listen 80; server_name localhost; root /var/www/dashboard/current/public; passenger_enabled on; passenger_min_instances 1; # listen 443; # ssl on; # ssl_certificate /opt/nginx/conf/server.crt; # ssl_certificate_key /opt/nginx/conf/server.key; # Rails error pages error_page 500 502 503 504 /500.html; location = /500.html { root /var/www/dashboard/current/public; } } } In my dev env, app running on w...

...unix:/var/run/puppet/puppetmasterd. 2.sock; server unix:/var/run/puppet/puppetmasterd. 3.sock; server unix:/var/run/puppet/puppetmasterd. 4.sock; } server { listen 8140; ssl on; ssl_certificate /var/lib/puppet/ssl/certs/ something.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/ something.pem; ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:- EXP; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_verify_cl...

...passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /etc/puppet/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/cert...

...project.org') as.list(certs[[3]]) Shows the root cert expires today. > Hopefully someone who can actually act on this can figure out what needs > doing. The apache server will have a config entry SSLCertificateFile which points to a cert bundle (in nginx servers this is called "ssl_certificate"). If you open this in a text editor it contains the 3 certs, in PEM format, so 3 entires like this: -----BEGIN CERTIFICATE----- [base64 cert] -----END CERTIFICATE----- What you need to do is replace the final certificate with this one (just copy-paste the base64 cert): https://crt.sh/?...

...two separate configs on two different ports, and to use --ca_port). Now, it is as simple as the following configuration: upstream puppet-production { server 127.0.0.1:18140; server 127.0.0.1:18141; } server { listen 8140; ssl on; ssl_session_timeout 5m; ssl_certificate /var/lib/puppet/ssl/certs/puppetmaster.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetmaster.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; # allow authenticated and client without certs...

I've updated the dashboard (https://rud.is/r-project-cert-status/) script and my notifier script to account for the entire chain in each cert. On Sat, May 30, 2020 at 5:16 PM Bob Rudis <bob at rud.is> wrote: > > # A tibble: 13 x 1 > site > <chr> > 1 beta.r-project.org > 2 bugs.r-project.org > 3 cran-archive.r-project.org > 4 cran.r-project.org

Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as