Displaying 20 results from an estimated 10000 matches similar to: "What is a client certificate?"
2019 Mar 28
2
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
> Set
>
> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate
Can this be the Lets Encrypt cert that we already have? In other words we have:
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
Can those be used?
> Are you using haproxy or something in front of dovecot?
No. Just Squirrelmail webmail with sendmail.
2013 Oct 30
2
Re: Using certtool to generate certificates for ESXi
Hi Daniel,
thanks for the reply - The procedure I use is the same as I use for
XenServer, and the certificate exchange works just fine. The only thing
I'm a bit unclear on, is the location of the CA cert, which in the case of
XenServer, I simply put it in /etc/pki/CA. And when I start the libvirtd
daemon, it successfully picks it up. If I put the Server key and cert in
/etc/vmware/ssl for
2014 Jul 23
1
SSL certificate problem (SSL alert number 42)
Hello,
After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported.
Mail server uses local (created for intranet) CA certificate as root.
I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels.
Other intranet services work with
2010 Oct 21
3
Virt-v2v
Usual prologue: we're testing on CentOS 5.5, RHEL subscriptions purchased.
Now trying to use virt-v2v to transfer Win2008 Server guest from ESXi host to KVM host.
Have enabled SSH on ESXi host, and can connect using esx+ssh://esxhost, but procedure fails because nc isn't found on ESXi. Fair enough. BTW, ESXi looks like a radically cut down RH system (/etc/sysconfig being the give-away)?
2014 Feb 16
2
libvirtd ssl configuration
Hi!
I found little semantics bug:
[13:53:40] root@dedicated-04:~ # LC_ALL=C libvirtd -h
libvirtd: invalid option -- 'h'
Usage:
libvirtd [options]
Options:
-v | --verbose Verbose messages.
-d | --daemon Run as a daemon & write PID file.
-l | --listen Listen for TCP/IP connections.
-t | --timeout <secs> Exit after timeout period.
-f |
2012 Jul 03
6
Using onlyif
Here''s what I''m using:
exec { "cert-fix":
command => "curl http://curl.haxx.se/ca/cacert.pem -o
/etc/pki/tls/certs/ca-bundle.crt",
onlyif => "test -e /etc/pki/tls/certs/ca-bundle.crt",
}
But it keeps on failing:
> [default] Running Puppet with /tmp/vagrant-puppet/manifests/acid.pp...
> Parameter onlyif failed: ''test -e
2010 Aug 19
1
[virt-tools-list] Client certificate paths?
On 08/12/2010 10:29 AM, Lars Kellogg-Stedman wrote:
> Hello all,
>
> I'm trying to get virsh (and virt-manager) to talk to a remote libvirt
> instance. I cannot for the life of me figure out how to tell either
> tool where to find client or CA certificates. Do they *really* need
> to access the ones in /etc/pki? In particular, the client seems to
> want to read the
2010 Dec 19
2
Problem with requiring client certificates for external connections
Folks,
I'm trying to configure my dovecot installation to require client
certificates for external/Internet connections, while still allowing my
local network to not need certificates.
This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've
tried to use the "remote" block to give different definitions for my
local network vs the defaults. While most options seem to
2015 Mar 03
2
Ignorant question on SSL certs
I'm getting endless complaints about my dovecot cert,
/etc/pki/dovecot/certs/dovecot.pem
which I created years ago following the dovecot instructions.
Do I really have to use a separate cert and key for dovecot?
Can I not use the "standard" cert in /etc/pki/tls/certs (and key)
from CACert.org ?
--
Timothy Murphy
gayleard /at/ eircom.net
School of Mathematics, Trinity College,
2012 Sep 13
2
How to migrate over TCP without certs
Hey guys,
I have a private network and I trust it! /me hides behind trees...
So, in order to exercise my trust, I wanna migrate guests over TCP;
with and without shared storage.
This is:
- I want to migrate from host1 to host2; which have shared storage;
over TCP without certs
- I want to migrate from host1 to host99, which don't have shared
storage, over TCP without certs
I am asking
2013 Jul 03
1
CaCert certificate configuration help needed
I was not able to find specific help for configuring the crt file for CaCert.
I gleaned from examples the following order:
server certificate
CaCert class 3 certificate
Cacert root certificate
However, when I try to configure my mail reading for IMAP, Dovecot shows the
following error in the log:
dovecot: imap-login: Aborted login (no auth attempts):
I am assuming, based on searches for this
2015 Mar 03
5
Ignorant question on SSL certs
Jason Pyeron wrote:
>> I'm getting endless complaints about my dovecot cert,
>
> Exact message please?
The certificate does not apply to the given host
The certificate is not signed by any trusted certificate authority
>> Do I really have to use a separate cert and key for dovecot?
>> Can I not use the "standard" cert in /etc/pki/tls/certs (and key)
2014 Apr 21
2
TLS and intermediate CA
I have been trying to get set of libvirtd system up and running. My PKI
infrastructure involves a root CA and several intermediate CAs. I am trying
to get the machines to trust each other across the different intermediate
CAs.
This is what I have so far:
Libvirtd is starting and listening on tls port 16514 I have configured
client/server certs/keys and it seems to be using all of these
2008 Jan 30
2
SSL certificate?
When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain
file...
Is this not possible or can I do it another way?
(When I connect, I am being told the Signature status is uncheckable...)
Regards,
BTJ
--
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen
btj at havleik.no
2014 Feb 26
1
Problems with tls connection when ran with user privileges
I set up my certificates, ca client and server, as described in your
documentation: http://wiki.libvirt.org/page/TLSCreateServerCerts.
I followed it step by step so it must be ok.
However, when I run
virsh -c qemu://192.168.1.2/system and I try a command like
list --all
I get:
error: impossible connect to the hypervisor
errore: no valid connection
errore: Unable to set x509 CA certificate:
2016 Jun 12
1
How to use PHP libvirt_connect?
I'm having a go at writing some PHP scripts to do simple things like view
the status of VMs running on my Ubuntu KVM host.
I've installed php_libvirt_php but am failing at the first hurdle at the
moment as I can't get the PHP script to connect.
My normal way of connecting virsh from the command line is like this:
$ virsh -c qemu+ssh://localhost/system
This asks for a password which
2019 Mar 28
2
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28 March 2019 22:02 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
2017 Oct 08
2
Permission denied error on private key...
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>
> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say?
>
> Bill
>
> On 10/7/2017 7:30 PM, SH Development wrote:
>> I have a working dovecot/postfix/mysql server running
2013 Sep 15
1
Dovecot replies with default SSL certificate instead of the vhost's
Hello,
I'm using dovecot v2.0.21.
According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work.
When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of
2019 Aug 29
3
I broke "yum update" - C7
Am 2019-08-29 18:26, schrieb Gary Stainburn:
> On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote:
>> rpm -Vv nss
>
> [root at stan2 ~]# rpm -Vv nss
> ......... /etc/pki/nss-legacy
> ......... c /etc/pki/nss-legacy/nss-rhel7.config
> ......... /etc/pki/nssdb
> ......... c /etc/pki/nssdb/cert8.db
> ......... c /etc/pki/nssdb/cert9.db
> ......... c