similar to: what is the “Online Certificate Status Protocol”

I'm searching for a method [on client side] to redirect to HTTPS in a few given domains. e.g.: http://www.facebook.com/ to https://www.facebook.com/ Ok. I use several webbrowsers, and not all of them has "add-ons" to redirect these pages to https. My purpose is this: when i go to "http://www.facebook.com" i don't want to see any http traffic with wireshark

Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I?m wondering if any MUAs will follow Google?s lead and insist on CT. Thank you! -Felipe Gasper

On 05/01/2018 09:08 AM, Aki Tuomi wrote: > >> On 01 May 2018 at 19:03 Felipe Gasper < felipe at felipegasper.com >> <mailto:felipe at felipegasper.com>> wrote: >> >> >> Hi, >> >> For CAs that do not include a signed certificate timestamp in their >> newly-issued certificates, does Dovecot support either OCSP stapling >> or the

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself; >> these must

Original: Jan 23 2011 10:42 SOMETHING 2007.12.20.avi Jun 26 2009 SOMETHING 2009.06.25.avi Feb 12 2010 SOMETHING 2010.02.11.avi Jan 29 2011 09:17 SOMETHING 2011.01.27.avi Feb 11 2011 20:06 SOMETHING 2011.02.10.avi Feb 27 2011 23:05 SOMETHING 2011.02.24.avi Output: Feb 27 2011 23:05 SOMETHING 2011.02.24.avi Feb 11 2011 20:06 SOMETHING 2011.02.10.avi Jan 29 2011 09:17 SOMETHING 2011.01.27.avi Jan

On 03-03-16 14:09, Gedalya wrote: > On 03/03/2016 07:30 AM, Stephan Bosch wrote: >> BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. > Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't

I just can find any solution... Please help! thanks.. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110225/5a94de60/attachment.html>

On 17.06.2016 16:27, ????????? ???????? wrote: > Walter H. ????? 2016-06-16 22:54: >> On 16.06.2016 21:42, ????????? ???????? wrote: >>> >>> I don't think OCSP is critical for free certificates suitable for >>> small businesses and personal sites. >>> >> this is philosophy; >> >> I'd say when you do it then do it good, else

Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option

Op 3-3-2016 om 13:04 schreef A. Schulze: > > dovecot: > >> So I would like to know if Dovecot is planning to feature OCSP stapling. >> That way I know for sure my "must staple" certificates can be used by >> Dovecot. And in my opinion, every TLS offering daemon should be up to >> par to the capabilities of TLS.. Not lag behind :) >> >>

Hi all, About a year ago, Torsten already asked for OCSP stapling (http://dovecot.org/pipermail/dovecot/2015-April/100632.html). Unfortunately, there was no answer to his question. Now RFC 7633 ("TLS Feature Extension", https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed, revocation is getting serious! I personally would like to embed all my TLS

On 03-03-16 13:04, A. Schulze wrote: > > dovecot: > >> So I would like to know if Dovecot is planning to feature OCSP stapling. >> That way I know for sure my "must staple" certificates can be used by >> Dovecot. And in my opinion, every TLS offering daemon should be up to >> par to the capabilities of TLS.. Not lag behind :) >> >> What's

What about the pki package that comes with Centos? pki-server and pki-ca? On 04/16/2017 11:54 AM, Alice Wonder wrote: > Oh I don't know, their github works. > > However it seems that it isn't able to deal with more than one ocsp > signing key. > > On 04/16/2017 08:40 AM, Robert Moskowitz wrote: >> >> >> On 04/14/2017 10:41 PM, Alice Wonder wrote:

On 16.06.2016 21:42, ????????? ???????? wrote: >> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ...

Hey all, With google-earth-stable.x86_64 0:7.1.2.2041-0 [mlapier at peach /]$ /usr/bin/google-earth [0425/000212:ERROR:net_util.cc(2195)] Not implemented reached in bool net::HaveOnlyLoopbackAddresses() Failed to load "/opt/google/earth/free/libinput_plugin.so" because "/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.14' not found (required by ./libLeap.so)"

On 04/14/2017 10:41 PM, Alice Wonder wrote: > https://www.openca.org/ might fit my needs. their Centos repo does not exist, it seems? > > On 04/14/2017 06:29 PM, Alice Wonder wrote: >> Hello list, >> >> I'm contemplating running my own CA to implement the new proposed ISP >> for validation of S/MIME certificates via DANE. >> >> I already use

Hello list, I'm contemplating running my own CA to implement the new proposed ISP for validation of S/MIME certificates via DANE. I already use self-signed for my MX servers (with 3 1 1 dane records on TCP port 25) but I don't want to use self-signed for S/MIME for user specific x.509 certs because A) That's potentially a lot of DNS records B) That requires a hash of the e-mail

Hello, I am getting errors when doing a make clean under /usr/src, I have always done this before doing a make world, and never a problem. I have tried deleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o

On 17.06.2016 22:39, ????????? ???????? wrote: >> yes and no, but faking a valid OCSP response that says good instead of >> revoked is also possible ... > > Could you please provide any proof for that statement? If it were true > the whole PKI infrastructure should probably be thrown out of the > window. ) question back: is the SHA2 discussion a real security impact or

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks