similar to: Question about certificates on Samba AD/DC

Displaying 20 results from an estimated 30000 matches similar to: "Question about certificates on Samba AD/DC"

2020 Jun 14
5
Question about certificates on Samba AD/DC
Thanks Gabben and Andrew. I've understood but a new question emerged: Each DC server on my domain has a different pair cert/key and a different CA cert after deployment, correct? If so, is it a best practice to generate new cert for each DC server and sign them with a unique CA? OBS: Every DC servers belongs to the same domain. -- Igor Sousa Em dom., 14 de jun. de 2020 ?s 16:46, Andrew
2018 Aug 31
5
Certificates
I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I
2010 Nov 13
12
certificate verify failed
I am banging my head against the wall for recently built hosts that are unable to verify the server''s certs. The usual is not working. on the puppet agent machine: find /var/lib/puppet/ssl -type f -delete on puppet master: puppetca --clean <new_host_cert> on agent: puppetd --server puppet --waitforcert 2 --no-daemonize -d -o on puppet master: puppetca --sign
2020 Nov 10
2
Recommended Protocols?
Good. I am going to focus on the IMAP configuration and worry about SMTP later. The following is the relevant documentation. This is very straightforward: https://doc.dovecot.org/admin_manual/ssl/dovecot_configuration/ My file 10-ssl.conf is untouched. However, this is the part that I would like to better understand: https://doc.dovecot.org/admin_manual/ssl/certificate_creation/ Before
2020 Jun 14
0
Question about certificates on Samba AD/DC
Hi Igor, You certainly don?t want a different CA for each DC, and you typically do want an individually generated certificate and private key for each server. PKI is typically a tree hierarchy, which is a critical feature in the trust relationships across any environment. You want one (root) CA, and possibly 1-3 intermediate CAs depending on the complexity of your infrastructure ( intermediate
2020 Jun 14
0
Question about certificates on Samba AD/DC
That would make a lot of sense. Andrew Bartlett On Sun, 2020-06-14 at 17:15 -0300, Igor Sousa wrote: > Thanks Gabben and Andrew. I've understood but a new question emerged: > Each DC server on my domain has a different pair cert/key and a > different CA cert after deployment, correct? > > If so, is it a best practice to generate new cert for each DC server > and sign them
2013 Mar 11
3
SSL Certificate
Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor postfix setup. At one stage it says, Configuring The Server Setup SSL Certificate Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname. > genkey --days 3650
2017 Dec 26
2
Renewing certificates
I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing
2017 Aug 20
2
ot: self certified enduser browser/mail client install?
I have self certified Dovecot as so: ssl = required ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } in order for end user to avoid webmail warnings or email client warnings, do I make this file /etc/pki/dovecot/certs/dovecot.pem available to users say under
2016 Nov 23
2
Updated my Dovecot certificate for the first time
Hi all, I've used Dovecot since February 2012, but because I kept reinstalling Linux with every major version, I never had a Dovecot self-signed certificate go bad on me before. Til now. I started using rolling release Void Linux about a year ago, and my Dovecot self-signed certificate just expired. The solution I used is contained in these documents:
2011 Jun 15
1
Ruby 1.9.2 - puppetd error "Could not request certificate: SSL_connect returned=1"
Hello, Running latest Puppet 2.7rc4, Ruby 1.9.2 p180, slackware 13.37 64. Default (webrick) setup, no mongrel no apache. Running puppet master on the main puppet server works fine, no problem. Running puppet agent on the same machine works fine, no problem. Running puppet agent on a client server (separate machine) connecting to master gives the following error: "err: Could not request
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
Hi - I read up on this subject quite a bit, and was able to find a few posts on the mailing list, even found a wiki article. Unfortunately it doesn''t quite address what I''m looking to do. From what I understand, Puppet''s client/server authentication system - using SSL - is portable. I believe that I should be able to use the same SSL certificates and keys (and even
2017 Jul 08
2
certificate for www.xxxx.xx has expired ?? (hostname)
Hello, I found this Morning a Message in my Logs, that is new for me and I never seen this before? Is this a Error in the Certificate System?? The certificate for www.example.at has expired Datum: 08.07.17 06:31 Von: root <gjn+www at example.at> An: gjn+www at example.at ################# SSL Certificate Warning ################ Certificate for hostname 'www.example.at', in
2017 Feb 17
5
Problem with Let's Encrypt Certificate
Seems wrong to me too, Robert. If you put your private key inside your certificate, won't it be sent to the client along with it ? Bastian, are you using an old version of thunderbird ? googling for "SSL alert number 42" gave me two results indicating a bug in thunderbird versions 31,32 and 33. You can check these links if you wish : *
2017 Sep 08
5
Dovecot and Letsencrypt certs
So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot
2018 Jul 22
4
ot: LE server conf setup/ iPhone 'expired cert' message
I've installed LE certs on my Dovecot a while back, and, it has been working OK since, but, today, an iPhone user said he can't get emails as iphone says 'cert is expired', searching around, I see some other iPhone similar issues reported, do I have my conf correct, I have; # cat dovecot.conf | grep ssl ssl = required verbose_ssl = no ssl_cert =
2013 Oct 30
2
Re: Using certtool to generate certificates for ESXi
Hi Daniel, thanks for the reply - The procedure I use is the same as I use for XenServer, and the certificate exchange works just fine. The only thing I'm a bit unclear on, is the location of the CA cert, which in the case of XenServer, I simply put it in /etc/pki/CA. And when I start the libvirtd daemon, it successfully picks it up. If I put the Server key and cert in /etc/vmware/ssl for
2016 Apr 19
2
VPN suggestions centos 6, 7
At 09:09 AM 4/18/2016, you wrote: >On Mon, 18 Apr 2016, david wrote: > >>FOLLOWUP & REPORT >> >>I had lots of suggestions, and the most persuasive was to try >>OpenVPN. I already had a CA working, so issuing certificates was >>easy. The HOW-TO guides were less helpful than I could hope, but >>comparing several of them, applying common sense, and
2018 Aug 31
4
Certificates
On Fri, Aug 31, 2018 at 05:30:53PM -0400, Robert Moskowitz wrote: > > Letsencrypt is a very important development, but it has (IMHO) a shaking > foundation.? I would not build a production system around it.? But then I > have lived in aspects of PKI since '95... I presume you meant "shaky foundation"? If so, would you care to elaborate? John -- Many people,
2016 Aug 19
5
a question about certificates from letsencrypt
Hello! Certificates from letsencrypt are renewed every three months. Does that mean a MUA has to accept the renewed certificates manually everytime it is renewed? Sorry if this is OT! Greetings Andreas