similar to: Why is localhost self-signed cert a CA cert?

Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor postfix setup. At one stage it says, Configuring The Server Setup SSL Certificate Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname. > genkey --days 3650

Hi, Does anyone have a pointer to correct documantation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided to try using Dovecot as my IMAP server, as I was impressed with the dedication to security that seems to be the core development goal. I'm really happy with it, but I can't get it to work with a self-signed cert. Normally, on a RHEL system, you just go into

Last night my rsync got some 'new' files for the base repo and new repodata. This morning, I set a server to upgrade from 5 to 5.1 by setting it to access my local base and updates repos. I got the following error: Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for openssh-clients to pack into transaction set.

So, at wits end. Have gone back to plain text for pop3. I set up the ssl as per instructions but I always get a 'chain' error first time trying to receive mail with my mail client. Comes down I believe to the need to get a CA for dovecot's pem files or I will always get an error. Now I am thinking since I am self signing my own mail I should be able to make that intermediate crt

With PKIX validation the certificate should match the hostname. With SMTP, the hostname should match the reverse IP though often it does not. Using subdomains gives you flexibility. with DANE validation, it is DNSSEC that validates the fingerprint to the hostname so I do not believe there is a need for the hostname in the cert to match anything, but DANE validation is currently not used by

I have been thinking, and reading, on how to back up my mailserver. I have not found any approach that seems ready to use. I have run years without any backup, but would really like to have something in place.? I figure I can attach a USB drive and backup to that, then from there rsync to something elsewhere.? Further if that USB drive is a full mailserver image, I actually have a 'hot

Doug, On 03/16/2017 11:23 PM, Doug Barton wrote: > Your pattern seems a little too complicated. See below. I acquired this script from: http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer No telling where he got it from. So I greatly appreciate any and all advice. I am writing my own howto, and I would like to think I am doing a better job of it. I hope

Can anyone validate this? I am attempting to run the puppet cert/ca standlone commands. I am running form an unchanged master branch and if I run (simplified for the example): puppet cert generate host the resulting ca_key.pem is not encrypted. If I run : puppet ca generate host the resulting ca_key.pem is encrypted. In both cases the ca.pass file is created but the code path through cert does

Hi list, I have to build vpn server for 1500 clients. No encryption necessary. can anyone please recommend me vpn server. I do not have experience on vpn. I have tested openvpn on my test setup, & its working fine. I want to check if there any other vpn server available. I have not checked but can pptp vpn be usefull? My requirement is to connect 1500 clients on vpn server. Need

Hi Joel, Joel GUITTET wrote: > Hi, > We currently work on a project that require SSH server with FIPS and using OpenSSL v3. There is no way to work with OpenSSL v3 due to many reasons. If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH. Regards, Roumen Petrov -- Advanced

Hi All As many may have noticed the GNU Project's FTP server had been compromised as outlined in this CERT advisory[1]. I felt the urge to quickly hack together a small perl script to check my distfiles against the published md5 sums from FSF. Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc (Check and Verify the PGP signature ![1]) [1] Full CERT advisory :

I''ve got qualcomm''s qpopper2.2, and am not sure if its vulnerable. The advisory mentions pop and imap servers, but only says: version of IMAP (Section B). If your POP server is based on the University of Washington IMAP server code, you should also upgrade to the latest version of IMAP. Until you can take one of these actions, I installed the new imapd about 3

What happens if the generated CA cert expires? Does puppet detect that in time and generates and distributes a new CA cert? Or do I have to generate and distribute one myself? Robert Scheer -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this

http://bugzilla.mindrot.org/show_bug.cgi?id=737 Summary: CERT? Advisory CA-2003-26 - any effect on OpenSSH? Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

On Thu, 3 Jan 2019 07:13:19 -0800 Gregory Sloop <gregs at sloop.net> wrote: > > >> The user and group queries, as best I can tell, from the FreeNAS > >> box are occurring via LDAP. > > RPvs> No they are not, well not unless freenas is doing something > RPvs> strange. > > We can argue about the details, but that's not helpful. > > As

I'm getting the following error on two of my RH7 boxes that are using SMB to connect to other Windows boxes on our network. I'm sure that someone else has run into this problem, as I have found a cursory reference to it on this mailing list. However, I have not been able to locate a fix for it (other than that the last individual change the directory that SSL was looking to for certs).

Looks like this question was indeed solved prior (finally found the searchable archive). Solution is to add ssl CA certDir=/usr/share/ssl/certs to the smb.conf file (or appearently any other directory for that matter). Jamin W. Collins > -----Original Message----- > From: Giulio Orsero [mailto:giulioo@pobox.com] > Sent: Monday, April 16, 2001 1:02 PM > To:

Hi! Is there a recommended way to set all the Samba DC's to use the same TLS Root CA certificate? Thanks, Peter

Op 25-10-2023 om 16:45 schreef Alex via samba: > Hi! > > Is there a recommended way to set all the Samba DC's to use the same TLS > Root CA certificate? In smb.conf put a line, like this to let it use a specific ca-cert: tls cafile = /etc/ssl/certs/ca.pem Now it is just a matter of distributing that to all the DCs - Kees. > > Thanks, > > Peter