similar to: Problem generating SSL certificates

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

Hi. I had generate a SSL cetificate. I performed following actions: mkdir /opt/LocalCA cd /opt/LocalCA mkdir certs mkdir private chmod 700 private echo '01' > serial touch index.txt cd /opt/LocalCA PATH=/opt/openssl/bin:$PATH export PATH OPENSSL_CONF=/opt/LocalCA/LocalCA.cnf export OPENSSL_CONF openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days

I've been looking all over (google, wiki, manuals) for docs, and I can't find any mention of how to set up a CA or certificates *specifically for centos 5 / upstream 5*. There are plenty of generic guides on using openssl for this sort of thing, but I'd like to play nice within the standard structure of this system. I've found the /etc/pki directory, but can't find much

On 3/14/19 7:40 AM, Stephan von Krawczynski via dovecot wrote: > Sorry I have to write this, but this is again pointing people in a fake > security direction. You should be sorry, because you are wrong. > The only valid authority for a certificate is the party using it. Any third > party with unknown participants cannot be a "Certificate Authority" in its > true sense.

Hi, I have ecommerce stores on my server who use the same instantssl certificate without any problems. These particular certificates were migrated over from one plesk system to my new server with centOS 3.4 and plesk 7.5.1 reloaded. When I generated a new csr for a new client on my centOS server and chose apache mod_ssl at instantssl for the csr I got the certificate, installed it (first new

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

On Thu, 2019-03-14 at 15:08 +0100, Stephan von Krawczynski via dovecot wrote: > On Thu, 14 Mar 2019 09:51:14 -0400 > Phil Turmel via dovecot <dovecot at dovecot.org> wrote: > > > On 3/14/19 7:40 AM, Stephan von Krawczynski via dovecot wrote: > > > > > Sorry I have to write this, but this is again pointing people in a fake > > > security direction.

Hi, I'm trying to install an AD with PKI auth.I'm so referring to : https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login I have my forest working , users .etc. I'm now trying to generate the root CA. Using the template in the wiki , When I try to openssl req -new req -new -x509 -days 3650 -sha256 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div>I see. You need to import the cert into thundebird's trusted ca certs.</div><div><br></div><div>Aki</div><blockquote type="cite"><div>On 30/04/2020 21:36 <a

Hello, [if I'm not in the right mailing list, please advise it to me] I'm using ssh certificates for my servers and my users. I have questions about it: I can use the same CA in order to certify all my hosts. Every clients can use it, and it's a great setup. But, if I use the same CA for all my clients, it means that any clients can log in to any server because hosts trusts my

On Thu, 14 Mar 2019 09:51:14 -0400 Phil Turmel via dovecot <dovecot at dovecot.org> wrote: > On 3/14/19 7:40 AM, Stephan von Krawczynski via dovecot wrote: > > > Sorry I have to write this, but this is again pointing people in a fake > > security direction. > > You should be sorry, because you are wrong. > > > The only valid authority for a certificate

--- sysprep/sysprep_operation_logfiles.ml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sysprep/sysprep_operation_logfiles.ml b/sysprep/sysprep_operation_logfiles.ml index 3055ca4..2558af1 100644 --- a/sysprep/sysprep_operation_logfiles.ml +++ b/sysprep/sysprep_operation_logfiles.ml @@ -91,6 +91,13 @@ let globs = List.sort compare [ (* log file of ntp *)

Hello, I've a not really dovecot specific problem with my certificate. Since the OpenSSL documentation isn't what I expect to be at least good, I hope someone here can give me a hint how/where fo fix it; I've created a root-Certificate with almost untouched openssl.cnf and issued a server-certificate for dovecot. This cert and it's key I placed in somewhat like /var/dovecot.

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard

Hallo, i'm having troubles installing self-signed certificates for dovecot. After installing, dovecot generates a key and cert. But he is using the wrong common name (where does dovecot get this name from?). I tried deleting them and installing a handcrafted cert with this: openssl genrsa -out mail.key 2048 openssl req -new -key mail.key -out mail.csr openssl x509 -req -days 4312 -in

A couple of days ago I decided that I needed a samba and ldap setup. After reading the samba mailing list , specifically the thread "Re: [Samba] Samba and LDAP backend - howto docs problems?" I decided to buy the Official Samba-3 HowTo and Reference guide", (the Samba-3 By Example mentioned in that thread wasn't available in my bookstore and they could't order it for me too)

Hi, I'm getting increasingly paranoid. Something I said on a certain social media site several months ago was modified - then reported - then by account was banned until I agreed to delete it. Obviously since what I said was modified I didn't have any issue with deleting it but I want more than just DKIM sigs on my e-mail now. Anyway looking for S/MIME I can use to sign and/or

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

Hello, After countless hours on, this I found the root cause of HTTPS settings on Debian Buster. All this came from ast_tls_cert script using 1024 bits-long keys where Debian's defaut was to require at least 2048-long keys ! Simply passing -b 2048 to ast_tls_cert solved it. 1. May I suggest mentioning explicitly this possibility in wiki page [1] ? 2. What would you say of adding an extra