Displaying 20 results from an estimated 31 matches for "sslverifyclient".
Did you mean:
ssl_verify_client
2010 Sep 06
5
SSLVerifyClient required with Apache+Mongrel
Hello,
In the wiki "Using_Mongrel"
http://projects.reductivelabs.com/projects/puppet/wiki/Using_Mongrel
it proposes a configuration with the option:
SSLVerifyClient require
But with this option set I am not able to register new clients. When I
run a new puppet client, I get the error:
warning: peer certificate won''t be verified in this SSL session
err: Could not request certificate: SSL_connect returned=1 errno=0
state=SSLv3 read finished A: sslv3 a...
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
...understand, Puppet''s client/server authentication system -
using SSL - is portable. I believe that I should be able to use the
same SSL certificates and keys (and even the same CA) with regard to
other SSL/TLS connections, as well.
In particular, I want to use Apache''s ''SSLVerifyClient require''
option, but not in my Mongrel setup, but for an entirely different SSL
site which also happens to be on the same machine as my Puppet master.
Assuming both my Puppet master and my Puppet agent represent the
server and client in this connection, respectively, then I believe I
shou...
2010 Sep 29
5
err: Could not request certificate: sslv3 alert handshake failure error
Hi,
I''ve setup the puppetmaster to start 5 processes each listening on a
different port, with an Apache server in front. This works fine for
existing clients, however when I try to add a new client (ie. a newly
installed machine with no previous puppet configuration) I get this
error:
err: Could not request certificate: sslv3 alert handshake failure
error
Any ideas what''s
2006 Aug 30
1
Rails + Apache FCGI Client Auth BUG
...shows me the contents of my request.
But when on SSL I type the same thing and I get:
=> nil
I don''t know why, but this does not happen all the time, seldom it shows
my params variable even when on SSL.
This is how I configured SSL Client Auth on Apache:
<Location /myapp>
SSLVerifyClient require
SSLVerifyDepth 10
</Location>
<Files ~ "\.(cgi|fcgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars +ExportCertData
</Files>
Please help, I''m stuck and frustrated, could this be a bug?
Thanks.
-Ofir
--
Posted via http://www.ruby-forum.com/.
-...
2008 Mar 28
1
SSl Certificate problem
...RT. In addition it says that this means
that "SSL peer was unable to negotiate an acceptable set of security
parameters."
If I try to open the site in IE, it prompts for a client certificate. This
fails because I am not using client certs.
In the apache config for ssl.conf I have "SSLVerifyClient none". I have also
tried setting it to "optional" with the same results.
In the past moving these sites to a different machine was as simple as
copying the certs and the config files over to the new machine, reloading
httpd and everyting just worked. Is there something different abo...
2006 Jan 16
2
Basic (newbie) Webrick / ssl config question
I have a simple Intranet app I want to make accessible via the
Internet for remote access by our employees.
I want to use ssl (https) connections and I''ve found enough messages
to imply Webrick as included in rails can do the job.
The message at
http://wrath.rubyonrails.org/pipermail/rails/2005-January/001993.html
even appears to tell me exactly how to do it by modifying
2013 Mar 12
2
Puppet with Passenger - 403 Forbidden
Morning all
Am in the process of testing a migration of Puppet 3 from webrick to
Puppet.
Have found the foreman modules (https://github.com/theforeman) which seems
to take care of a lot of the leg-work...
However having got Puppet running with Passenger in Apache, whenever trying
to access the Puppet master from a client, I was getting a ''403 Forbidden
error''.
Have dug
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
.../var/lib/puppet/ssl/ca/
ca_crt.pem
SSLCACertificateFile /drbd01/puppet/var/lib/puppet/ssl/ca/
ca_crt.pem
# CRL checking should be enabled; if you have problems with Apache
complaining about the CRL, disable the nex
t line
# SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers allow the same configuration to
work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CL...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...em
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
<puppetmaster>.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subjec...
2013 May 30
4
Could not request certificate: Error 405 on SERVER
...pmaster.localdomain.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order Allow,Deny...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...ificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled; if you have problems with Apache
complaining about the CRL, disable the next line
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers allow the same configuration to work
with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_C...
2010 Aug 20
5
puppet dashboard gui looks odd from apache2
...LCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None...
2010 Mar 05
1
WEBrick 500 error only with https
...self.dispatch(options)
Socket.do_not_reverse_lookup = true
server = WEBrick::HTTPServer.new(
:Port => options[:port].to_i,
:ServerType => options[:server_type],
:BindAddress => options[:ip],
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLCertificate => options[:cert],
:SSLPrivateKey => options[:pkey],
:SSLCertName => [ [ "CN",
WEBrick::Utils::getservername ] ]
)
server.mount(''/'', DispatchServlet, options)
trap(&...
2010 Jun 09
12
Foreman -- Reporting
Hello All,
I don''t seem to be able to get reports to display on the foreman
interface. I copied extras/puppet/foreman/files/foreman-report.rb to /
usr/lib/ruby/site_ruby/1.8/puppet/reportsforeman.rb, instead of /usr/
lib/ruby/1.8/puppet/reports/foreman.rb. Config: Centos5.4, Apache/
Passenger, Puppet 0.25.4.
The reports are coming from the clients, because I can see them
in
2012 May 09
1
tlsv1 alert unknown ca
Dear all,
I see this error message in my *masterhttp.log* repeatedly:
ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3
> read client certificate A: tlsv1 alert unknown ca
>
I saw a similar mail in the list but there was no definitive answer to that
post. Does anyone know what am I missing here? I do understand what *unknown
ca* means but I can''t think
2009 Oct 19
7
Passenger Woes
...ACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow f...
2012 Jun 12
1
Dashboard with RackbaseURI / and RailsAutoDetect off
...uppet/ssl/ca/ca_crt.pem
> # If Apache complains about invalid signatures on the CRL, you can
> try disabling
> # CRL checking by commenting the next line, but this is not
> recommended.
> SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
> SSLVerifyClient optional
> SSLVerifyDepth 1
> SSLOptions +StdEnvVars
>
> ErrorLog logs/puppet_error_log
> TransferLog logs/puppet_access_log
> LogLevel warn
> # This header needs to be set if using a loadbalancer or proxy
> #Req...
2007 Jul 25
6
Signing certificates with mongrel+apache puppetmaster
Hi,
Is there a way to have puppetmaster sign new clients'' certificates when
using apache+mongrel for serving, without having a separate puppetmaster
instance running webrick on a different port/IP?
I guess this does not work out of the box because apache is told to do
the verification very early in the connection process, at which point it
does not yet know that the client is going to
2014 Aug 29
0
Using puppet with Apache mod_disk_cache and passenger over SSL
...r/lib/puppet/ssl/certs/hostname.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/hostname.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
Re...
2009 Sep 07
2
passenger-status error messages
...ertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can
try disabling
# CRL checking by commenting the next line.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
Ra...