Displaying 20 results from an estimated 2000 matches similar to: "self Certificate Authority, using /etc/pki/tls/misc/CA"
2011 Sep 14
1
puppet kick getting hostname not match with the server certificate
OS - RHEL5.7
Installation Source - epel-testing repo
Puppet server version - 2.6.6
puppetd version - 2.6.6
I searched Google and none of the answers were a match for my set up...
I can do ''puppetd --test'' from the client and things work as expected.
When doing puppet kick hostname I get the following:
Triggering hostname
Host hostname failed: hostname not match with the server
2013 Dec 12
1
Need help in addressing this error - ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
Hi ,
I am new to this puppet. I am implementing a network where my cisco switch
will contact the puppet server for getting the configuration.
I tried installing open source puppet and was successful in pushing down
the configurations.
I wanted then to try the same exercise with puppet enterprise 3.1. I
installed puppet enterprise in a different server and changed my puppet
agent (switch) to
2013 Jan 08
6
Why is localhost self-signed cert a CA cert?
I am building a mail server on Centos 6.3 and working with OpenSSL to
create a self-signed certificate for mail use.
Along the line of learning the 'best' options to use for OpenSSL and
dealing with the default SSL virtual host for Apache, I discovered that
the localhost cert created (I believe) during firstboot has the X509v3
extensions set as a CA cert (eg basicConstraint CA:TRUE).
2012 Jan 15
0
X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
Hello list members,
I would like to inform that version 7.1 of X.509 certificate support) is
ready.
The just published update from "Integration" series offer direct support
of X.509 certificates based on RSA keys from PKCS11module. Another
integration update is that now you could you use FIPS capable OpenSSL
library in FIPS mode.
As result of above mentioned features
2008 Jun 12
1
INN with SSL
Hello, on a INN mailinglist i have found , that in order to use INN over SSL
i need to call another instance of nnrpd like this :
su news -c '/usr/local/news/bin/nnrpd -D -c
/usr/local/news/etc/readers-ssl.conf
-p 563 -S'
I am using INN from official centos 5.1 rpm .
My question is, where to init scripts /etc/init.d/inn or somewhere else put
such a line to have INN listening on 563 for
2006 Apr 12
2
selfsigned ssl certificate
Hello,
I need to setup a secure ssl site but I'm using a FC3 howto wich is not
compatibel anymore wwith Centos 4.2
Now I removed the standard crt.key and server.key files and used the make
testcert script in /etc/httpd/conf to create a new one with the appropriate
company name and such.
But this certificate requires a passphrase everytime apache starts and I
rather would like to remove
2008 Jun 03
2
INN Python support in Centos 5.1
Hello . i want to ask several questions :
1) Is INN on Centos5.1 compiled with python auth hooks support?
2) If i want my messages on news server to keep forever (history) , should i
change expire.ctl?
What i need to set
3) Is there some configuration which i need to set to be able to use python
auth hooks? Or can i simple proceed with adding them to readers.conf ( I
allready tested my
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen,
I discovered that the need of appending the .pub part of id_rsa(client
key+cert) on the server can be eliminated by adding the Certificate Blob
to authorized_keys which could look something like this:
x509v3-sign-rsa subject=
/C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com
This is extracted from the client certificate using openssl as
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2004 Apr 13
1
Patch Status
When is the x.509 patch going to become part of the
main
distribution of OpenSSH, and if not, why? Looks like
other
projects i.e. OpenSC might be using it now as well.
Secondly, thought I'd try it again, new patch
(Validator), same error...
TIA,
cs
########################
# ssh-x509 Unknown Public Key Type
########################
1 Installed OpenSSL-0.9.7d (no customization)
2
2004 Apr 07
0
Announce: X.509 certificates support in OpenSSH(version h-Validator)
I'm pleased to announce that the version "h"(code-name Validator) of
"X.509 certificates support in OpenSSH" is now available for immediate
download at http://roumenpetrov.info/openssh.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o OCSP (optional and
2004 Aug 19
0
Announce: X.509 certificates support in OpenSSH-3.9p1
Hi All,
Diffs of "X.509v3 certificates support for OpenSSH" versions
g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for
download.
Please visit "http://roumenpetrov.info/openssh" for more information.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o
2003 Dec 05
1
TLS: hostname doesn't match CN??
Hi,
I'm configuring Samba 3.0 to store users in ldap server.
I've configured openldap 2.1 with SSL and it worked properly with ldap
commands but when
I try using then smbpasswd command it reports me the error:
failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error:
Can't contact LDAP server
TLS: hostname does not match CN in peer certificate
Connection to
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2006 Jan 22
0
Announce: X.509 certificates support in OpenSSH (version 5.3 from "Validator" series)
Hi All,
The version 5.3 of "X.509 certificates support in OpenSSH" is published.
This version adds preliminary support for "x509v3-sign-rsa-sha1"
and "x509v3-sign-dss-sha1" key type names in conformance with
"draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss
key type with signatures in "ssh-dss" format.
More details on page
2011 Feb 15
11
Puppetmasterd not receiving certificate request
Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never
able to generate a certificate because my server never shows any
pending certificate requests.
Put differently, on the server I am running puppetmasterd and on the
client I am able to connect to the server, but the client continues
printing
notice: Did not receive certificate
warning: peer certificate
2020 Nov 10
2
Samba 4.11 with SSL authority CA role
Hi, I've Samba 4.11 running over Centos 7.x. I need setting Samba with
certificate authority CA (similar to Windows Active Directory Certificate
Services) ?is possible? . I found info about ssleay but y to old .
Thanks.
Saludos.
---
Miguel.
2003 Apr 24
1
x509v3-sign-rsa authentication type...
I've seen a variety of patches on the list for supporting the x509v3
certificate authentication. Are there any plans to include any of these in
the official openssh?
Thanks,
Kevin Stefanik
2020 Nov 11
2
Samba 4.11 with SSL authority CA role
I have OpenSSL forgenrate the CA root file in my server and work fine. My
question is, ?howto i say to Samba (configuration) for work with CA
certificates? . I dont find information about this.
Thanks.
Saludos.
---
Miguel
El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>)
escribi?:
> On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba wrote:
>
2003 Jan 30
0
X.509 certificates support in OpenSSH - version f is ready
Hi all,
I have pleasure to announce new version f of "X.509 certificates support in OpenSSH"
Please to update your bookmarks/favorites with new location:
http://roumenpetrov.info/openssh
Old location is available too:
http://satva.skalasoft.com/~rumen/openssh
What's new:
* support "Certificate Revocation Lists" (CRLs)
* ssh-keyscan can show hostkey with