similar to: Certificates Revocation Lists and Apache...

This procedure works fine for years on RH/CentOS 3+ The current machine is a core 2 duo with x86_64 CentOS 4.4 (updated) Compile, make and install openssl in /usr/local/openssl configure mod_ssl for apache 1.3.37 configure apache using SSL_BASE=/usr/local/openssl SSL_INCDIR=/usr/local/openssl/include SSL_LIBDIR=/usr/local/openssl/lib ./configure --with-layout=Apache --prefix=/usr/local/apache

Hi, I have a smartcard which is revoked in the Certificate Revocation List (CRL) but I can still login. Seams like the CRL check is not performed. Any known bug around this? Server setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (default is to look under private/ folder) Client setup: - Windows 7 machine as

Thanks but I've actually tried that too. Not sure I put it in [kdc] section though, I can try again. Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > Hi, > > I have a smartcard which is revoked in the Certificate Revocation List > > (CRL) but I can still login. Seams

https://bugzilla.mindrot.org/show_bug.cgi?id=2328 Bug ID: 2328 Summary: Per-user certificate revocation list (CRL) in authorized_keys Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hi, Does anyone have a pointer to correct documantation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

On Thu, 21 Sep 2017 22:08:51 +0200 Peter L via samba <samba at lists.samba.org> wrote: > Thanks but I've actually tried that too. Not sure I put it in [kdc] > section though, I can try again. > > Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > > > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > >

Ah, thank you, obviously this is a bug. Last comment (Łukasz Matyja 2016-04-01) says to have a fix, but how do I know if it has been added to bitbucket/samba? And if so, in which version? Or does the problem remain since the bugzilla case is still there? (Status: New) On Thu, Sep 21, 2017 at 10:52 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Thu, 21 Sep 2017

Hi, I have this problem: when I make a new request and sign the client''s certificate, then i get a "revoked certificate" error: err: Could not retrieve catalog from remote server: sslv3 alert certificate revoked I am using same version of puppet on master and clients, tried many times, dates are the same, and cleaned the "ssl" directory. Can someone help me?

https://bugzilla.mindrot.org/show_bug.cgi?id=3204 Bug ID: 3204 Summary: Enable user-relative revoked keys files Product: Portable OpenSSH Version: 8.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi - I read up on this subject quite a bit, and was able to find a few posts on the mailing list, even found a wiki article. Unfortunately it doesn''t quite address what I''m looking to do. From what I understand, Puppet''s client/server authentication system - using SSL - is portable. I believe that I should be able to use the same SSL certificates and keys (and even

I've read the client ssl cert section in the wiki and it talks about using a self signed cert, if I am using a commercial cert, in this case godaddy, how do I implement a self signed cert for the client side and have dovecot make use of this? I know the mechanics of setting up the self signed ca, the question is more what configuration changes do I need to make in dovecot to handle both

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

Hi, My puppet master don''t want to start anymore. Any idea ? [root@puppetmaster requests]# puppet master --no-daemonize --debug debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug:

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself; >> these must

On 30/01/2020 15:02, Christian, Mark wrote: > On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote: >> As a concrete example: I want Alice to be able to login as "alice" >> and >> "www" to machines in group "webserver" (only). Also, I want Bob to >> be >> able to login as "bob" and "www" to machines in group

Today I've been trying to get dovecot (1.0 rc2) to use certificates for client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType,

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

This is the first time is happening... and It happens consecutively with all the hosts. Fresh kickstarted host (never set up before the name so its not on the revocation list), I just run puppetd -tv (we have autosign on), I just get the output below: [root@server182 puppet]# puppetd -tv info: Creating a new SSL key for server182.domain.com warning: peer certificate won''t be verified in

Please tell me in technical details how current revocation support works, or give links. Then I will be able to give an answer. On Fri, May 25, 2018 at 7:16 AM, Damien Miller <djm at mindrot.org> wrote: > > > On Fri, 25 May 2018, Yegor Ievlev wrote: > >> Can you implement revocation support? > > What do you want that the existing revocation support lacks?