similar to: SSL configuration

Hi , I am new to this puppet. I am implementing a network where my cisco switch will contact the puppet server for getting the configuration. I tried installing open source puppet and was successful in pushing down the configurations. I wanted then to try the same exercise with puppet enterprise 3.1. I installed puppet enterprise in a different server and changed my puppet agent (switch) to

When is the x.509 patch going to become part of the main distribution of OpenSSH, and if not, why? Looks like other projects i.e. OpenSC might be using it now as well. Secondly, thought I'd try it again, new patch (Validator), same error... TIA, cs ######################## # ssh-x509 Unknown Public Key Type ######################## 1 Installed OpenSSL-0.9.7d (no customization) 2

Hi, I'm configuring Samba 3.0 to store users in ldap server. I've configured openldap 2.1 with SSL and it worked properly with ldap commands but when I try using then smbpasswd command it reports me the error: failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error: Can't contact LDAP server TLS: hostname does not match CN in peer certificate Connection to

Hello, Attempting to setup a CA primary/standby as well as seperate puppetmaster servers (all running Apache/Passenger) behind another Apache/Passenger type load balancer. Clients are not getting certs:- err: Could not request certificate: Could not intern from s: nested asn1 error Clearly an SSL issue but not something I know a great deal about. loadbalancer.conf # Puppet Load Balancing

Hi All, Diffs of "X.509v3 certificates support for OpenSSH" versions g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for download. Please visit "http://roumenpetrov.info/openssh" for more information. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o

Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self

Hello all, lately i am facing problems with Certification Authorities. I have used centos script /etc/pki/tls/misc/CA my own certificate authority. In next steps i am generating requests for certificates to services such as LDAP,NNRPD and lately signing requests with CA. My approach is to import my own CA into Windows Vista OS as root CA and trusted, to avoid messages in clients such as

OS - RHEL5.7 Installation Source - epel-testing repo Puppet server version - 2.6.6 puppetd version - 2.6.6 I searched Google and none of the answers were a match for my set up... I can do ''puppetd --test'' from the client and things work as expected. When doing puppet kick hostname I get the following: Triggering hostname Host hostname failed: hostname not match with the server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

I'm pleased to announce that the version "h"(code-name Validator) of "X.509 certificates support in OpenSSH" is now available for immediate download at http://roumenpetrov.info/openssh. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o OCSP (optional and

> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > > > > Hello, > > > > I'm trying to configure roundcube / dovecot to work with keycloak. > > I activated xoauth2 oauthbearer in dovecot. > > But a problem

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

Hi: I''m trying to configure Puppet on Ubuntu, and strangely I am never able to generate a certificate because my server never shows any pending certificate requests. Put differently, on the server I am running puppetmasterd and on the client I am able to connect to the server, but the client continues printing notice: Did not receive certificate warning: peer certificate

Sure, and thanks for trying to help! These are the two correct answers when SNI is included. The certificates are fully chained. Both certificates carry the same subject mail.cs.sbg.ac.at but differ in Subject Alternative Name (SAN). X509v3 Subject Alternative Name:? ? DNS:mail.cs.sbg.ac.at, DNS:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at, DNS:pop.cs.sbg.ac.at X509v3 Subject Alternative Name:? ?

Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous

Dear Help, I am having a very odd problem. For some reason, I am able to browse to my Samba share by IP address but not by host name from Windows 2008 servers in a particular domain (the same domain the Samba server belongs to). However, I am able to browse by host name from XP clients as well as Windows 2008 servers in a different domain. Even stranger, if I add an alias (using the netbios

Hi, I'm back on the list ;-) I seem to be having some trouble getting W2K machines to join the domain in 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like the account gets created in LDAP and then it has trouble setting the password appropriately. I believe this is the relevant part of the log: api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command:

Hie, I can't connect to my samba 3.022 pdc (I can join the domain and access share) and no error messages. I find in the log : the dump_data message musn't be clearest (domain,netboisname...) ? An idea ? [2008/04/30 15:26:50, 5] lib/util.c:show_msg(464) size=627 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279

I've seen a variety of patches on the list for supporting the x509v3 certificate authentication. Are there any plans to include any of these in the official openssh? Thanks, Kevin Stefanik

Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH: