Displaying 20 results from an estimated 401 matches for "x509".
Did you mean:
509
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
basicConstrain...
2010 Oct 30
2
x509 cert chain
Hi,
I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've
been at this on and off for days and doing all the googling I can but I'm
still not making progress so any help would be very much appreciated. I
believe the latest OpenSSH builds support x509 certificates - I'm running
5.5 on Ubuntu 10.04.
What...
2008 May 05
11
puppetmasterd --mkusers
I''m trying to run puppetmasterd the first time with --mkusers. It
fails with the following error message:
001 # /usr/bin/puppetmasterd --mkusers
Could not configure for running; got 1 failure(s)
Adding --verbose and --debug does nothing to improve the output. How
do I begin to debug this?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are
2002 Feb 13
1
x509 test patch - can't compile
cc -g -I. -I. -I/opt/openssl-0.9.6c/include -I. -I/usr/local/include
-DETCDIR=\"/opt/openssh-3.0.2p1-x509/etc\"
-D_PATH_SSH_PROGRAM=\"/opt/openssh-3.0.2p1-x509/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/openssh-3.0.2p1-x509/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/opt/openssh-3.0.2p1-x509/libexec/sftp-server\"
-D_PATH_SSH_PIDDIR=\"/var/run\" -DHAVE_CON...
2010 Jun 07
3
X509 based certificate authentication in OpenSSH
Hello,
I would like to know whether OpenSSH supports x509 certificate based
authentication.
It looks like OpenSSH has dependency on OpenSSL so does this mean that
OpeSSH also supports x509 certificate based authentication.
If it does support, can you please point me to the necessary
documentation.
Thanks
Naitik
2008 Mar 13
2
Openssh to support X509 certificates
Hello,
I have paid attention to the issue about the X509-based certificate support in
standard openssh.
Because I also need the support of X509-based certificates in my project,
and also I have developed specific version of openssh to pass the
proxy certificate from client to server. But I used the PAM module
to verify the proxy and authorize the access...
2018 Sep 04
1
How to specify a x509-dir from XML config file?
...'d like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like:
/usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice
the argument x509-dir=/openstack/etc/pki/libvirt-spice is specified in /etc/libvirt/qemu.conf. It's a global argument.
Can I specify it from xml? I searched the xml doc but unable to find useful infomation.
BR
Don
-------------- next part -------------...
2007 Feb 03
0
ipsec and x509 certificate
hi I''m trying to get ipsec working with x509 certificates however I
just can''t seem to. I''ve hit a road block and was wondering if someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/certs"...
2006 Feb 07
2
SAMBA and X509 certs ?
Hello everybody,
I'll try to find out some info about Samba and a way to put x509
authenticate method but i don't find anything clear about it.
I found in the how-to v3 some stuff about authenticate PAM module to use
with samba but I don't know if I look in the right direction.
I have a samba server running for a lots of time based on smbpass DB.
We plan to use our P...
2010 Apr 02
3
[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key
https://bugzilla.mindrot.org/show_bug.cgi?id=1749
Summary: ssh-keygen cant "import" a generic x509 rsa public key
Product: Portable OpenSSH
Version: 5.4p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo: unassigned-bugs at mindrot.org
Repor...
2006 Feb 07
1
[resend] SAMBA and X509 certs ?
Hello everybody,
I'll try to find out some info about Samba and a way to put x509
authenticate method but i don't find anything clear about it.
I found in the how-to v3 some stuff about authenticate PAM module to use
with samba but I don't know if I look in the right direction.
I have a samba server running for a lots of time based on smbpass DB.
We plan to use our P...
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x50...
2002 Jun 21
0
x509 extension new version is out
Hi All,
Please visit http://satva.skalasoft.com/~rumen/openssh/ to get new version with support for x509 certificate.
- added authorization by 'Distinguished Name';
- added x509 CA store (new options in sshd_config);
- client certificate is verified against CA certificates in x509 store;
- added shell scripts to create 'Test CA' and test client certificates.
Diffs aviable for OpenBSD...
2004 Jul 08
2
How to use publickey from x509 certificate?
Hello,
I have the following problem: I want to use publickey authentication by
using the publickey of a x509 certificate stored on a java card. I can
already extract the publickey of the certificate and write it into a
file. The problem i have is that i don't know how to convert the
certificate's publickey into an rsa publickey format that openssh will
accept.
Does anybody have a hint for me...
2006 Jun 01
1
ssl-proxy: client certificates and crl check
Skipped content of type multipart/alternative-------------- next part --------------
--- ssl-proxy-openssl.c.orig 2006-04-04 10:32:58.000000000 +0200
+++ ssl-proxy-openssl.c 2006-06-01 09:24:57.000000000 +0200
@@ -498,7 +498,7 @@
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy)
{
X509 *x509;
- char buf[1024];
+ char buf[256];
const char *name;
if (!ssl_proxy_has_valid_client_cert(proxy))
@@ -508,10 +508,16 @@
if (x509 == NULL)
return NULL; /* we should have had it.. */
- X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf));
- name = t_strndup(buf, sizeof...
2011 Feb 17
1
pkcs11 : extract pubkey from x509 certificates
Hello all,
About PKCS11, some provider allows only the use of X509
certificate.
Are there plans to add the ability to extract the public key from
certificates when there is no public key?
Thank you
Sincerely,
Laurent
2014 Jun 23
0
Wishlist: add a variable %{x509} expanding to the client cert in Dovecot-auth
..._verify_client_cert = yes
auth_ssl_username_from_cert = yes
(Password checking can be bypassed by returning the extra fields
?password= nopassword? in the passdb when the variable ?%k? expands to
"valid".)
However this requires the server admin to set up a PKI. Having
a variable %{x509} expanding to the X.509 client cert in Dovecot-auth
would remove such hassle and instead provide a way to manage authorized
clients in the fashion of OpenSSH's ?authorized_keys?.
Postfix has a similar configuration option: relay_clientcerts [2].
There, the keys for the lookup table can be ei...
2008 Feb 13
1
Openssh + x509 patch problem
Hi all,
I'm trying to install ssh server based on x509 certificates with no
result. What I've done is the following:
- Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz
without error using ./configure --prefix=/opt/ssh && make && make
install in both server and client machines
- Create minimal openssl ca str...
2017 Apr 20
1
RSA key not found
I?ve got a couple of issues with a new mail server set up?
I?m getting the following error:
warning: cannot get RSA certificate from file /etc/pki/dovecot/certs/<mycert>.pem: disabling TLS support
The problem is that <mycert>.pem isn?t an RSA ticket, but a X509 certificate. The RSA ticket is in /etc/pki/dovecot/private directory. I checked both files and they are good certificates.
I?m using webmin to manage my server.
In webmin, the TLS certificate file is the X509 and the private key is the RSA file.
So why does Postfix check the certificate link fo...
2017 Feb 13
1
LDAP problem
...did what you suggest previously
This error suggests a problem with your certificate. If it used to work
previously, then check it hasn't expired.
openssl s_client -connect devsamba.lucas.ufes.br:636
copy-paste the certificate into a pem file, including begin/end lines
openssl x509 -in mycert.pem -noout -enddate
And check your root CA cert hasn't expired:
openssl x509 -in /usr/local/samba/private/tls/cert.pem -noout -enddate
I did the first command and I got this:
openssl s_client -connect devsamba.lucas.ufes.br:636
socket: Connection refused
connect:errno=11...