similar to: Could not call revoke: Cannot convert into OpenSSL::BN

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up -

Hello I have a puppetmasterd installation running on a Mac OS X 10.6.3 Server with puppet installed via macports. Earlier today it was happily signing requests, before I upgraded puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument": bash-3.2# puppetca --sign bouti.carbonplanet.com bouti.carbonplanet.com err: Could not call sign: Invalid argument The only mention I can find on

Greetings all, I have hit a kernel BUG in revoke.c in kernel 2.4.7-ac7 twice today while attempting to perform the same operation (patching stock 2.4.8 kernel src with "patch -p1 < patch-2.4.8-ac4"). Syslog entries follow. Please email me if you want/need my kernel config or any other information. Thanks, jtp

https://bugzilla.mindrot.org/show_bug.cgi?id=2600 Bug ID: 2600 Summary: Use Linux capabilities to revoke additional permissions from chrooted users Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

Hi all, Recently, I read codes about the shadow page table. I''m wondering whether the kernel has provided the function to revoke write access of all the shadows of one domain. If you know one with this function, please tell me about it. Thanks. BTW, I have my own idea to implement this. My idea is as follows: void sh_revoke_write_access_all(struct domain *d) {

Oh my god.... what is this? Getting this on first boot of new client. Aug 24 01:11:09 app03 puppet-agent[5392]: Reopening log files Aug 24 01:11:09 app03 puppet-agent[5392]: Could not request certificate: Neither PUB key nor PRIV key:: header too long I stop the client, and remove the ssl directory on the client: [root@app03 puppet]# service puppet stop Stopping puppet:

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

Hi there! What am I doing wrong? I created a ssh-certificate id_user_rsa-cert.pub with this dump: id_user_rsa-cert.pub: root at host # ssh-keygen -Lf id_user_rsa-cert.pub ??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate ??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk ??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs ??????? Key ID:

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Thorsten Sandfuchs wrote: > Hio, > I''m looking for a way to manage openssl client/server classes which correspond > to each other. As I don''t want to reinvent the wheel, I''d be glad if someone > could share his solution? :) > > It should be possible to provide and distribute ssl-certificates corresponding > to one (or perhaps even many) CAs and for

Folks -- I am attempting to retrieve a new certificate on a Puppet client whose certificate was revoked on the Puppet master. The original certificate was revoked using the command: # puppet cert --revoke el5-puptest-2.localdomain I have deleted the /var/lib/puppet/ssl directory on the client, and issued the following command: # puppet agent --test --waitforcert=20 This produces the

All, I''m having an interesting certificate problem with a host I provisioned today. The host was provisioned and puppet was installed as part of the post-os provisioning process. After I signed the certificate I see the following on the client side: [root@client ~]# puppetd --verbose --no-daemonize notice: Starting Puppet client version 0.25.4 err: Could not retrieve catalog from

I have openssl-0.9.5a and openssh-2.1.0. I configured ssl with rsaref and it passes the tests. When I configure ssh I get: ---- checking for OpenSSL directory... configure: error: Could not find working SSLeay / OpenSSL libraries, please install ---- it is failing RSA_private_decrypt function call. The RSA_generate_key seems to work (does not return null) but then goes on to fail at

Hi All Apologies if this is obvious, but I''m a bit flaky around SSL certificates. NB puppet version 0.25.5 We use the brilliant feature of certificates where you can have Alternate DNS names for a certificate which is manifested in the puppet master config file as certdnsnames. All our clients connect to puppet-$ location.example.com, and if $location is down, we can point the CNAME to

Is there a Best Practices method for doing this? :) I''m trying to configure clients by ssh''ing to them from the puppetmaster. My steps are: ssh $host ''svccfg import ...'' sleep puppetca --sign $host scp namespaceauth.conf $host ssh $host ''svcadm restart puppet'' The problem is that I''d like to stop and log an error if the cert signing

The bug I reported earlier seems to have been a hoax of sorts. =] The share(s) I tried it on had full access passwords, but no read-only passwords. Sorry about this. --- Mark Deneen deneen@bucknell.edu ICQ: 333068 http://www.students.bucknell.edu/deneen Different all twisty a of in maze are you, passages little.

Currently the puppetca CA password is set to ''secret'' How would one go about changing it? I agree with puppetlabs documentation that you should be an SSL expert to implement your own CA. I am not. However I would like to use puppet''s CA PKI infrastructure with ActiveMQ over TLS and it is seems logical to use puppet''s KPI with this for mcollective and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GnuPG's ElGamal signing keys compromised ========================================== Summary ======= Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that

Hello All My samba-4.x server has lot of registry shares added. There are windows clients connected to it and I wanted to remove the access to one of the hosts. I did net conf setparm to set the updated list of IPs in "hosts allow" param and then reloaded samba config with killall -1 smbd . I see that the host which is not part of the hosts allow but already have a open window in

hello, I''ve just added a new client to an existing configuration but cannot get it recognised. Both client and server are running 0.24.5, installed on gentoo linux using portage. This is what I dis: Server: /etc/init.d/puppetmaster start * Starting puppetmaster ... [ ok ] Client: puppetd --test warning: peer certificate won''t be verified in this SSL session notice: Did not