similar to: ca-certificates-2018.2.22-65.1.el6.noarch problematic

On 04.07.2018 18:37, Alice Wonder wrote: > On 07/04/2018 08:54 AM, Walter H. wrote: >> Hello, >> >> the RPM >> >> ca-certificates-2018.2.22-65.1.el6.noarch >> >> has a big problem ... >> many certificates were removed - my proxy uses this as source and isn't >> able to validate correct any more - >> most sites show this: >>

On 07/04/2018 08:54 AM, Walter H. wrote: > Hello, > > the RPM > > ca-certificates-2018.2.22-65.1.el6.noarch > > has a big problem ... > many certificates were removed - my proxy uses this as source and isn't > able to validate correct any more - > most sites show this: > > /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > > /Self-signed

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c

Am 2019-08-30 10:52, schrieb Gary Stainburn: > On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote: >> > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's >> > Certificate issuer is not recognized." >> > 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6, >> > 7], re-raising >> >> [ ... ]

On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can???t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >> self-signed certs or certs signed by a private CA. >> > A private CA is the

On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future

Sure, and thanks for trying to help! These are the two correct answers when SNI is included. The certificates are fully chained. Both certificates carry the same subject mail.cs.sbg.ac.at but differ in Subject Alternative Name (SAN). X509v3 Subject Alternative Name:? ? DNS:mail.cs.sbg.ac.at, DNS:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at, DNS:pop.cs.sbg.ac.at X509v3 Subject Alternative Name:? ?

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!

Am 11.10.2019 um 13:22 schrieb C. James Ervin via dovecot: > In setting up my new mail server, I am getting the following in the logs: > > Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS > handshaking: SSL_accept() syscall failed: Success*, > session=<B9OokqCUD+UYNU8K>

I'm running Dovecot as proxy in front of some IMAP/POP3 Dovecot & Courier-IMAP servers and in the last couple of days I've been seeing a lot of imap-login crashes (signal 11) on both 2.2.18 and 2.2.25, all SSL related. The following backtraces are taken running 2.2.25, built from source on a test system similar to the live proxy servers. OS: CentOS 6.8 64bit Packages:

I have been trying to get icecast 2.4.2 to stream with ssl to https. But so far I have had no luck. I am running Ubuntu 16.04 and the regular stream is working properly over port 80. I want to stream securely over port 443. I need to use 443 because of network rules here. I can view the Icecast2 Status pages and listen to a stream, but once I add https:// I get 'Secure Connection Failed'

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

On macOS 10.15.5 and R-devel: > download.file("https://www.r-project.org", tempfile()) trying URL 'https://www.r-project.org' Error in download.file("https://www.r-project.org", tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning message: In download.file("https://www.r-project.org", tempfile()) : URL

Dovecot 2.0.9 So I am trying to get my Outlook 2010 client to use TLS with Dovecot. The Outlook error that I get is: Log onto incoming mail server (IMAP): A secure connection to the server cannot be established. I have set the port to 143,993,995 none of them work, and the security to TLS. I have all of the certificates in the full chain installed on my machine and when viewing them

On 20/12/2018 12:37, Marc Roos wrote: > > You have to create your own ca, and then create the certificate. I doubt > if you will be able to find companies like DigiCert or Comodo to do > this. > > If you want, I can try sign it with our own 'internal' CA. The only > thing you have to do is of course adding our CA to your ca bundle but > that is very easy in

On Sat, May 30, 2020 at 11:40 PM Duncan Murdoch <murdoch.duncan at gmail.com> wrote: > > On 30/05/2020 5:23 p.m., Bob Rudis wrote: > > I've updated the dashboard (https://rud.is/r-project-cert-status/) > > script and my notifier script to account for the entire chain in each > > cert. > > You never posted which certificate has expired. Your dashboard shows

On Friday 30 August 2019 12:03:26 Alexander Dalloz wrote: > You are welcome Gary. And I am curious about what the cause of your repo > troubles is. I have looked back over what I have done, and cannot see what has caused the problem to occurr. I do not see anywhere where it could have been from any action that I have taken, including deleting the contents of the yum cache. > That's