similar to: r-project.org SSL certificate issues

I've updated the dashboard (https://rud.is/r-project-cert-status/) script and my notifier script to account for the entire chain in each cert. On Sat, May 30, 2020 at 5:16 PM Bob Rudis <bob at rud.is> wrote: > > # A tibble: 13 x 1 > site > <chr> > 1 beta.r-project.org > 2 bugs.r-project.org > 3 cran-archive.r-project.org > 4 cran.r-project.org

It's the top of chain CA cert, so browsers are being lazy and helpful to humans by (incorrectly, albeit) relying on the existing trust relationship. libcurl (et al) is not nearly as forgiving. On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd at gmail.com> wrote: > > Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file

Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta: > download.file("https://www.r-project.org", tempfile()) trying URL 'https://www.r-project.org' Error in download.file("https://www.r-project.org", tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning

# A tibble: 13 x 1 site <chr> 1 beta.r-project.org 2 bugs.r-project.org 3 cran-archive.r-project.org 4 cran.r-project.org 5 developer.r-project.org 6 ess.r-project.org 7 ftp.cran.r-project.org 8 journal.r-project.org 9 r-project.org 10 svn.r-project.org 11 user2011.r-project.org 12 www.cran.r-project.org 13 www.r-project.org is the whole list b/c of the wildcard cert. On

On 30/05/2020 5:23 p.m., Bob Rudis wrote: > I've updated the dashboard (https://rud.is/r-project-cert-status/) > script and my notifier script to account for the entire chain in each > cert. You never posted which certificate has expired. Your dashboard shows they're all valid, but the download still fails, presumably because something not shown has expired. Hopefully someone

On Sat, May 30, 2020 at 11:40 PM Duncan Murdoch <murdoch.duncan at gmail.com> wrote: > > On 30/05/2020 5:23 p.m., Bob Rudis wrote: > > I've updated the dashboard (https://rud.is/r-project-cert-status/) > > script and my notifier script to account for the entire chain in each > > cert. > > You never posted which certificate has expired. Your dashboard shows

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

Am 11.10.2019 um 13:22 schrieb C. James Ervin via dovecot: > In setting up my new mail server, I am getting the following in the logs: > > Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS > handshaking: SSL_accept() syscall failed: Success*, > session=<B9OokqCUD+UYNU8K>

On Sat, May 30, 2020 at 11:02 PM Jeroen Ooms <jeroen at berkeley.edu> wrote: [...] > > What you need to do is replace the final certificate with this one > (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then > restart the server. You can also export this from Keychain Access on macOS, btw. find "COMODO RSA Certification Authority" and right click,

Dovecot 2.0.9 So I am trying to get my Outlook 2010 client to use TLS with Dovecot. The Outlook error that I get is: Log onto incoming mail server (IMAP): A secure connection to the server cannot be established. I have set the port to 143,993,995 none of them work, and the security to TLS. I have all of the certificates in the full chain installed on my machine and when viewing them

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

I'm running Dovecot as proxy in front of some IMAP/POP3 Dovecot & Courier-IMAP servers and in the last couple of days I've been seeing a lot of imap-login crashes (signal 11) on both 2.2.18 and 2.2.25, all SSL related. The following backtraces are taken running 2.2.25, built from source on a test system similar to the live proxy servers. OS: CentOS 6.8 64bit Packages:

On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: > >> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >> >> The site is rated "C" > > The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date. > >

Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of

For what it's worth, this gives the server an A: https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech. com So there is no problem with the certificates and key... Thanks again. On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote: > So it's something else.? -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email clients connect fine, https://www.immuniweb.com/ssl/ tests show certificates are ok. However I can't make replication work when I add ssl = yes. Without ssl it works ok. I added verbose_ssl in config and error log shows: dovecot: doveadm(149.x.x.x): Error: SSL handshake failed: SSL_accept()

> > If you can convince openssl to use it. Does anybody have any hints on how it may be done, if possible at all? Stavros