similar to: 2007-006 Ruby SSL Update on Debian

Hello there, Since the update with ruby all my puppet function is dead (well known issue with the cert) . There has been some discutions on the dev list on how to patch this for future versions. I have read the list and wondered how we can solve the issue while waiting for the .24. I am in beta test of the .23.x version but on my production system i wanted to find a way to solve this now

Hi all, I attempted to add an EL5.1 client to our puppet server (EL5), and after signing the client cert, got the error "Certificates were not trusted: hostname not match with the server certificate" I found the mailing list discussion and the relevant page: http://www.reductivelabs.com/trac/puppet/wiki/RubySSL-2007-006 As far as I can tell, my puppermaster''s cert CN matches

Hello folks, I have been receiving this error on my new servers when I try to restart the puppet. /etc/init.d/puppet restart Stopping puppet: [FAILED] Starting puppet: /usr/lib/ruby/1.8/openssl/ssl.rb:74:in `post_connection_check'': hostname was not match (OpenSSL::SSL::SSLError) from /usr/lib/ruby/1.8/net/https.rb:183:in

Can someone help me understand the overall picture of SSL certificates in this scenario? I have a working dovecot/postfix/mysql server. It has a certificate. I now want to create a second, essentially duplicate configured server for use with replication. What is the relationship between the certificate and the hostname, or the DNS entry since the certs are created using the server?s domain

Hi All, I''ve been trying to resolve the SSL issue as described on the link at the bottom. I understand the issue and I''ve tried to implement all the different patches (one at a time .. :-). However for most of them there are either files missing or code not found in the files. It seems this is due to a version difference in Puppet. The docs and patches seem to be for the

I thought I read somewhere that the hostnames on replicated dovecot servers had to be different. Is this simply the hostname you specify in the config for dovecot and can this be different than the actual unix hostname? Ethon B. > On Oct 11, 2017, at 11:04 PM, Anvar Kuchkartaev <anvar at anvartay.com> wrote: > > If you are using different hostname for each server then you need

Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7, is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation, and there was a similar report from someone else. Communications between the puppetmasterd and the puppetd running on the same host broke down with the message: Could not retrieve configuration: Certificates were not trusted: hostname not match with

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All

Hello, I'm looking into adding support for extracting the username from client certificate's rfc822Name (from the subjectAltName extension). The question I have is what would be the best approach to do this? Current implementation has a kind of clean code since it just goes through the subject name, extracting the values with X509_NAME_get_text_by_NID (while NID is obtained with

Good afternoon everyone, This is my first post here. I was wondering if someone could clear my mind about this. I have a dedicated server with a single ip address assigned to it. I want to host couple of site which are hosted somewhere else and they have signed certificates. Now I want to host them all on this single server. Is it possible to bound more than one cert to a single IP based

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, This question may be slightly OT for this list, but it does concern securing services on my FreeBSD servers :-) At the moment I have some existing (self-signed) SSL certs for Dovecot, Exim and Apache. It's mostly only me that uses them for now, but I'm planning on expanding that, so want to try and do things "right". My

I tried to set cn=myMachine instead of cn=192.168.1.x and...everything frezees! virsh -c qemu://.../system tries to connect forever. You really need static ip addresses in the cn field?? I think this is an HUGE bug: you are saying to me that each time I change network or ip (because, dear sirs, dhcp exists) I have to generate a whole new couple of certificates?? I hope it is not the case....

Hi R-users, I have missing data for the month. My question is how do I insert the missing month and fill up the cell with 'na' for the rain amount?  Then I would like to count the percentage of missing data. No     Year     month rain 1398 1985    10 104.2 1399 1985    11 138.0 1400 1985    12 120.4 1401 1986     1  12.6 1402 1986     2  19.4 1403 1986     3   1.0 1404 1986     4  58.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have a dual stack server with Dovecot 2.1.10 listening on v4 and v6 Dovecot has a Comodo SSL certificate issued via NameCheap that works as expected with IPv4 in 10-ssl.conf I have enabled these configuraction directives: ssl = yes ssl_cert = < /path/to/file.crt ssl_key = < /path/to/file.key ssl_parameters_regenerate = 202 hours If I

My icecast https stream (https://vertenradio.com:8443/stream) does not work on a Sonos ONE player. It might have something to do with the ssl handshake. >From the developer page from sonos i found this: Some common reasons for SSL handshake failures include: ? Expired certificate: Every certificate has a validity window before it expires. You need to present Sonos with unexpired

Can some one point out to me what I am missing? I suspect I have messed up the if/else some how. I am getting a '' Syntax error at ''{''; expected ''}'' at /srv/puppet/production/manifests/modules/apache/init.pp: 19''. According to the Language tutorial this should be correct. I am testing for an existence of a variable. If it exists chagne the

Puppet 2.7.8rc1 is available. 2.7.8rc1 contains everything that was being previewed in the 2.7.7rc series as well as some new content. Key highlight in this release (beyond items from 2.7.7rc series) are: * Allow providers to be selected in the run they become suitable * Showdiff is now not auto-enabled when running in noop mode * Provide default subjectAltNames while bootstrapping

Puppet 2.6.12 is a security update release in the 2.6.x branch. The only changes since 2.6.11 are security fixes for the following vulnerability: * CVE-2011-3872, Altnames Vulnerability For more details on this vulnerability, follow the link on our blog post: http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/ Other information available at:

If you are using different hostname for each server then you need different certificates or SAN certificate with corresponding subjectAltName extensions. Certificates verifies hostname so if your hostnames are different then you have to use different certificates. However it is more useful if you keep your server hostname and service hostname separately. Your server hostnames might be