similar to: certificates breaking ssh?

Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using,

I suggest deprecating proprietary SSH certificates and move to X.509 certificates. The reasons why I suggest this change are: X.509 certificates are the standard on the web, SSH certificates provide no way to revoke compromised certificates, and SSH certificates haven't seen significant adoption, It's also a bad idea to roll your own crypto, and own certificate format seems like an example

Can you implement revocation support? On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote: > No way, sorry. > > The OpenSSH certificate format was significantly motivated by X.509's > syntactic and semantic complexity, and the consequent attack surface in > the sensitive pre-authentication paths of our code. We're very happy to > be able to

Hello, What acme implementation do you use for your letsencrypt certificates? If it's acme.sh how do you get both rsa and ecc certificates? What configuration options are you using in your configuration of services to allow access to both rsa and ecc? Thanks. Dave. On 7/30/18, David Mehler <dave.mehler at gmail.com> wrote: > Hello, > > The client in question is the latest

Hello, I have discovered what I believe is the issue after hearing back from Aquamail. And that is that android 7 which I'm running 7.0 that is, only supports up to the p256 ecc curve. This brings up a question to users of letsencrypt, when you revoke a certificate does it take it out on the usage as well? I've got one domain that says i've issued to many certificates for it and no

Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing

You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I

How can I revoke one SSH certificate without having to replace the root certificate and all certificates signed by it? Regarding the second statement, do you have sources? On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: > >> SSH certificates provide no >> way to

Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki >

Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com>

Under Firefox, browsing to https://reviewboard.asterisk.org I get Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to reviewboard.asterisk.org. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. Websites prove their identity via certificates, which are issued by certificate

That is one of the reasons I do not bother since long with public CAs but rather deploy my own, including own OSCP responder. Which has of course has some drawbacks like redundancy, resilience, bandwidth provision, geographical spread, implementing CA security standards and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE

I'm really racking my brain trying to figure this one out here. I am running a pop3 server for remote offices on CentOS 5.2. We purchased a SSL cert from Verisign and installed it on our dovecot server, but I continue to get failure problems with the cert and I don't know where to go from here. here is some info about our config: dovecot version: # dovecot --version 1.0.7 hostname:

> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > Does dovecot 2.3.x have any issues recognizing or using certificates > that are ECC and wildcard? I'm trying to switch my letsencrypt > implementation from acme-client which does not support either of those > capabilities to acme.sh which does. Since then external

That's not a very good source, since it's only available to one person. On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot at hda3.com> wrote: > On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: >> How can I revoke one SSH certificate without having to replace the >> root certificate and all certificates signed by it? > >

The Architecture & Technology Services group is looking for a passionate engineer with significant Macintosh and OS X experience to join the Infrastructure Services team. Infrastructure Services develops and supports standards and best practices for hardware, operating systems, software tools, and other third-party applications. ATS enables VeriSign's development, operations, and business

I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your

https://bugzilla.mindrot.org/show_bug.cgi?id=2675 Bug ID: 2675 Summary: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Dear Samba users and developers, we had the idea of storing S/MIME certificates in the Samba 4 LDAP. In the Windows Active Directory Users and Computers tool I can use the "Published Certificates" tab to add a certificate to a user account. As Mozilla Thunderbird requests the "userCertificate;binary" attribute of a user when sending encrypted mail, the LDAP response is empty.

https://bugzilla.mindrot.org/show_bug.cgi?id=2436 Bug ID: 2436 Summary: Add ssh option to present certificates on command line Product: Portable OpenSSH Version: 6.9p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: