similar to: libvirt client certificate location

Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: ----------------- ssl = yes ssl_cert =

Hi, I'm experimenting with certificates for users, giving access via the TrustedUserCAKeys mechanism. Unfortunately, there seems to be a limit of one certificate per SSH key on the user's side, which prevents using the same key for hosts using different TrustedUserCAKeys. Is there a clean way around this? To make the above clearer, consider the following situation: A collection of hosts

I can't see any security advantages of a self signed cert. If the keypair is generated locally (which it should) a certificate signed by an external CA can't be worse just by the additional signature of the external CA. Better security can only be gained if all users are urged to remove all preinstalled trusted CAs from their mail clients (which seems impractical). Else an attacker could

Hi, We're developing an open source project that uses SSH certificates. We issue short lived certificates (few minutes) to execute commands on behalf of users. We have a use case where we need to issue certificates with 10 days validity and store them, so we put a command inside them: ssh-keygen -s ca-key -I certN -n user -O force-command="wget something" -V +10d user-key.pub and

Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I?m wondering if any MUAs will follow Google?s lead and insist on CT. Thank you! -Felipe Gasper

Hai Pierro, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Pietro Stäheli via samba > Verzonden: vrijdag 15 februari 2019 10:48 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Samba and AD Certificate Services > > Hi folks, > > Does anybody have experience using ADCS in conjunction with Samba? I > would

SvK> On Wed, 9 Aug 2017 08:39:30 -0700 SvK> Gregory Sloop <gregs at sloop.net> wrote: >> AV> So i?m using dovecot, and i created a self signed certificate >> AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches >> AV> my mail server. >> AV> The first time it connects in mac mail however, it says the >> AV>

On 8/11/2017 1:29 PM, Ralph Seichter wrote: > On 11.08.2017 11:36, Michael Felt wrote: > >> This is what Ralph means when he says "have been running a CA for >> 15+ years" - not that he is (though he could!) sell certificates >> commercially - rather, he is using an initial certificate to sign >> later certificates with. > Actually, I do sell certificates

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a

On 05/01/2018 09:08 AM, Aki Tuomi wrote: > >> On 01 May 2018 at 19:03 Felipe Gasper < felipe at felipegasper.com >> <mailto:felipe at felipegasper.com>> wrote: >> >> >> Hi, >> >> For CAs that do not include a signed certificate timestamp in their >> newly-issued certificates, does Dovecot support either OCSP stapling >> or the

Hi. Little story :-) I'm playing with dovecot 2.2.25 and multiple SSL certificates. ~7000 certificates which are loaded twice, so my dovecot has ~14 000 certificate pairs (14k key + 14k cert) in config. 14 000 local_name entries. Like these: local_name imap.example.com { ssl_cert = </etc/certs/cert1.pem ssl_key = </etc/certs/cert1.pem } local_name pop3.example.com { ssl_cert =

Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have

On 6/28/11 3:56 PM, John Criswell wrote: > Dear All, > > The good news is that the new llvm.org SSL certificate is installed and > appears to be configured correctly. As a followup to this, I discovered that I was using the MacPorts version of the svn client on our Mac OS X system. Using the svn client in /usr/bin/svn seems to recognize the certificate just fine. The pattern that

Thanks Ralph, i?ll look into that. I think let?s encrypt uses certbot though and it can?t do email certificates (although i?m sure i can convert the cert i get from let?s encrypt, i?ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > > On 09.08.2017 17:20, Alef Veld wrote: > >> So i?m using dovecot, and i created a self

Dear All, The good news is that the new llvm.org SSL certificate is installed and appears to be configured correctly. The bad news is that some machines seem to recognize the intermediate SSL certificate (which is apparently used to sign the SSL certificates UIUC buys starting this year) while others do not. In particular, our internal Linux machines show no errors, while our Macs and

A very ignorant question, sans doute. I get my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I

Any issues with permanently accepting the intermediate certificate, which I did this morning, when getting the message? Thanks in advance Garrison On Jun 29, 2011, at 12:13, John Criswell wrote: > On 6/28/11 3:56 PM, John Criswell wrote: >> Dear All, >> >> The good news is that the new llvm.org SSL certificate is installed and >> appears to be configured

Hi folks, Does anybody have experience using ADCS in conjunction with Samba? I would like to create certificates using ADCS as a CA to create certificates to be deployed to servers running web applications. It would be very convenient to have joined Windows computers automatically trust certificates issued my own CA instead of having to import certificates manually on every browser on every

Hi all, I have the following in my apt sources.list file: deb https:// /bin/linux/ubuntu trusty/ I issued the following command to obtain the public key: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E084DAB9 I am receiving the following error message though after updating the Synaptic package manager: Failed to fetch

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 01 May 2018 at 19:03 Felipe Gasper < <a href="mailto:felipe@felipegasper.com">felipe@felipegasper.com</a>> wrote: </div>