similar to: wildcard certificate

On 06/15/2018 06:11 PM, Keith Keller via CentOS wrote: > You've already got the cert so it's not totally relevant, but in the > future you can consider using Let's Encrypt. They won't distribute > wildcard certs but unless you have lots of subdomains you can simply > request a cert for every domain you need.

yacinechaouche at yahoo.com writes: > Interesting. Is there any particular benefit in having only one file > for both certificate and private key ? I find that putting private key > in a separate file feels more secure. It's convenient to have key and cert in one place if you don't need the certificate to be publically readable. Keeping it in separate files would add slightly

How do I get a valid certificate for a box that is behind a firewall and does not have a DNS entry? I was looking at letsencrypt.org but currently it looks like a valid DNS entry is needed, of which I don't have. There is nothing special about my setup, its just a box that is not directly on the internet, no DNS entry but I need HTTPS to run correctly. How do I generate a trusted

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

A very ignorant question, sans doute. I get my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I

Hi all, This topic is one that I am ignorant on and appreciate any guidance. My scenario; I have a wild card SSL installed on one of my CentOS boxes. As I understand it, this server was used as a sort of master when originally generating and receiving the wild card SSL cert (got the cert from GoDaddy BTW). So, now I must export some file(s) from that server so that I can import it/them to

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

On 2018-06-16, Gordon Messmer via CentOS <centos at centos.org> wrote: > > https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579 > > Wildcard support is new, but it's available!? :) Cool! I had read about wildcard support being planned a few months ago but totally forgot about it. --keith -- kkeller at wombat.san-francisco.ca.us

hi all, I have gone through the process of self signing certificates. Aside from the pop-ups about not trusted etc... everything appears to work. For "internal" applications what do people/places do? It would be nice to be seamless and have the "your not trusted" window pop-up. Yet this is not a public web site either. Just internal use. The server might be on the internet

Newbie Q: Building a webstore and need to have SLL-encryption on the checkout pages... I have no previous experience with SSL. I understand that I need a SSL-certificate. I''m planning on purchasing the cert from RapidSSL, but to do that I need to generate a CSR (Certificate Signing Request). How do I do that? How do I install the certificate on the server? Are there any guides on

Hello, On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a way to enable HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089

Hi all; Thinking I'd like to have a bit of security, I followed the example for dovecot from allgoodthings.org Guessing between the lines I made a few substitutions to localize it for me, but when I run the line to dump the configs, the output is very short because I do not have the *.pem files. Where can a usable set of these ssl 'keyfiles' be obtained? Cheers, Gene --

I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

On 02/19/2017 05:39 AM, KT Walrus wrote: >> That's one of the reasons I don't like Let's Encrypt, with one year certs it is easier to look at the certs and see what is going to expire in the coming month needing a new private key. > > I use dehydrated (with Cloudflare DNS challenges) and as far as I know, it seems to generate a new private key every time. Yeah that would

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future

I'm trying to configure TLS for Dovecot 2.3 but after setting all things up I'm not able to start Dovecot: Apr 16 20:56:02 master: Info: Dovecot v2.3.9.3 (9f41b88fa) starting up for imap, pop3, lmtp (core dumps disabled) Apr 16 20:56:25 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Apr 16 20:56:25 auth: Debug: Module loaded: