Displaying 20 results from an estimated 500 matches similar to: "TLS: hostname doesn't match CN??"
2004 Apr 13
1
Patch Status
When is the x.509 patch going to become part of the
main
distribution of OpenSSH, and if not, why? Looks like
other
projects i.e. OpenSC might be using it now as well.
Secondly, thought I'd try it again, new patch
(Validator), same error...
TIA,
cs
########################
# ssh-x509 Unknown Public Key Type
########################
1 Installed OpenSSL-0.9.7d (no customization)
2
2006 Mar 20
1
Problem joining a domain.
Hi,
I'm running Samba/openLDAP on a FC4 and I'm trying to make it work as a
PDC. I installed all the software using yum instead smbldap-tools.
I've done all the configuration but, when I try to join a Windows XP
Professional named 'pc4' to the domain it fails with "Error joining the
domain OPENWIRED. Username not found". And no machine account is created
under
2011 Sep 14
1
puppet kick getting hostname not match with the server certificate
OS - RHEL5.7
Installation Source - epel-testing repo
Puppet server version - 2.6.6
puppetd version - 2.6.6
I searched Google and none of the answers were a match for my set up...
I can do ''puppetd --test'' from the client and things work as expected.
When doing puppet kick hostname I get the following:
Triggering hostname
Host hostname failed: hostname not match with the server
2008 Jul 01
0
self Certificate Authority, using /etc/pki/tls/misc/CA
Hello all,
lately i am facing problems with Certification Authorities.
I have used centos script /etc/pki/tls/misc/CA my own certificate authority.
In next steps i am generating requests for certificates to services such as
LDAP,NNRPD and lately signing requests with CA. My approach is to import my
own CA into Windows Vista OS as root CA and trusted, to avoid messages in
clients such as
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2012 Jan 15
0
X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
Hello list members,
I would like to inform that version 7.1 of X.509 certificate support) is
ready.
The just published update from "Integration" series offer direct support
of X.509 certificates based on RSA keys from PKCS11module. Another
integration update is that now you could you use FIPS capable OpenSSL
library in FIPS mode.
As result of above mentioned features
2004 Apr 07
0
Announce: X.509 certificates support in OpenSSH(version h-Validator)
I'm pleased to announce that the version "h"(code-name Validator) of
"X.509 certificates support in OpenSSH" is now available for immediate
download at http://roumenpetrov.info/openssh.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o OCSP (optional and
2004 Aug 19
0
Announce: X.509 certificates support in OpenSSH-3.9p1
Hi All,
Diffs of "X.509v3 certificates support for OpenSSH" versions
g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for
download.
Please visit "http://roumenpetrov.info/openssh" for more information.
Features:
* "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms
* certificate verification
* certificate validation
o CRL
o
2011 Jan 03
1
Can't get iDowell to work
Hi all, first message to the list. :-)
I've got an iBox made by iDowell:
http://store.apple.com/uk/product/TR423ZM/A
This seems to be similar to the smaller Microdowell UPS:
http://idowell.eu/
I cannot get it recognised by the drivers. This is what I get when I plug in
the USB connector:
Jan 3 19:27:26 compaq kernel: usb 3-2: new low speed USB device using
uhci_hcd and address 47
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2006 Jan 22
0
Announce: X.509 certificates support in OpenSSH (version 5.3 from "Validator" series)
Hi All,
The version 5.3 of "X.509 certificates support in OpenSSH" is published.
This version adds preliminary support for "x509v3-sign-rsa-sha1"
and "x509v3-sign-dss-sha1" key type names in conformance with
"draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss
key type with signatures in "ssh-dss" format.
More details on page
2013 Dec 12
1
Need help in addressing this error - ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
Hi ,
I am new to this puppet. I am implementing a network where my cisco switch
will contact the puppet server for getting the configuration.
I tried installing open source puppet and was successful in pushing down
the configurations.
I wanted then to try the same exercise with puppet enterprise 3.1. I
installed puppet enterprise in a different server and changed my puppet
agent (switch) to
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen,
I discovered that the need of appending the .pub part of id_rsa(client
key+cert) on the server can be eliminated by adding the Certificate Blob
to authorized_keys which could look something like this:
x509v3-sign-rsa subject=
/C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com
This is extracted from the client certificate using openssl as
2003 Apr 16
1
pop3 coredump
Hi-
I was able to get a coredump out of the new pop3 (from 0.99.9-test4)
by attempting to simulate the execution environment and simply running
the pop3 program.
Running the older pop3 from 0.99.8.1 works fine, repeatedly:
% /usr/local/libexec/dovecot/pop3
quit
+OK Logging out.
However running the new one:
% /usr/local/libexec/dovecot/pop3.new
pop3(user9): Error: Corrupted index file
2008 Mar 10
2
dovecot 1.1.rc3 assertion failed at index_mailbox_set_recent_uid while deleting message with thunderbird.
To some users happens this assertion failure while deleting a message.
dovecot: Mar 10 08:40:44 Panic: IMAP(user): file index-sync.c: line 39
(index_mailbox_set_recent_uid): assertion failed: (seq_range_exists
(&ibox->recent_flags, uid))
dovecot: Mar 10 08:40:44 Error: IMAP(user): Raw backtrace: [see bleow]
dovecot: Mar 10 08:40:44 Error: child 17683 (imap) killed with signal 6
And the
2003 Apr 24
1
x509v3-sign-rsa authentication type...
I've seen a variety of patches on the list for supporting the x509v3
certificate authentication. Are there any plans to include any of these in
the official openssh?
Thanks,
Kevin Stefanik
2003 Jan 30
0
X.509 certificates support in OpenSSH - version f is ready
Hi all,
I have pleasure to announce new version f of "X.509 certificates support in OpenSSH"
Please to update your bookmarks/favorites with new location:
http://roumenpetrov.info/openssh
Old location is available too:
http://satva.skalasoft.com/~rumen/openssh
What's new:
* support "Certificate Revocation Lists" (CRLs)
* ssh-keyscan can show hostkey with
2006 Apr 27
0
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All,
The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4
you can found diffs for OpenSSH versions 4.2p1 and 4.3p2.
What's new:
* given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1"
The implementation realised in previous
2008 Jan 14
0
Regarding the "X509v3 Certificates" patch
Dear List,
Regarding the "X509v3 Certificates" patch ... (See links below)
- http://marc.info/?l=openssh-unix-dev&m=110976923021961&w=2
- http://marc.info/?l=openssh-unix-dev&m=110973268111830&w=2
- http://roumenpetrov.info/openssh
How would I apply this patch to the OpenSSH currently in FreeBSD(.org) and/or PC-BSD(.org)??
Please CC: me on the reply because I
2008 Feb 13
1
Openssh + x509 patch problem
Hi all,
I'm trying to install ssh server based on x509 certificates with no
result. What I've done is the following:
- Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz
without error using ./configure --prefix=/opt/ssh && make && make
install in both server and client machines
- Create minimal openssl ca structure under /opt/ssh/etc/ca
( self