similar to: lighttpd and client certificates

I''m trying to develop an app that will be partially protected with SSL and client certificates, probably behind Apache. The application will automatically create and login a user if it is presented with a valid client certificate. The certificate will be first validated by Apache''s mod_ssl and then passed to Rails in ENV[''SSL_CLIENT_CERT''], at which

Version: 2.1.4 OS: Gentoo stable/amd64 OpenSSL version: 1.0.0h I'm having a slight problem with the client certificates in Dovecot 2.1.4. I've set-up the client certificate verification/authentication, and it seems that Dovecot is choking on the trustchain with CRL's that I'm providing to it (attached to this mail). When I enable the client authentication using certificates, and

Hi I thought it was time to test my app out on a real server. So i have installed lighttpd following the instruction on the rails wiki. everything seems to work fine except the file upload page. It doesn''t throw any errors, it just doesn''t seem to write the image to disk. Nothing is printed to the lighttpd error log when the file upload fails. I thought it might be my code

Hi, could someone help me with ssl certificates? i have mycert.pfx file (client certificate) and CA certificate ca.cer. i far as i know, ruby doesn''t understand pfx format, so i''ve converted it to pem format. in viewer pem looks like: Bag attributes blabla Key Attributes blabla ---begin rsa private key--- blabla ---end rsa private key----- --begin certificate-------- blabla

On 09/22/2017 06:58 AM, hw wrote: > > PS: Now I found this: > > > type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : > proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp > type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 > syscall=setgroups success=no exit=EPERM(Operation not permitted) > a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300

Johnny Hughes wrote: > On 09/20/2017 07:19 AM, hw wrote: >> hw wrote: >>> >>> Hi, >>> >>> how do I allow CGI programs to print (using 'lpr -P some-printer >>> some-file.pdf') when >>> lighttpd is being used for a web server? >>> >>> When selinux is permissive, the printer prints; when it?s enforcing,

Hello All, I''ve run into a snag. (I apologize in advance. I''m not very good at system administration.) I''m building an app that allows users to upload files. Up until now I have been storing the files on the file system, but tonight I decided to change the app so the files are stored in the database as a longblob. I thought everything was working great, until I

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

While browsing the sources of the nss-ssl-port sources I noticed that client certificates were added. What is the reason behind this? As far as I can see, using a server certificate and validating it in the upsmon client should provide us with a secure channel. Authorizations for the server will then be handled by the settings in upsd.users by logging into the server with user and

Folks, I''ve been using ORBJson as a high-level services link between my javascript and my rails backend, and now that I have upgraded to rails 1.0 I am finding that ORBJSON no longer works for me under lighttpd, though it still works fine under Webrick. The symptom I am seeing is that when I start up lighttpd and then hit the web address for it, my disk fills up with messages being

Hi, I'm trying to connect my CentOS 6.8 laptop to the wireless net at work, which is secured with WPA2 and AES. I've done this successfully in the past using NetworkManager, but a new safety feature was recently introduced: A CA certificate is required. After this, I've not been able to connect. I have a DER format file, whose path I've entered in CA certificate: in the

Hi, Has anyone managed to get lighttpd to proxy requests through to an instiki running on another port? >From my lighttpd configuration: $HTTP["host"] == "wiki.railsapphosting.com" { proxy.balance = "hash" proxy.server = ( "" => ( ("host" => "206.222.22.155", "port" => 50074) )) } Instiki is bound to

Daniel Walsh wrote: > On 09/22/2017 06:58 AM, hw wrote: >> >> PS: Now I found this: >> >> >> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1

On Tue, Mar 7, 2023, at 3:25 AM, Rory Campbell-Lange wrote: > On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: >> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: >> [...] >> > ssh_config contains a Match ... exec [command to refresh the certificate]. >> > This sort of works, except that it runs the command far too

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

I started an earlier thread about this ... Someone suggested a different version of LightTPD, since the version I was using had some known issues with FCGI. Well, we''ve upgraded to LightTPD 1.4.11 and the problem is still happening. We have Rails running under fcgi (one process) under LightTPD. This, in turn, is proxied to by Apache. This is on a test IP, so only a few people should

I''m writing an application that will require users to preset a client certificate as their authentication token. The logistics of issuing, installing, and securing the certificates are taken care of, so I''m not looking for a discussion on that. :) I''ve read: http://article.gmane.org/gmane.comp.lang.ruby.rails/1993 which gets me half way there by setting up an

Hi guys, I''m here again with a problem. I have a rails app called brewed. It''s located /home/user/brewed. My lighttpd.conf is located at /home/user/lighty. When I execute lighty on port 80 with: /usr/local/sbin/lighttpd -f /home/user/lighty/lighttpd.conf rails seems to work fine. If I type www.mysite.com/main/index on my browser, the page comes out well. I have my files

Hi! I'd like to configure dovecot to use only TLS client certificates for authentication. After the user presented a client certificate and that certificate was verified, no password-based authentication should be necessary anymore. Is this currently possible? Or would this require support for the SASL EXTERNAL mechanism? Regards, Martin

I'm working on a small server written in Go to add short-lived user certificates to the forwarded agents of authorized users. https://github.com/rorycl/sshagentca This seems to work quite well for accessing sshd servers with the appropriately configured "TrustedUserCAKeys" directive. I have been in a debate about how similarly adding host certificates to forwarded agents could