search for: sslcerts

...I am cant think of a way to supply group creds on the same group to two different classes that both require access to the ssl certificates. The ssl certs are group but not world accessible, ''mode => 660''. I have ldap doing tls, in one class, so the ldap user needs to be in the sslcerts group, and httpd::ssl, so apache needs to be in the sslcerts group. how can I create the group so both classes can add their users to the group ? Thanks in advance, Andrew. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this...

Hello List, I am running an Ubuntu 14.04.5 LTS Server with Dovecot 2.2.9, only local filesystems and authentication done via mysql backend. Server is a Strato Virtual Server running 2.6.32-042stab120.11 #1 SMP Fri Mar 10 16:52:50 MSK 2017 i686 i686 i686 GNU/Linux Sometimes I see errors in the log like this for one user: Error: Transaction log /var/vmail/

Hello, all. After many pages of googling and testing in the lab, I'm still a bit perplexed about how to implement tls protection for the asterisk manager. manager.conf allows one to specify the cert file but one normally must also specify the private key file. If I simply enter the cert file: sslenable=yes sslbindport=5038 sslbindaddr=172.x.x.8 sslcert=/etc/pki/tls/certs/pbxc.pem ; path

...would like is to make Dovecot access each individual's mailbox using the user's own account and group. How do I do this? I am using Passwd-file scheme. --- My dovecot.conf: mail_uid = vmail mail_gid = vmail listen = 192.168.1.2 protocols = imap pop3 ssl = yes ssl_cert = </usr/local/etc/sslcerts/server.crt ssl_key = </usr/local/etc/sslcerts/server.key mail_location = maildir:/home/%n/Maildir maildir_copy_with_hardlinks = yes auth_mechanisms = cram-md5 service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix path = /var/spool/postfix/private...

2.2.9 is rather old. Updating to a more recent version could help. Aki On 23.03.2017 10:48, Kein Name wrote: > Hello List, > > I am running an Ubuntu 14.04.5 LTS Server with Dovecot 2.2.9, only local > filesystems and authentication done via mysql backend. > Server is a Strato Virtual Server running > 2.6.32-042stab120.11 #1 SMP Fri Mar 10 16:52:50 MSK 2017 i686 i686 i686 >

Thorsten Sandfuchs wrote: > Hio, > I''m looking for a way to manage openssl client/server classes which correspond > to each other. As I don''t want to reinvent the wheel, I''d be glad if someone > could share his solution? :) > > It should be possible to provide and distribute ssl-certificates corresponding > to one (or perhaps even many) CAs and for

I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local. When I "./configure" dovecot it seems to always pick up the

...256 is lower than what Dovecot can use under full load (more than 768). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: SunOS 5.8 sun4u base_dir: /software/imap-dovecot-1.2/data/etc/dovecot/ protocols: imap imaps pop3 pop3s ssl_cert_file: /software/sslCerts/config/certs/dovecot.pem ssl_key_file: /software/sslCerts/config/certs/private/dovecot.key disable_plaintext_auth: no login_dir: /software/imap-dovecot-1.2/data/etc/dovecot/home/ login_executable(default): /software/imap-dovecot-1.2/libexec/dovecot/imap-login login_executable(imap): /software/imap-...

Hi, Since the 23rd of March, we encounter mailbox corruption for some users (15 out of 5000) using POP mainly via Thunderbird. Symptoms are : -users can login but fail to receive new mails and fail to read their inbox -Dovecot.log : ar 29 11:00:06 Error: POP3(user_login): Couldn't init INBOX: Mailbox isn't a valid mbox -The mailbox start with either 'FFrom or

Hi All. I'm running some tests with the latest Asterisk SVN-branch-12-r410493M compiled with fresh github pjsip and srtp 1.4.2 on an i386 centOS machine (2.6.32-358.18.1.el6.i686). As a client I'm using the sipMLP WebRTC javascript softphone running on Chrome 33.0.1750.146 m. I have the softphone correctly registered on the Asterisk machine but as soon as I try to start a new call

Hi All, This Samba release changelog (https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions) specifically mentions a security issue and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation

When Thunderbird starts up 1.1.8 log entries reflect: Jan 24 06:44:56 net1 dovecot: imap-login: Login: user=<yemiah at coolsurf.com>, method=PLAIN, rip=71.155.185.14, lip=69.94.137.124, TLS Jan 24 06:44:56 net1 dovecot: imap-login: Login: user=<david-xfer at coolsurf.com>, method=PLAIN, rip=71.155.185.14, lip=69.94.137.124, TLS Jan 24 06:44:56 net1 dovecot: imap-login: Login:

Hello, is it possible to use differnent ssl certs for pop3 and imap ? I like to have differnet dnsnames for pop3 an imap services configured at customers clients. I tried to configure ssl_key and ssl_cert inside a <protocol>-login {} section but this failed. Of course I know sslcerts containing multiple dnsnames. But this seemes not a real, clean solution to me. Thanks, Andreas -- Andreas Schulze Internetdienste | P532 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr...

...RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_key = </home/sslcerts/keys/mailbox.endberg.net.key ssl_protocols = !SSLv2 !SSLv3 userdb { driver = passwd } -----------------------------------------------------------------------

...et’s Encrypt Authority X3,O=Let’s Encrypt,C=US’ NSS error -8179 Closing connection #0 Peer certificate cannot be authenticated with known CA certificates curl: (60) Peer certificate cannot be authenticated with known CA certificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signe...

I have hacked a script that I found at http://www.koders.com/ruby into a generalized webrick startup script. The script is attached to this post and the help text is reproduced below. "script/server" runs webrick on port 3000 bound to 0.0.0.0. If that is too general then you can pass a specific port using -p= or --port=. "script/server -s" runs webrick in ssl mode and

http://bugzilla.mindrot.org/show_bug.cgi?id=758 Summary: if authorized keys exchanged, regular user can gain Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 URL: http://www.mainelinesys.com OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: ssh

Hai, Please note, this is how I setup, which is not related to the samba wiki. This is what i currently see on my DC, these where created in 2015 and im NOT using these. /var/lib/samba/private/tls# ls -al total 20 drwx------ 2 root root 4096 Apr 28 2015 . drwxr-xr-x 7 root root 4096 Apr 9 13:06 .. -rw-r--r-- 1 root root 997 Apr 28 2015 ca.pem -rw-r--r-- 1 root root 997 Apr 28 2015

...MUST be correct to make it work. > dns proxy = yes > > # Add and Update TLS Key > # If your having domain member, a correct certificate setup is > preffered. > #tls enabled = yes > #tls keyfile = /etc/ssl/private/host.key.pem > #tls certfile = /etc/sslcerts/host.cert.pem > #tls cafile = /etc/ssl/certs/ca.pem > > ## map id's outside to domain to tdb files. > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > ## map ids from the domain and (*) the range may not overlap ! > # choose t...

...ver DNS. # Your DNS/Resolving setup MUST be correct to make it work. dns proxy = yes # Add and Update TLS Key # If your having domain member, a correct certificate setup is preffered. #tls enabled = yes #tls keyfile = /etc/ssl/private/host.key.pem #tls certfile = /etc/sslcerts/host.cert.pem #tls cafile = /etc/ssl/certs/ca.pem ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain and (*) the range may not overlap ! # choose the back end that fits your setup. #...