similar to: Updating ca-certificates

On 04.07.2018 18:37, Alice Wonder wrote: > On 07/04/2018 08:54 AM, Walter H. wrote: >> Hello, >> >> the RPM >> >> ca-certificates-2018.2.22-65.1.el6.noarch >> >> has a big problem ... >> many certificates were removed - my proxy uses this as source and isn't >> able to validate correct any more - >> most sites show this: >>

On 07/04/2018 08:54 AM, Walter H. wrote: > Hello, > > the RPM > > ca-certificates-2018.2.22-65.1.el6.noarch > > has a big problem ... > many certificates were removed - my proxy uses this as source and isn't > able to validate correct any more - > most sites show this: > > /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > > /Self-signed

I'm trying to get a third party application to use the root CA certificate of an SSL proxy - but can't work out how to install the cert for use by all users on CentOS 7 I have the proxy vendor's supplied CA cert in PEM format I can install the cert in a user's home directory using 'certutil' - and the application works OK - but I would like to do 'something' to

Remove the ca certificates. Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com> --- sysprep/Makefile.am | 2 + sysprep/sysprep_operation_ca_certificates.ml | 62 ++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 sysprep/sysprep_operation_ca_certificates.ml diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am index

Hi Igor, You certainly don?t want a different CA for each DC, and you typically do want an individually generated certificate and private key for each server. PKI is typically a tree hierarchy, which is a critical feature in the trust relationships across any environment. You want one (root) CA, and possibly 1-3 intermediate CAs depending on the complexity of your infrastructure ( intermediate

You need to dig deeper - I will give you a start ... > > > Sometime in Feb, yum updated something to do with ca-bundle. The "something" is the ca-certificates.noarch rpm. It is updated every year around May. The last update was around May 16th this year. Not February. > > > I didn't > > > notice at the time, but it put these two files on my machine:

Op 25-10-2023 om 17:13 schreef Alex via samba: > And will Samba regenerate it's own server certs from that CA, or do I need > to externally generate & renew them with openssl? > Does anything else need to be done before or after replacing the certs in > Samba? This won't break server/domain trust with domain joined workstations? Anything that server that uses TLS will

My apologies to the list for inadvertently taking this offline. As info: -----Original Message----- From: Iain Morgan [mailto:Iain.Morgan at nasa.gov] Sent: Friday, November 04, 2011 8:15 PM To: wfdawson at bellsouth.net Subject: Re: Help with CA Certificates for user authentication? On Fri, Nov 04, 2011 at 11:53:25 -0500, wfdawson at bellsouth.net wrote: > > Thanks for the

Hi, I''m trying to develop a manifest to setup a new puppet master. To solve the SSL certificates I''ve created a root CA outside of puppet, and have generated an intermediate CA for the new puppet master to use. I''ve also configured my puppetmaster daemon to use it''s own ssl directory. So the new puppetmaster is at the same time a client of the old puppet

Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

In article <201908300952.37126.gary.stainburn at ringways.co.uk>, Gary Stainburn <gary.stainburn at ringways.co.uk> wrote: > On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote: > > > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's > > > Certificate issuer is not recognized." > > > 2019-08-29 17:23:18,117 retrycode (14)

What problem are you seeing? It uses the correct SSL certs when I connect. prompt> gnutls-cli --port 993 mail.nimmini.de Processed 149 CA certificate(s). Resolving 'mail.nimmini.de:993'... Connecting to '46.38.231.143:993'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=nimmini.de', issuer `CN=Let's Encrypt

> > And for other services like IMAP, SMTP, LDAP (maybe not LDAP) constant > changing certs even with a long lived root may get old for your customers. Why? I have corporate systems on 2 year commercial CA signed certificates and personal servers on 90 day LetsEncrypt ones - my users of IMAP and SMTP have never ever noticed when I changed the certificates on any device. They

Hi, I need to add my own and other/new self-signed ca/root cert in CentOS pki database/system, for all/most type of apps to use. Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from https://fedoraproject.org/keys site, which is using root cert with following info: CN = GeoTrust Global CA O = GeoTrust Inc. C= US MD5 f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 I

On 10.08.2017 09:18, Stephan von Krawczynski wrote: > It would be far better to use a self-signed certificate that can be > checked through some instance/host set inside your domain. I have been running a CA for 15+ years, generating certificates only for servers I personally maintain. Since my business is too small to be able to afford all the steps required to have my CA trusted by

I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. Again, All CA's like "Let's Encrypt" - and others that are accepted by the "majors", e.g., Windows, Mozilla make it much easier for the "random" user to use anything you protect with SSL (better TLS) without them having to

And will Samba regenerate it's own server certs from that CA, or do I need to externally generate & renew them with openssl? Does anything else need to be done before or after replacing the certs in Samba? This won't break server/domain trust with domain joined workstations? Thanks On Wed, Oct 25, 2023 at 8:08?AM Kees van Vloten via samba < samba at lists.samba.org> wrote:

I can't see any security advantages of a self signed cert. If the keypair is generated locally (which it should) a certificate signed by an external CA can't be worse just by the additional signature of the external CA. Better security can only be gained if all users are urged to remove all preinstalled trusted CAs from their mail clients (which seems impractical). Else an attacker could

Hello all, I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine. The namespaceauth.conf on the client (where puppetd runs) is configured as follows: [puppetrunner] allow *.abc.net (also tried the calling host: puppet1.abc.net) But when I call

Sometime in Feb, yum updated something to do with ca-bundle. I didn't notice at the time, but it put these two files on my machine: /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and /etc/pki/tls/certs/ca-bundle.crt.rpmnew Both of those on the existing system are symbolic links ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and ca-bundle.crt ->