similar to: ca-bundle questions

You need to dig deeper - I will give you a start ... > > > Sometime in Feb, yum updated something to do with ca-bundle. The "something" is the ca-certificates.noarch rpm. It is updated every year around May. The last update was around May 16th this year. Not February. > > > I didn't > > > notice at the time, but it put these two files on my machine:

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c

Remove the ca certificates. Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com> --- sysprep/Makefile.am | 2 + sysprep/sysprep_operation_ca_certificates.ml | 62 ++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 sysprep/sysprep_operation_ca_certificates.ml diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am index

Here''s what I''m using: exec { "cert-fix": command => "curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt", onlyif => "test -e /etc/pki/tls/certs/ca-bundle.crt", } But it keeps on failing: > [default] Running Puppet with /tmp/vagrant-puppet/manifests/acid.pp... > Parameter onlyif failed: ''test -e

On 7/6/19 10:40 AM, Michael Maier wrote: > On 05.07.19 at 22:02 hw wrote: >> >> openssl verify -CAfile ca.pem asterisk.pem >> asterisk.pem: OK >> >> >> When I set tlsdontverifyserver=yes, it works (i. e. asterisk registers >> to the SIP provider and there is no error message).  Otherwise I'm >> getting the error message and asterisk does not

Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt

Hi, after switching from chan_sip to chan_pjsip, a device running Grandstream Wave leads to the following error message on the asterisk console: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357 Something with the encryption must have changed with asterisk. How can I get the device to

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

I have setup my machine to relay through smtp.gmail.com installed cyrus-sasl-md5 cyrus-sasl-plain Added to access: AuthInfo:smtp.gmail.com "U:smmsp" "I:my accont" "P:my pass" "M:PLAIN" AuthInfo:smtp.gmail.com:587 "U:smmsp" "I:my account" "P:my pass" "M:PLAIN" Added to sendmail.mc the

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten

On 7/5/19 9:32 PM, John Runyon wrote: > On Fri, 5 Jul 2019 at 14:28, hw <hw at gc-24.de <mailto:hw at gc-24.de>> wrote: > > I thought about that and checked the configuration I've been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days.  Is there another way to check this? > >

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

I notice that the certificate /etc/pki/tls/certs/ca-bundle.crt on my CentOS-5.5 system expired on 7 Jan 2010, although the openssl-0.9.8e-12.el5_4.6 package was updated in March. What is the point of this certificate? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

Everyone, Looks like the new version of oppenssl has broken my sendmail's use of tls. Has anyone else had this problem or seen a fix? Greg Ennis

Am 2019-08-30 10:52, schrieb Gary Stainburn: > On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote: >> > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's >> > Certificate issuer is not recognized." >> > 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6, >> > 7], re-raising >> >> [ ... ]

Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>: > On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote: >> Everyone, >> >> Looks like the new version of oppenssl has broken my sendmail's use >> of >> tls. Has anyone else had this problem or seen a fix? >> >> Greg Ennis >>

> Set > > ssl_client_ca_file=/path/to/cacert.pem to validate the certificate Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem Can those be used? > Are you using haproxy or something in front of dovecot? No. Just Squirrelmail webmail with sendmail.

Hello! I have direstory with following acl: getfacl Visio2002 # file: Visio2002 # owner: ilyin # group: ilyin user::rwx user:dm:rwx user:pitomtsev:rwx user:nap:rwx user:mav:rwx user:goi:rwx user:ilyin:rwx user:huzyahmetov:rwx group::r-x group:common:r-x mask::rwx other::--- default:user::rwx default:user:pitomtsev:rwx default:user:nap:rwx default:user:mav:rwx default:user:goi:rwx

I had cause to install the Skype for Linux package from the NUX repo. I discover that this package is configured to automatically start Skype whenever one logs on to the Gnome desktop. This behaviour I do not wish. However, there seems to be no option in Skype to turn that 'feature' off. Is there any way to disable this in Gnome or elsewhere? I will be removing Skype shortly when the

This probably is a postfix problem, but I think there are lots of postfix experts/users on this list, and have heard a lot good things about this list, so I am just giving it a try. Thanks in advance! I am using dovecot-1.0.0-8_56.src.rpm downloaded from atrpms.net, and rebuilt from it(rpmrebuild ...). Postfix is 2.4.3. I followed documents at http://wiki.dovecot.org/LDA and LDA/Postfix, and