similar to: ECDSA certificate support

> On 10 March 2018 at 16:53 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > On 10 March 2018 at 16:05 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > > > > > On 10 March 2018 at 15:20 John Fawcett <john at voipsupport.it> wrote: > > > > > > > > > On 10/03/18 14:06, Aki Tuomi wrote: > >

On 10/03/18 14:06, Aki Tuomi wrote: > >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it >> <mailto:john at voipsupport.it>> wrote: >> >> >> On 08/03/18 18:43, Peter Linss wrote: >>> I just added an ECDSA certificate to my mail server using >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both

> On 10 March 2018 at 16:05 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > On 10 March 2018 at 15:20 John Fawcett <john at voipsupport.it> wrote: > > > > > > On 10/03/18 14:06, Aki Tuomi wrote: > > > > > >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it > > >> <mailto:john at

> On 10 March 2018 at 15:20 John Fawcett <john at voipsupport.it> wrote: > > > On 10/03/18 14:06, Aki Tuomi wrote: > > > >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it > >> <mailto:john at voipsupport.it>> wrote: > >> > >> > >> On 08/03/18 18:43, Peter Linss wrote: > >>> I just added

Nobody has any clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 10 March 2018 at 14:49 John Fawcett < <a href="mailto:john@voipsupport.it">john@voipsupport.it</a>> wrote: </div> <div>

I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two

On 12/16/18 7:52 AM, Tributh via dovecot wrote: > > > Am 16.12.18 um 12:13 schrieb Michael A. Peters: >> Hi, for those who have adopted ECDSA, >> >> Are there still any commonly used IMAPS/POP3S clients that still can not >> handle ECDSA certificates? >> >> I know you can set up Dovecot dor dual cert, I am just trying to >> determine if there

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

Hello all; Is anyone knows if it's possible to have a dual certificate setup on dovecot like in postfix or apache ? i tried to add several crts in local name section : local_name imap.server.tdl { ssl_cert = <server_rsa_crt.pem ssl_key = <server_rsa_key.pem ssl_cert = <server_ecdsa_crt.pem ssl_key = <server_ecdsa_key.pem } but it seems that dovecot takes the last one (ecdsa)

On 08/03/18 18:43, Peter Linss wrote: > I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). > > When connecting to the server using either RSA or ECDSA ciphers, the server sends

Hello, I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both RSA and ECDSA certificates. My configuration is as follow: ssl_alt_cert = </path/to/my.rsa.key ssl_alt_key = </path/to/my.rsa.key ssl_cert = </path/to/my.ecdsa.pem ssl_key = </path/to/my.ecdsa.key Both certificates are let's encrypt certificate, so both are using the same intermediate CA.

Add support to load additional certificates for already loaded private keys. Useful if the private key is on a PKCS#11 hardware token. The private keys inside ssh-agent are now using a refcount to share the private parts between "Identities". The reason for this change was that the PKCS#11 code might have redirected ("wrap") the RSA functions to a hardware token. We don't

Hi, for those who have adopted ECDSA, Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates? I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to.

Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to

Thanks for testing - are you able to see if there's anything in the server logs? I've just committed some extra verbosity in the client's log messages that might clarify where it is exiting (patch attached). -d On Fri, 29 Mar 2019, Adam Eijdenberg wrote: > On Wed, Mar 27, 2019 at 10:04 PM Damien Miller <djm at mindrot.org> wrote: > > > > OpenSSH 8.0p1 is almost

https://bugzilla.mindrot.org/show_bug.cgi?id=3577 Bug ID: 3577 Summary: CASignatureAlgorithms supports -cert alogrithms Product: Portable OpenSSH Version: 9.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=3221 Bug ID: 3221 Summary: hostkey preference ordering is broken in some situations Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info: