search for: sslcert

...I am cant think of a way to supply group creds on the same group to two different classes that both require access to the ssl certificates. The ssl certs are group but not world accessible, ''mode => 660''. I have ldap doing tls, in one class, so the ldap user needs to be in the sslcerts group, and httpd::ssl, so apache needs to be in the sslcerts group. how can I create the group so both classes can add their users to the group ? Thanks in advance, Andrew. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this...

...ytes=10M sieve = ~/dovecot.sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0600 user = vmail } user = root } ssl_cert = </etc/postfix/sslcert/mailserver.crt ssl_key = </etc/postfix/sslcert/mailserver.key userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol pop3 { mail_plugins = quota pop3_uidl_format = %08Xu%08Xv } protocol imap { mail_plugins = quota imap_quota } protocol lda { auth_socket_path = /var/r...

...n the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path to the certificate. ; sslcipher=<cipher string> It errors as I expect it would: pbx*CLI> manager reload == Parsing '/etc/asterisk/manager.conf': == Found SSL cert error </etc/pki/tls/certs/pbxc.pem> How does one specify the privat...

...would like is to make Dovecot access each individual's mailbox using the user's own account and group. How do I do this? I am using Passwd-file scheme. --- My dovecot.conf: mail_uid = vmail mail_gid = vmail listen = 192.168.1.2 protocols = imap pop3 ssl = yes ssl_cert = </usr/local/etc/sslcerts/server.crt ssl_key = </usr/local/etc/sslcerts/server.key mail_location = maildir:/home/%n/Maildir maildir_copy_with_hardlinks = yes auth_mechanisms = cram-md5 service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix path = /var/spool/postfix/privat...

...> service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-master { > mode = 0600 > user = vmail > } > user = root > } > ssl_cert = </etc/postfix/sslcert/mailserver.crt > ssl_key = </etc/postfix/sslcert/mailserver.key > userdb { > args = /etc/dovecot/dovecot-mysql.conf > driver = sql > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol imap { > mail_plugins = quota...

Thorsten Sandfuchs wrote: > Hio, > I''m looking for a way to manage openssl client/server classes which correspond > to each other. As I don''t want to reinvent the wheel, I''d be glad if someone > could share his solution? :) > > It should be possible to provide and distribute ssl-certificates corresponding > to one (or perhaps even many) CAs and for

I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local. When I "./configure" dovecot it seems to always pick up the

...256 is lower than what Dovecot can use under full load (more than 768). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: SunOS 5.8 sun4u base_dir: /software/imap-dovecot-1.2/data/etc/dovecot/ protocols: imap imaps pop3 pop3s ssl_cert_file: /software/sslCerts/config/certs/dovecot.pem ssl_key_file: /software/sslCerts/config/certs/private/dovecot.key disable_plaintext_auth: no login_dir: /software/imap-dovecot-1.2/data/etc/dovecot/home/ login_executable(default): /software/imap-dovecot-1.2/libexec/dovecot/imap-login login_executable(imap): /software/imap...

Hi, Since the 23rd of March, we encounter mailbox corruption for some users (15 out of 5000) using POP mainly via Thunderbird. Symptoms are : -users can login but fail to receive new mails and fail to read their inbox -Dovecot.log : ar 29 11:00:06 Error: POP3(user_login): Couldn't init INBOX: Mailbox isn't a valid mbox -The mailbox start with either 'FFrom or

...but I'm not able to find what and where. Is there someone able to point me to the right direction? Below is my configuration. The sofpthone is registered as 1060. Thanks in advance. Marco Signorini. pjsip.conf: [transport-tls] type=transport protocol=tls bind=0.0.0.0 cert_file=/etc/asterisk/sslcert.pem method=tlsv1 [1060] type=endpoint transport=transport-tls context=from-internal use_avpf=yes media_encryption=sdes disallow=all allow=alaw allow=ulaw aors=1060 auth=1060 [1060] type=auth auth_type=userpass password=1060 username=1060 [1060] type=aor max_contacts=10 [204] .... http.conf: e...

Hi All, This Samba release changelog (https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions) specifically mentions a security issue and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation

When Thunderbird starts up 1.1.8 log entries reflect: Jan 24 06:44:56 net1 dovecot: imap-login: Login: user=<yemiah at coolsurf.com>, method=PLAIN, rip=71.155.185.14, lip=69.94.137.124, TLS Jan 24 06:44:56 net1 dovecot: imap-login: Login: user=<david-xfer at coolsurf.com>, method=PLAIN, rip=71.155.185.14, lip=69.94.137.124, TLS Jan 24 06:44:56 net1 dovecot: imap-login: Login:

Hello, is it possible to use differnent ssl certs for pop3 and imap ? I like to have differnet dnsnames for pop3 an imap services configured at customers clients. I tried to configure ssl_key and ssl_cert inside a <protocol>-login {} section but this failed. Of course I know sslcerts containing multiple dnsnames. But this seemes not a real, clean solution to me. Thanks, Andreas -- Andreas Schulze Internetdienste | P532 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerst...

...RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_key = </home/sslcerts/keys/mailbox.endberg.net.key ssl_protocols = !SSLv2 !SSLv3 userdb { driver = passwd } -----------------------------------------------------------------------

...et’s Encrypt Authority X3,O=Let’s Encrypt,C=US’ NSS error -8179 Closing connection #0 Peer certificate cannot be authenticated with known CA certificates curl: (60) Peer certificate cannot be authenticated with known CA certificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate sign...

...e-types=filename Specifies an Apache style mime.types configuration file to be used for mime types Default: none -p, --port=port Runs Rails on the specified port. Default: 3000 --sslcert=/path/to/certificate For SSL (https) operation pass the server certificate file location relative to RAILS_ROOT. default: /config/ssl/server.key --sslkey=/path/to/key For SSL (https) operation pass...

http://bugzilla.mindrot.org/show_bug.cgi?id=758 Summary: if authorized keys exchanged, regular user can gain Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 URL: http://www.mainelinesys.com OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: ssh

...un your own CA root and you are not using automaticly generated certs. Which is in a AD-DC, in my personal opinion, not good, yes it works fine, if you use only 1 DC. With mutliple DC's, you should really think of seting up your own CA. So here you go, a "possible" setup for your sslcert if you use your own CA. A handy tool https://hohnstaedt.de/xca/ , which i personly use. Difficult, naah.. See : https://hohnstaedt.de/xca/index.php/documentation/ Or create the CA yourself with openssl. Or tinyCa , etc lots of options here. My current layout. ls -al /etc/ssl/ total 84 drwxr...

...MUST be correct to make it work. > dns proxy = yes > > # Add and Update TLS Key > # If your having domain member, a correct certificate setup is > preffered. > #tls enabled = yes > #tls keyfile = /etc/ssl/private/host.key.pem > #tls certfile = /etc/sslcerts/host.cert.pem > #tls cafile = /etc/ssl/certs/ca.pem > > ## map id's outside to domain to tdb files. > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > ## map ids from the domain and (*) the range may not overlap ! > # choose...

...ver DNS. # Your DNS/Resolving setup MUST be correct to make it work. dns proxy = yes # Add and Update TLS Key # If your having domain member, a correct certificate setup is preffered. #tls enabled = yes #tls keyfile = /etc/ssl/private/host.key.pem #tls certfile = /etc/sslcerts/host.cert.pem #tls cafile = /etc/ssl/certs/ca.pem ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain and (*) the range may not overlap ! # choose the back end that fits your setup....