similar to: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism

Thanks for the note. I had never seen anything in the postfix and apache documentation that the CRLs could be intermingled with the CRTs in the CRT file. The documentation for those programs suggests putting the CRLs in a separate file (e.g. apache SSLCARevocationFile) or doesn't talk about putting CRLs in with the certs (e.g. postfix smtpd_tls_cert_file). If it works to put them all in one

Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: "The CA file should contain the certificate(s) followed by the matching CRL(s). Note that the CRLs are required

Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: > Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: > > "The CA file should contain the

This directory in later times is where more and more distros are putting system wide server CA type certs, most distros are moving to this path, so the package maintainer should fix their script, maybe to /etc/ssl/private or such. On 2/16/15, Wolfgang Gross <WGross at uni-hd.de> wrote: > Hi, > > this is not a genuine Dovecot bug, more a nuisance. > It applies to OpenSuse 13.2

Hi, this is not a genuine Dovecot bug, more a nuisance. It applies to OpenSuse 13.2 but maybe also to other Linux's. The standard installation of Dovecot (especially 10-ssl.conf) places the certificate dovecot.pem in /etc/ssl/certs. Sometimes during updates does OpenSuse renew all certificates in /etc/ssl/certs and erases dovecot.pem. This blocks further access to the mailbox. I found a

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

Hi all, I have pleasure to announce new version f of "X.509 certificates support in OpenSSH" Please to update your bookmarks/favorites with new location: http://roumenpetrov.info/openssh Old location is available too: http://satva.skalasoft.com/~rumen/openssh What's new: * support "Certificate Revocation Lists" (CRLs) * ssh-keyscan can show hostkey with

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what

I''m using activerecord outside of rails and find_first generates sql that postgresql doesnt'' like. This is rails 1.1.4, with everything up to date via "gem update". This is the command line: ruby -rrubygems seca -c ../etc/seca.cnf cert --export 1 --format pkcs12 --key root.key >root.pfx This is the error: (PGError: ERROR: argument of WHERE must be type

OpenSSL is one of the two available implementations of the TLS protocol in Exim. The other is GnuTLS. In the output of { exim -bV } is a line "Support for:"; if it does not include "OpenSSL" then you are not affected. The OpenSSL advisory covers two issues: (1) CVE-2011-3207: CRL validation with expired CRLs (2)

On 09/21/2015 05:11 PM, Alex Bulan wrote: > On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > >> doveconf -n? > > doveconf -n|grep ssl should suffice: > > ssl = required shouldn't it be: ssl = yes I was only aware of the choice of yes or no here, but I could be wrong. > ssl_ca = </usr/local/share/certs/ca-root-nss.crt > ssl_cert = </path/to/my/file.pem >

On 09/17/2015 12:46 PM, Akemi Yagi wrote: > > I also suspect this is a grub2 issue. Perhaps, you may want to file a > bug report [against grub2] at http://bugs.centos.org so that this can > be followed properly. Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate" [root at vagrant

Hi! We are pleased to announce the availability of Dirmngr version 1.0.3. Dirmngr is a server for managing and downloading certificate revocation lists (CRLs) for X.509 certificates and for downloading the certificates themselves. Dirmngr also handles OCSP requests as an alternative to CRLs. Although Dirmngr can be invoked on demand, it should in general be installed as a system daemon. Get

Hi, On 09/21/2017 07:32 PM, Pierre C wrote: > Hi All, > > I would like to use glusterfs in an environment where storage servers > are managed by an IT service - myself :) - and several users in the > organization can mount the distributed fs. The users are root on their > machines. > As far as I know about glusterfs, a root client user may impersonate any > uid/gid

Rowland, dont be to hard on the guy.. ;-) Sorry that i cant help out more atm but im in process of win7 to win 10 testing with samba, and mainwhile doing a rollout.. :-/ Here are some working examples on debian jessie.. with samba 4.1.7 debian. an apache2.4 kerberos auth example. AuthType Kerberos AuthName "Website Login" KrbMethodNegotiate On KrbMethodK5Passwd

Hi All, I would like to use glusterfs in an environment where storage servers are managed by an IT service - myself :) - and several users in the organization can mount the distributed fs. The users are root on their machines. As far as I know about glusterfs, a root client user may impersonate any uid/gid since it provides its uid/gid itself when it talks to the bricks (like nfsv3). The thing

Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is

Hi experts I have a trouble in access rights I am running Samba 3.0.31 on Solaris 10 x86 64 bits as member server of an Active Directory 2003 R2 domain (MYDOMAIN) using Identity Management for Unix I set rights to access a sub folder of a Samba share. On Solaris the user "toto" jdoe can write a new file. From Windows, the same user can't. Itlooks like OK when the primary group