Displaying 20 results from an estimated 8000 matches similar to: "Puppetmaster revokes just signed certificates"
2019 Sep 16
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi Daminan!
Hmmm... thought about a little...
when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug
is compiled in.
ssh-keygen --help gives me
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ...
so... option -z is not the serial of the certificate, it is the
version-number of the KRL-File...
My openssh-Verision from Debian is
2024 Jan 24
1
[Bug 3659] New: Certificates are ignored when listing revoked items in a (binary) revocation list
https://bugzilla.mindrot.org/show_bug.cgi?id=3659
Bug ID: 3659
Summary: Certificates are ignored when listing revoked items in
a (binary) revocation list
Product: Portable OpenSSH
Version: 9.2p1
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
Hi -
I read up on this subject quite a bit, and was able to find a few
posts on the mailing list, even found a wiki article. Unfortunately
it doesn''t quite address what I''m looking to do.
From what I understand, Puppet''s client/server authentication system -
using SSL - is portable. I believe that I should be able to use the
same SSL certificates and keys (and even
2009 Nov 04
2
Certificates Revocation Lists and Apache...
Hi,
already asked in the openssl mailing list, but just in case you already went through this...
I need a little help with Certificate Revocation Lists.
I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now).
I have a "CA" that is signing a "CA SSL".
Then, the "CA SSL" is
2011 Feb 22
4
When running puppetd the cert goes straight up to revoked?
This is the first time is happening... and It happens consecutively
with all the hosts.
Fresh kickstarted host (never set up before the name so its not on the
revocation list), I just run puppetd -tv (we have autosign on), I just
get the output below:
[root@server182 puppet]# puppetd -tv
info: Creating a new SSL key for server182.domain.com
warning: peer certificate won''t be verified in
2016 Jun 17
2
https and self signed
On 17.06.2016 19:57, ????????? ???????? wrote:
>>> Then OCSP stapling is the way to go but it could be a real PITA to
>>> setup for the first time and may not be supported by older browsers
>>> anyway.
>>>
>> not really, because the same server tells the client that the SSL
>> certificate is good, as the SSL certificate itself;
>> these must
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
Hi,
I have a smartcard which is revoked in the Certificate Revocation List
(CRL) but I can still login. Seams like the CRL check is not performed. Any
known bug around this?
Server setup:
- Samba 4.4 on Debian as AD DC
- Created domain MYDOM
- smb.conf (extract):
tls enabled = yes
tls crlfile = tls/mycrl.pem (default is to look under private/ folder)
Client setup:
- Windows 7 machine as
2010 Apr 21
3
revoked host can't be re-added?
I have a problem I can''t figure out. I was having cert problems with a
host - it seemed to have multiple host names (mot likely from dns
changes in the past) and all the certs were valid. Although it was
giving an error about a cert I could not identify. So I tried:
puppetca --revoke hostname
puppetca --clean hostname
restart puppetmaster
puppetca --list --all
(host does not show up -
2020 Aug 28
2
[Bug 3204] New: Enable user-relative revoked keys files
https://bugzilla.mindrot.org/show_bug.cgi?id=3204
Bug ID: 3204
Summary: Enable user-relative revoked keys files
Product: Portable OpenSSH
Version: 8.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
Thanks but I've actually tried that too. Not sure I put it in [kdc] section
though, I can try again.
Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>:
> On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote:
> > Hi,
> > I have a smartcard which is revoked in the Certificate Revocation List
> > (CRL) but I can still login. Seams
2014 Dec 22
4
[Bug 2328] New: Per-user certificate revocation list (CRL) in authorized_keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2328
Bug ID: 2328
Summary: Per-user certificate revocation list (CRL) in
authorized_keys
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2019 Sep 13
2
revoking ssh-cert.pub with serial revokes also younger certs
Hi there!
What am I doing wrong?
I created a ssh-certificate
id_user_rsa-cert.pub with this dump:
id_user_rsa-cert.pub:
root at host # ssh-keygen -Lf id_user_rsa-cert.pub
??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate
??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk
??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs
??????? Key ID:
2018 May 25
4
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Zero matches in both.
https://linux.die.net/man/5/sshd_config
https://linux.die.net/man/5/ssh_config
On Fri, May 25, 2018 at 7:48 AM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 25 May 2018, Yegor Ievlev wrote:
>
>> Please tell me in technical details how current revocation support
>> works, or give links. Then I will be able to give an answer.
>
> Please
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2011 Mar 08
22
Force resigning of existing certificates
Is there a way to force the puppetmaster to resign certificates for
existing certificates when a new CSR for the same hostname arrives?
When we reinstall freshly formatted clients with puppet (with the
same hostname) the puppet client complains:
err: Could not request certificate: Retrieved certificate does not match
private key; please remove certificate from server and regenerate it
2013 Dec 02
1
imap-login hangs after receiving revoked SSL certificate
Good time of the day!
My English is not very good, excuse me if I said something wrong.
I use dovecot-2.1.16 on Gentoo Linux amd64.
I need to setup dovecot (imap and pop3) for SSL and non-SSL connection
simultaneously. For SSL connections client must submit a valid SSL
certificate. Now SSL part of dovecot.conf looks like this:
-----------------
ssl = yes
ssl_cert =
2018 May 25
3
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Please tell me in technical details how current revocation support
works, or give links. Then I will be able to give an answer.
On Fri, May 25, 2018 at 7:16 AM, Damien Miller <djm at mindrot.org> wrote:
>
>
> On Fri, 25 May 2018, Yegor Ievlev wrote:
>
>> Can you implement revocation support?
>
> What do you want that the existing revocation support lacks?
2020 Jan 30
6
SSH certificates - restricting to host groups
On 30/01/2020 15:02, Christian, Mark wrote:
> On Thu, 2020-01-30 at 12:27 +0000, Brian Candler wrote:
>> As a concrete example: I want Alice to be able to login as "alice"
>> and
>> "www" to machines in group "webserver" (only). Also, I want Bob to
>> be
>> able to login as "bob" and "www" to machines in group
2012 Aug 28
8
Unable to generate certificate on Puppet Agent through Master
Hi,
I have a puppet master and agent installed. I want to generate and
configure master-agent certificate and followed the steps:
Master:
==========
1. Cleaned up all certificate on Master:
[root@puppet-server manifests]# puppet cert sign --all
No waiting certificate requests to sign
[root@puppet-server manifests]# puppet cert clean --all
notice: Revoked
2010 Jun 15
8
puppetca unable to sign new certs - Invalid argument error
Hello
I have a puppetmasterd installation running on a Mac OS X 10.6.3
Server with puppet installed via macports.
Earlier today it was happily signing requests, before I upgraded
puppet from 0.24.8 to 0.25.4. Now I get "Invalid argument":
bash-3.2# puppetca --sign bouti.carbonplanet.com
bouti.carbonplanet.com
err: Could not call sign: Invalid argument
The only mention I can find on