Displaying 20 results from an estimated 2000 matches similar to: "/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism"
2015 Feb 16
2
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki:
"The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required
2015 Feb 16
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com:
> Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki:
>
> "The CA file should contain the
2015 Feb 17
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
On 2015/2/16 16:28, Jochen Bern wrote:
> On 02/16/2015 04:23 PM, Reindl Harald wrote:
>>> "The CA file should contain the certificate(s) followed by the
>>> matching CRL(s). Note that the CRLs are required to exist. For a
>>> multi-level CA place the certificates in this order:
>>>
>>> Issuing CA cert
>>> Issuing CA CRL
2015 Feb 16
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
This directory in later times is where more and more distros are
putting system wide server CA type certs, most distros are moving to
this path, so the package maintainer should fix their script, maybe to
/etc/ssl/private or such.
On 2/16/15, Wolfgang Gross <WGross at uni-hd.de> wrote:
> Hi,
>
> this is not a genuine Dovecot bug, more a nuisance.
> It applies to OpenSuse 13.2
2015 Feb 16
3
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Hi,
this is not a genuine Dovecot bug, more a nuisance.
It applies to OpenSuse 13.2 but maybe also to other Linux's.
The standard installation of Dovecot (especially 10-ssl.conf) places the
certificate dovecot.pem in /etc/ssl/certs.
Sometimes during updates does OpenSuse renew all certificates in /etc/ssl/certs
and erases dovecot.pem. This blocks further access to the mailbox.
I found a
2013 Apr 07
1
ssl_require_crl does not work as expected
Hi
I'm trying to use dovecot with client certificates. We produce our
certificates with our
on CA and we do NOT use certificate revocation lists.
So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution
neither
in the wiki nor somewhere else, so I finally started to read the source.
My impression is that openssl will always try to use CRLs. If
2019 Jun 16
2
Self-signed TLS client certificates
Dear List,
I self-host my e-mail and run Dovecot since ever I do that. Dovecot
version is 2.3.4.1 (f79e8e7e4), running on Debian testing.
Now I am trying to configure Dovecot for client TLS certificates. I have
a self-signed certificate whose private key resides on a smartcard
(Yubikey, to be exact). I wanted Dovecot to accept that TLS client
certificate instead of a password. So I searched and
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
> doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required
ssl_ca = </usr/local/share/certs/ca-root-nss.crt
ssl_cert = </path/to/my/file.pem
ssl_key = </path/to/my/file.pem
ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a
temporary workaround, even though this is not what
2009 Nov 04
2
Certificates Revocation Lists and Apache...
Hi,
already asked in the openssl mailing list, but just in case you already went through this...
I need a little help with Certificate Revocation Lists.
I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now).
I have a "CA" that is signing a "CA SSL".
Then, the "CA SSL" is
2017 Sep 21
2
Restrict root clients / experimental patch
Hi All,
I would like to use glusterfs in an environment where storage servers are
managed by an IT service - myself :) - and several users in the
organization can mount the distributed fs. The users are root on their
machines.
As far as I know about glusterfs, a root client user may impersonate any
uid/gid since it provides its uid/gid itself when it talks to the bricks
(like nfsv3).
The thing
2009 Mar 13
1
how to handle CA CRL updates with client certificate verification context ?
Hello,
As far as I can read in the Dovecot SSL configuration wiki page, each CA
cert must be followed by the related CA CRL in the client certificate
verification context ("ssl_ca_file" setting). In my company we do have
our own PKI and as soon as Client certificate is compromised we do
revoke it and update the related CA's CRL.
Does that mean that I have to issue a new
2007 May 29
2
Client certificate verification/authentication
I would like to use Client certificate verification/authentication.
My MTA used this function.
I've a problem to make a valid certificate.
For my MTA i used :
openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem
-days 365
openssl ca -out user_signed.pem -infiles user_req.pem
openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12
-export -name "user at
2017 Sep 22
0
Restrict root clients / experimental patch
Hi,
On 09/21/2017 07:32 PM, Pierre C wrote:
> Hi All,
>
> I would like to use glusterfs in an environment where storage servers
> are managed by an IT service - myself :) - and several users in the
> organization can mount the distributed fs. The users are root on their
> machines.
> As far as I know about glusterfs, a root client user may impersonate any
> uid/gid
2006 Jul 07
2
Authentication by certificats (a bug or my misconfiguration)
Today I've been trying to get dovecot (1.0 rc2) to use certificates
for client side authentication. If my memory serves right, beta8
had no problems with it (although it was some time ago and on different
machine).
Similar setup works perfectly well for postfix (for authentication
that is, on the same machine). Originally I thought I overdid some
certificate settings (keyUsage, nsCertType,
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
Hi -
I read up on this subject quite a bit, and was able to find a few
posts on the mailing list, even found a wiki article. Unfortunately
it doesn''t quite address what I''m looking to do.
From what I understand, Puppet''s client/server authentication system -
using SSL - is portable. I believe that I should be able to use the
same SSL certificates and keys (and even
2003 Oct 26
4
linux-xp x509 ipsec connection
hi,
I can''t get a freeswan 2.02 ipsec x509 connection at work
can somebody help me?
*************************************************************************************
global situation
*************************************************************************************
the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24,
a dyn IP via a DSL
2008 Sep 27
2
client certs with godaddy ssl cert
I've read the client ssl cert section in the wiki and it talks about using a
self signed cert, if I am using a commercial cert, in this case godaddy, how
do I implement a self signed cert for the client side and have dovecot make
use of this? I know the mechanics of setting up the self signed ca, the
question is more what configuration changes do I need to make in dovecot to
handle both
2008 Aug 18
3
Samba 3.0.x access rights issue with secondary groups or Unix rights
Hi experts
I have a trouble in access rights
I am running Samba
3.0.31 on Solaris 10 x86 64 bits as member server of an Active
Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix
I set rights to access a sub folder of a Samba share. On Solaris the user
"toto" jdoe can write a new file. From Windows, the same user can't.
Itlooks like OK when the primary group
2015 Sep 21
2
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Andrew McN wrote:
>> http://wiki2.dovecot.org/Replication
>>
>> (quote)
>> The client must be able to verify that the SSL certificate is valid, so
>> you need to specify the directory containing valid SSL CA roots:
>>
>> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu
>> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat
2005 Oct 22
2
openssh PKCS#11 support
Hello All,
As I promised, I've completed and initial patch for openssh
PKCS#11 support. The same framework is used also by openvpn.
I want to help everyone who assisted during development.
This patch is based on the X.509 patch from
http://roumenpetrov.info/openssh/ written by Rumen Petrov,
supporting PKCS#11 without X.509 looks like a bad idea.
*So the first question is: What is the