similar to: some questions about Multiple Certificate Authorities

hello,all I write a function. this function will write the client fqdn to a file. But this function only run one time when the puppetmaster recompile the configuration. How can let this function run every time when a client connect to the puppetmaster ? please help me. -- Huang Mingyou

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard

hi ,all how to update the puppet from 0.22.4 to 0.23.2 . just install it ? is there have some thing need to be be careful ? when update the server and client,all just install the new version ? please help me ,because I use the puppet in product servers,so I need be careful. :D -- Huang Mingyou

hi,all. I found a interesting problem. first ,a new node run the puppetd to connect the puppet server, then was treated as "default" node. that''s right. Then I add the new node''s hostname in a node define. and run the puppetd ,is still get the default manifests file. But when I restart the pupppuetmaster, then it can get the new manifests file to correspond

hello,guys. When use the file type,can only mange one file. but there I have about more than 100 file need to be managed by puppet. now,I use a exec type to check out all the file from a subversion server,but there have a good solution? please help me! -- Huang Mingyou

Hallo, i'm having troubles installing self-signed certificates for dovecot. After installing, dovecot generates a key and cert. But he is using the wrong common name (where does dovecot get this name from?). I tried deleting them and installing a handcrafted cert with this: openssl genrsa -out mail.key 2048 openssl req -new -key mail.key -out mail.csr openssl x509 -req -days 4312 -in

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

hello,all I look a example manifest,found this code. File <<||>> @@file { ....... } what''s the means ? -- Huang Mingyou

hi,all I want the puppetd run in daemon only run by the puppetrun trigger, not schedule run . so how can do this ? what''s the maximum of the runinterval ? I want change this option to do this. Please help me . -- Huang Mingyou

Hello, I would like to know whether OpenSSH supports x509 certificate based authentication. It looks like OpenSSH has dependency on OpenSSL so does this mean that OpeSSH also supports x509 certificate based authentication. If it does support, can you please point me to the necessary documentation. Thanks Naitik

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div>I see. You need to import the cert into thundebird's trusted ca certs.</div><div><br></div><div>Aki</div><blockquote type="cite"><div>On 30/04/2020 21:36 <a

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

hi,guys I''m test the resources export and collect , OS is Debian etch and sarge, puppet server and client version all of the 0.23.2 ; the db is MySQL-4.1 My test code is like this. node ''b'' { @@file {"/tmp/a": ensure => present ,content => "test"; } } node ''a'' { File <<||>> } I run puppetd on

Hello all, lately i am facing problems with Certification Authorities. I have used centos script /etc/pki/tls/misc/CA my own certificate authority. In next steps i am generating requests for certificates to services such as LDAP,NNRPD and lately signing requests with CA. My approach is to import my own CA into Windows Vista OS as root CA and trusted, to avoid messages in clients such as

I'd imagine document will answer many prayers for stumped admins These are my notes to setup SuSE Linux Enterprise Server v9 and how to configure Samba v3.04-SuSE to work as a member server in a domain Also, this document contains FULL instructions on how to setup SSL Secured SWAT (Samba Web Administration Tool) This document is a step by step guide to installing SLES and Samba. Of course

Hi, I think my problem is related to the way i make my RPMs (i'm newbie at this). Two things: 1) the generated RPMs are only 1,5 kb size. That's inpossible. 2) The rpmbuild -ba zbr.spec indeed installs the software in the building stage. That's odd, isn't it ? Following my signature is an openssl.spec file Any help would be appreciated. Warm regards, M?rio Gamito --

Hi there guys, do not know if post this here or in openldap list, sorry if I disturb you. I configured samba+ldap as a PDC and byt now it's working fine, so, I decided to put some security to the stuff. The problem is that I coudl not make it work, here I what I've done. This is what netstat shows. tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

Hello, I am forwarding this from the xen-api mailing-list, because it seems to be quite dormant. I hope someone here might be able to answer the following question. Cheers, Stephan ---------- Forwarded message ---------- From: stephan nies <nies.stephan@googlemail.com> Date: Nov 22, 2007 7:30 PM Subject: how do i use xen api with key and cert? To: xen-api@lists.xensource.com Hello, I