similar to: Client-side certs

version 0.62 I''ve got a form that''s giving me trouble (server reports invalid session ID). Unfortunately, the form is submitted using SSL so I can''t use a sniffer to see the differences between the ruby mechanize version and the perl mechanize version that is working. Is there a way to change the form action within mechanize? Or a way to display the request headers?

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info:

I've read the client ssl cert section in the wiki and it talks about using a self signed cert, if I am using a commercial cert, in this case godaddy, how do I implement a self signed cert for the client side and have dovecot make use of this? I know the mechanics of setting up the self signed ca, the question is more what configuration changes do I need to make in dovecot to handle both

# 1.1.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.28-14-server x86_64 Ubuntu 9.04 Here's the situation: I have several local clients (Thunderbird) which do not use TLS at all. It's plaintext completely, on port 143, because the connection is local and there are no unauthorized users on this network (it's a home network). I want to keep it that way to keep things simple. Tools /

Hi, I'm trying to get apache, sendmail , and dovecot to use SSL certs signed by my own CA. I've got the apache certs working fine. However, dovecot ( I haven't even tried sendmail yet) doesn't seem to accept any of the certificates that I create for it. There is a script that comes with dovecot that creates self-signed certificates for you but, I need certificates signed by my own

I''m trying to split out my certificate authority and have one CA and multiple masters, currently using round robin DNS, possibly using HAproxy later. Got most of the way there but tangled up in names and certificates. When the Puppet CA generated it''s certificate the PTR record for it''s IP pointed back to it''s domain name ("henson") and it had a CNAME

Hi, folks. I''m investigating libraries to use in a rather specialized feed reader. Some of the sites I want to follow don''t have RSS feeds (or have hopelessly broken feeds) so I was already planning on using Hpricot anyway -- Mechanize is looking good, here. In my research for my project, recipe 11.16 in O''Reilly''s Ruby Cookbook references a website[1]

On 2015/2/16 16:28, Jochen Bern wrote: > On 02/16/2015 04:23 PM, Reindl Harald wrote: >>> "The CA file should contain the certificate(s) followed by the >>> matching CRL(s). Note that the CRLs are required to exist. For a >>> multi-level CA place the certificates in this order: >>> >>> Issuing CA cert >>> Issuing CA CRL

On Thu, Oct 11, 2018 at 10:41 AM Damien Miller <djm at mindrot.org> wrote: > On Wed, 10 Oct 2018, Adam Eijdenberg wrote: > > We see this error on the client side: > > > > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > > ... > > debug1: Offering public key: RSA-CERT SHA256:xxx /path/to/key > > debug1: send_pubkey_test: no

Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: "The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Robert, There is a github repo that will create and then another script to renew your Let's Encrypt Certs for Icecast. The commands are well documented to help you customize for your specific implementation. The Repo is here: https://github.com/amavarick/letsencrypt_certbot_standalone_icecast The commands to concatenate the certs are: #Replace domain.tld for the name of your domain as

On Thu, 11 Oct 2018, Damien Miller wrote: > On Thu, 11 Oct 2018, Adam Eijdenberg wrote: > > > Thanks for looking into. I wasn't able to get the patch to apply > > cleanly to the portable source for whatever reason, so I manually made > > the changes and got a little further. I now get past the "no mutual > > signature algorithm" client message, and get

Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: > Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: > > "The CA file should contain the

Dirk, ive changed the subject given the nature of the present debugging. Im aware i can extend extras from download.file to install.packages however im curious to know why libcurl in the R invocation does not honor the CA bundle on my system. how would I pass a CA bundle to install.packages? the function has numerous arguments before the extras are taken. John Roman Linux System Administrator

Thanks for the note. I had never seen anything in the postfix and apache documentation that the CRLs could be intermingled with the CRTs in the CRT file. The documentation for those programs suggests putting the CRLs in a separate file (e.g. apache SSLCARevocationFile) or doesn't talk about putting CRLs in with the certs (e.g. postfix smtpd_tls_cert_file). If it works to put them all in one

Good morning, On Mon, 2023-03-27 at 00:15 +0100, rack00terry at icloud.com wrote: > > Hey all, first poster here > > > > Every couple of months I need to get the renewed SSL certificates > > ?live? in Icecast. > > > > Restarting the service does this, but of course it kicks off both > > the sources and all the listeners! > > > > Doing a

On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > What is Dovecot supposed to do? Keep track of the certificate expiry > date? And if that is passed, then what? Automatically shutdown/restart? > What if the certificate has not been updated in between? I think that > handling certificates is better left to the administrator. How I would do it is

Ah. I?m on Icecast 2.4.0-kh15 so that might explain it. There doesn?t seem to be a 2.6 kh version. Is that ?old? now, should I switch to ?vanilla?? > On 27 Mar 2023, at 10:01, Philipp Schafft <phschafft at de.loewenfelsen.net> wrote: > > Good morning, > > On Mon, 2023-03-27 at 00:15 +0100, rack00terry at icloud.com wrote: >>> Hey all, first poster here

Hi! Sorry if this has been covered. I've just started using dovecot and I've searched via google and I've downloaded the maillist archives, but I haven't found a solution. I'm using Fedora Core 1, with dovecot-0.99.10-6. When I'm at work, I access my home mail server using Outlook Express (I know, I know, but it's the only client I'm allowed to use at work).