Displaying 20 results from an estimated 30000 matches similar to: "multiple signed ssl certificatess on single IP address"
2008 Feb 20
4
OpenSSH and X.509 Certificate Support
Hi,
I need to add X.509 Certificate support to OpenSSH.
I came across the following post on the openssh-unix-dev mailing list
that is very useful:
http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2
<http://marc.info/?l=openssh-unix-dev&m=120298135706959&w=2>
And also, http://marc.info/?l=openssh-unix-dev&m=104395024824680&w=2
2011 Dec 16
12
Seperate CA's/Master behind load balancer
Hello,
Attempting to setup a CA primary/standby as well as seperate
puppetmaster servers (all running Apache/Passenger) behind another
Apache/Passenger type load balancer.
Clients are not getting certs:-
err: Could not request certificate: Could not intern from s: nested
asn1 error
Clearly an SSL issue but not something I know a great deal about.
loadbalancer.conf
# Puppet Load Balancing
2008 Feb 13
1
Openssh + x509 patch problem
Hi all,
I'm trying to install ssh server based on x509 certificates with no
result. What I've done is the following:
- Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz
without error using ./configure --prefix=/opt/ssh && make && make
install in both server and client machines
- Create minimal openssl ca structure under /opt/ssh/etc/ca
( self
2008 Jan 16
4
x509 patch for SSH
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
been trying the x509 patch for ssh from Roumen, it works great.
However, I can't figure out couple of things, and been trying to solve
it for couple of days already.
I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g
with 6.1 version of your patch.
The serverside hostkey is configured correctly, to present x509v3-sign-rsa
dynowork
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2011 Feb 15
11
Puppetmasterd not receiving certificate request
Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2010 Oct 30
2
x509 cert chain
Hi,
I am trying to set up OpenSSH with x509 certs and I'm getting nowhere. I've
been at this on and off for days and doing all the googling I can but I'm
still not making progress so any help would be very much appreciated. I
believe the latest OpenSSH builds support x509 certificates - I'm running
5.5 on Ubuntu 10.04.
What I want to do is have users on Windows boxes using
2018 Jul 20
2
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Hi,
I recognised some funny behaviour on my server. IMAP clients which
won't send an Server Name Indication (SNI) sometimes get the wrong
certificate. I would expect that those clients always get the default
certificate (of my new domain), instead in about 20 to 50% of
connections the certificate of my old domain will be presented.
(sample rate was 3 times 30 connections)
Clients sending SNI
2018 Jul 24
1
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Sure, and thanks for trying to help!
These are the two correct answers when SNI is included. The
certificates are fully chained. Both certificates carry the same
subject mail.cs.sbg.ac.at but differ in Subject Alternative Name (SAN).
X509v3 Subject Alternative Name:?
? DNS:mail.cs.sbg.ac.at, DNS:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at,
DNS:pop.cs.sbg.ac.at
X509v3 Subject Alternative Name:?
?
2005 Oct 22
2
openssh PKCS#11 support
Hello All,
As I promised, I've completed and initial patch for openssh
PKCS#11 support. The same framework is used also by openvpn.
I want to help everyone who assisted during development.
This patch is based on the X.509 patch from
http://roumenpetrov.info/openssh/ written by Rumen Petrov,
supporting PKCS#11 without X.509 looks like a bad idea.
*So the first question is: What is the
2011 Jan 18
3
Failed SSL with CNAME'd puppetserver
Hi, suppose puppet-old.domain is a CNAME pointing to puppet-new.domain,
and puppet-new.domain is running Apache (for SSL) with mod_proxy_balancer
to balance over some 10 puppetmaster processes. The configured
SSLCertificateFile in Apache is that of puppet-new.domain
How do I get a node to stop complaining when connecting to
puppet-old.domain (ending up at puppet-new.domain through the CNAME)?
2003 Jan 06
2
certificate in openssh
hi,
we have been looking for ways to implement digital certificate authentication
in openssh. Pointers to similar kind of ongoing work will be more
appreciated. Thanks.
2007 Oct 10
17
Warning for Fedora Core users
Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7,
is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation,
and there was a similar report from someone else.
Communications between the puppetmasterd and the puppetd running on
the same host broke down with the message:
Could not retrieve configuration: Certificates were not trusted: hostname
not match with
2007 Nov 11
4
puppetrun fails: "Certificates were not trusted"
Hello all,
I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine.
The namespaceauth.conf on the client (where puppetd runs) is configured as follows:
[puppetrunner]
allow *.abc.net
(also tried the calling host: puppet1.abc.net)
But when I call
2010 Sep 08
25
Setup 2.6 + apache, passenger
Hi!
I''m testing Puppet 2.6 and got all the basic stuff working with the
default webricks. I read that it doesn''t scale very well and is not
suited for production environments and the recommended setup is Apache/
Passenger.
Is there a step-by-step-guide on how to set it up?
Any help is very appreciated.
Regards,
Freddie
--
You received this message because you are subscribed
2016 Apr 15
5
file rights tls key files.
Hai,
Im seeing the following..
[2016/04/15 09:57:55.135038, 0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)
Invalid permissions on TLS private key file 'server.key.pem':
owner uid 0 should be 0, mode 0440 should be 0600
This is known as CVE-2013-4476.
It there anyway to override this setting? I do need 0440 here. ( or 0400 )
0600 is not
2003 Apr 24
1
x509v3-sign-rsa authentication type...
I've seen a variety of patches on the list for supporting the x509v3
certificate authentication. Are there any plans to include any of these in
the official openssh?
Thanks,
Kevin Stefanik
2002 Jan 23
5
X.509 support in ssh (revisited)
Hi there,
Forgive me for repeating a question asked about a year ago:
> Hi,
>
> Just wondered if anyone had got the following to work or if there
are any
> plans to add this functionality.
>
> * X.509 certificate support for authentication. As used in the likes of
> stunnel, mod_ssl etc for client auth.
>
> * Directory based (LDAP) key lookup. Either
2018 Jul 20
4
autogenerated self-signed certificate problem
Hi people,
i have a problem with trying ldaps
i use autogenerated self-signed certificate, i write in smb this:
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
without cafile
when i try to verify with:
openssl verify /usr/local/samba/private/tls/myCert.pem
it said me unable to verify the first certificate
and if add -CApath works!
and finally when i try from another