Displaying 20 results from an estimated 4000 matches similar to: "Could not call revoke: Cannot convert into OpenSSL::BN"
2010 Apr 21
3
revoked host can't be re-added?
I have a problem I can''t figure out. I was having cert problems with a
host - it seemed to have multiple host names (mot likely from dns
changes in the past) and all the certs were valid. Although it was
giving an error about a cert I could not identify. So I tried:
puppetca --revoke hostname
puppetca --clean hostname
restart puppetmaster
puppetca --list --all
(host does not show up -
2010 Jun 15
8
puppetca unable to sign new certs - Invalid argument error
Hello
I have a puppetmasterd installation running on a Mac OS X 10.6.3
Server with puppet installed via macports.
Earlier today it was happily signing requests, before I upgraded
puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument":
bash-3.2# puppetca --sign bouti.carbonplanet.com
bouti.carbonplanet.com
err: Could not call sign: Invalid argument
The only mention I can find on
2001 Aug 14
1
[BUG] linux-2.4.7-ac7 Assertion failure in journal_revoke() at revoke.c:307
Greetings all,
I have hit a kernel BUG in revoke.c in kernel 2.4.7-ac7 twice today while
attempting to perform the same operation (patching stock 2.4.8 kernel src
with "patch -p1 < patch-2.4.8-ac4"). Syslog entries follow. Please
email me if you want/need my kernel config or any other information.
Thanks,
jtp
2016 Jul 20
0
[Bug 2600] New: Use Linux capabilities to revoke additional permissions from chrooted users
https://bugzilla.mindrot.org/show_bug.cgi?id=2600
Bug ID: 2600
Summary: Use Linux capabilities to revoke additional
permissions from chrooted users
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
2012 Jul 26
3
About revoke write access of all the shadows
Hi all,
Recently, I read codes about the shadow page table. I''m wondering whether the kernel has provided the function to revoke write access of all the shadows of one domain. If you know one with this function, please tell me about it. Thanks.
BTW, I have my own idea to implement this. My idea is as follows:
void sh_revoke_write_access_all(struct domain *d)
{
2010 Aug 25
1
Could not request certificate: Neither PUB key nor PRIV key
Oh my god.... what is this?
Getting this on first boot of new client.
Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files
Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request
certificate: Neither PUB key nor PRIV key:: header too long
I stop the client, and remove the ssl directory on the client:
[root@app03 puppet]# service puppet stop
Stopping puppet:
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
https://bugzilla.mindrot.org/show_bug.cgi?id=3659
Bug ID: 3659
Summary: Certificates are ignored when listing revoked items in
a (binary) revocation list
Product: Portable OpenSSH
Version: 9.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there!
What am I doing wrong?
I created a ssh-certificate
id_user_rsa-cert.pub with this dump:
id_user_rsa-cert.pub:
root at host # ssh-keygen -Lf id_user_rsa-cert.pub
??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate
??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk
??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs
??????? Key ID:
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi Daminan!
Hmmm... thought about a little...
when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug
is compiled in.
ssh-keygen --help gives me
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ...
so... option -z is not the serial of the certificate, it is the
version-number of the KRL-File...
My openssh-Verision from Debian is
2006 Oct 26
2
Re: openssl server/client classes
Thorsten Sandfuchs wrote:
> Hio,
> I''m looking for a way to manage openssl client/server classes which correspond
> to each other. As I don''t want to reinvent the wheel, I''d be glad if someone
> could share his solution? :)
>
> It should be possible to provide and distribute ssl-certificates corresponding
> to one (or perhaps even many) CAs and for
2013 Oct 04
2
Issue retrieving new certificate on host after original certificate was revoked
Folks --
I am attempting to retrieve a new certificate on a Puppet client whose
certificate was revoked on the Puppet master.
The original certificate was revoked using the command:
# puppet cert --revoke el5-puptest-2.localdomain
I have deleted the /var/lib/puppet/ssl directory on the client, and issued
the following command:
# puppet agent --test --waitforcert=20
This produces the
2010 Jul 01
1
Interesting "Bad Certificate" Problem
All,
I''m having an interesting certificate problem with a host I provisioned
today. The host was provisioned and puppet was installed as part of the
post-os provisioning process. After I signed the certificate I see the
following on the client side:
[root@client ~]# puppetd --verbose --no-daemonize
notice: Starting Puppet client version 0.25.4
err: Could not retrieve catalog from
2000 May 10
4
openssl w/ rsaref openssh won't configure
I have openssl-0.9.5a and openssh-2.1.0. I configured ssl with rsaref
and it passes the tests. When I configure ssh I get:
----
checking for OpenSSL directory... configure: error: Could not find
working SSLeay / OpenSSL libraries, please install
----
it is failing RSA_private_decrypt function call. The RSA_generate_key
seems to work (does not return null) but then goes on to fail at
2010 Nov 04
0
certdnsnames question
Hi All
Apologies if this is obvious, but I''m a bit flaky around SSL certificates.
NB puppet version 0.25.5
We use the brilliant feature of certificates where you can have Alternate
DNS names for a certificate which is manifested in the puppet master config
file as certdnsnames. All our clients connect to puppet-$
location.example.com, and if $location is down, we can point the CNAME to
2006 Dec 19
2
Automating client setups
Is there a Best Practices method for doing this? :)
I''m trying to configure clients by ssh''ing to them from the
puppetmaster. My steps are:
ssh $host ''svccfg import ...''
sleep
puppetca --sign $host
scp namespaceauth.conf $host
ssh $host ''svcadm restart puppet''
The problem is that I''d like to stop and log an error if the cert
signing
1998 Nov 17
0
revoke
The bug I reported earlier seems to have been a hoax of sorts. =] The share(s)
I tried it on had full access passwords, but no read-only passwords.
Sorry about this.
---
Mark Deneen
deneen@bucknell.edu ICQ: 333068
http://www.students.bucknell.edu/deneen
Different all twisty a of in maze are you, passages little.
2012 Jan 09
0
Changing the puppetca CA password
Currently the puppetca CA password is set to ''secret''
How would one go about changing it? I agree with puppetlabs
documentation that you should be an SSL expert to implement your own
CA. I am not. However I would like to use puppet''s CA PKI
infrastructure with ActiveMQ over TLS and it is seems logical to use
puppet''s KPI with this for mcollective and
2003 Nov 27
0
[Announce] GnuPG's ElGamal signing keys compromised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GnuPG's ElGamal signing keys compromised
==========================================
Summary
=======
Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing. Note that
2018 Feb 01
2
Reload config with SIGHUP does not immediately revoke access to host removed from hosts allow
Hello All
My samba-4.x server has lot of registry shares added. There are windows
clients connected to it and I wanted to remove the access to one of the
hosts.
I did net conf setparm to set the updated list of IPs in "hosts allow"
param and then reloaded samba config with killall -1 smbd .
I see that the host which is not part of the hosts allow but already have a
open window in
2008 Nov 19
2
Could not request certificate: Certificate does not match private key
hello,
I''ve just added a new client to an existing configuration but cannot
get it recognised. Both client and server are running 0.24.5,
installed on gentoo linux using portage.
This is what I dis:
Server:
/etc/init.d/puppetmaster start
* Starting
puppetmaster ...
[ ok ]
Client:
puppetd --test
warning: peer certificate won''t be verified in this SSL session
notice: Did not