Displaying 20 results from an estimated 1000 matches similar to: "Let's encrypt privkey : Specified certificate file could not be used"
2014 Dec 23
1
Problems linking asterisk against self-compiled openssl on CentOS 5
I am trying to enable full WebRTC support on asterisk-11.15 for installation on a CentOS 5 machine. Currently the distro cannot be upgraded to any later CentOS series. This CentOS series ships with openssl-0.9.8e, which lacks DTLS-SRTP support required for
WebRTC. So I decided to build a parallel install of openssl. I chose the Fedora 21 package, openssl-1.0.1j, and built it on CentOS 5. The
2018 Aug 29
3
SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key =
2020 Jul 01
4
local stanza only generated for IPv6
I have a mail server with multiple IP addresses and associated DNS names
In the dovecot configuration I have a listen directive:
??? listen = mail.example.com.com,mail.otherexample.com,localhost
Multiple local stanzas are of the form:
local mail.example.com {
? protocol imap {
???? ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
???? ssl_key =
2020 Feb 10
6
question about pubkey and passphrase
Hi folks,
Since Docker can bind-mount every .ssh directory I am looking for
some way to forbid unprotected private keys.
AFAICS it is currently not possible on the sshd to verify that
the peer's private key was protected by a passphrase. Can you
confirm?
Regards
Harri
2020 Jan 23
3
PJSIP and Grandstream Wave with TSL and SRTP
On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote:
> On 1/21/2020 9:18 PM, hw wrote:
> > [transport-tls]
> > type = transport
> > protocol = tls
> > bind = 0.0.0.0:5061
> > tos = cs5
> > cert_file = /etc/asterisk/cert/asterisk.pem
> > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt
> > method = sslv23
>
> This is what mine
2018 Dec 14
2
Upgrade to 2.3.1 has failed
Problem:
We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we
upgraded openSUSE to Leap 15.0.
In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer
works and I haven't figured out how to downgrade to the older working
version.
The key issue seems to be the change to requiring dh.pem and changing s
sl_protocols to ssl_min_protocols.?I think I've navigated
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hello Aki and all,
The below lines are in the dovecot config file. This seems to be the
same as Aki's suggestion. correct? I have also double checked file
perms, tried with several new key gens, several versions of thunderbird
and created completely new thunderbird profiles.
Thank you,
ssl_cert = </etc/letsencrypt/live/...../fullchain.pem
ssl_key =
2018 Mar 05
3
How do I combine my ssl certs?
I have https/ssl on my site ok, but it uses two certificates from letsencrypt which renew automatically every three months.
However - Icecase says.
ssl-certificate
If specified, this points to the location of a file that contains both the X.509 private and public key. This is required for HTTPS support to be enabled. Please note that the user Icecast is running as must be able to read the file.
2001 Dec 07
2
Authentication 'failure' success
We are using OpenSSH (portable) version 3.0.1p1 on Linux 2.2.14-10 with
RedHat's distribution of PAM 0.72-20.6.x for rsync'ing RRDTool data
between two machines (among other things). When running 'rsync -essh
-avz', everything works fine but the system log on the sshd side shows:
PAM_pwdb[8021]: authentication failure; (uid=0) -> rrd for sshd service
sshd[8021]: Accepted
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace
***
x509: Unknown parameter text
On 5/25/20 11:49 AM, Aki Tuomi wrote:
> Hi!
>
> Can you do
>
> openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem
>
> and check these things:
>
> your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see
2016 Apr 13
2
Warning: Global setting won't change the setting inside an earlier filter
Hi,
I'm using the Dovecot Prebuilt Binary:
deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main
I configured multiple SSL certificates with client TLS SNI (see
http://wiki2.dovecot.org/SSL/DovecotConfiguration).
Since my last update I get some warnings:
doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global
setting ssl_cert won't change the setting inside an
2018 Jul 22
4
ot: LE server conf setup/ iPhone 'expired cert' message
I've installed LE certs on my Dovecot a while back, and, it has been
working OK since, but, today, an iPhone user said he can't get emails as
iphone says 'cert is expired', searching around, I see some other iPhone
similar issues reported, do I have my conf correct, I have;
# cat dovecot.conf | grep ssl
ssl = required
verbose_ssl = no
ssl_cert =
2017 Feb 17
7
Problem with Let's Encrypt Certificate
Hello Folks,
my StartCom SSL-Certificate expires soon and so I wanted to switch to
Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems not
to like it, although all -tested- other Clients work without any problems.
When I connect with Thunderbird it sends an "Encrypted Alert" directly
after the TLS handshake although Dovecot wants to continue the session.
In the
2020 Oct 17
4
Install Icecast server with SSL - please help
Can someone please, *please* explain to me how I can install the latest
Icecast server with SSL enabled?
I've tried several methods I found when searching but nothing works.
OS: Raspberry PI OS LITE (32-bit)
Thanks in advance!
Regards..
Daniel
--
*Bananradion* - svängig musik non-stop
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
>From the config : auth_ssl_require_client_cert = no
GMail empty vcard ... I have no ideas . so sorry.
Coding snippets. What can I provide for you that will help?
NOTE: it is pretty much the default config from Debian.
Thank you,
On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote:
>
> On 2020-05-25 02:54, hanasaki at gmail.com wrote:
> > Config has
>
2020 Jul 02
8
[Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3190
Bug ID: 3190
Summary: Inconsistent handling of private keys without
accompanying public keys
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2001 Mar 22
2
hosts.equiv (fwd)
is anyone using rhost-rsa + hosts.equiv? is it broken?
-------------- next part --------------
An embedded message was scrubbed...
From: Francesc Guasch <frankie at etsetb.upc.es>
Subject: hosts.equiv
Date: Thu, 22 Mar 2001 12:56:22 +0100
Size: 2614
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010322/ced5a345/attachment.mht
2005 Sep 11
1
DSA support for TLS?
hi all,
i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain
privkey & self-signed domain cert. to that end, my dovecot.conf includes:
ssl_key_file =
/var/Security/mail.testdomain.com.privkey.rsa.pem
ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem
ssl_ca_file =
2018 Sep 15
1
icecast ssl and letsencrypt renewal
Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain:
certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name
Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd:
cat
2017 Aug 10
4
NT_STATUS_INTERNAL_ERROR
Hello, a short history, I am using samba 4 with Debian 9 from the repository, 2 days ago the server was broken, but I was copy all the /var/lib/samba directory to a safe place, then I was installed a new server with the same Debian and samba from repository, and stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied all the directory from the old server to the new server and started