Debian Configuration :: Certificate Verification Broken After Upgrade
Jan 24, 2016
I upgraded my server yesterday via apt-get and my Perl scripts are not able to make HTTPS connections due to certificate verification problems.
This seems to be a problem for EVERY HTTPS site.
CURL gives the following error:
Code: Select allSSL certificate problem: unable to get local issuer certificate
I know that this has something to do with root certificate updates, but if I sound ignorant about it, it's because I am.
using CURL with the -k option allows the connection to be made.
I'm running OpenSSl 1.0.1k-3+deb8u2 on Jessie 8.2.
I would obviously prefer to not disable certificate verification on my server.
View 6 Replies
ADVERTISEMENT
Aug 24, 2011
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies
View Related
May 4, 2010
After I did a safe-upgrade on my lenny system, clamav is now broken, which is quite a pain since my e-mail flow is now failing.
I get this in the log. CLAMAV: couldn't connect to: /var/run/clamav/clamd.ctl:
I have volatile in the list, and clamav is also installed from volatiel of what I can see, so what went wrong? Is the package broken?
[Code].....
View 2 Replies
View Related
Jun 22, 2015
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
View 1 Replies
View Related
Jul 17, 2015
Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.
Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).
By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).
How to find a common-sense web page for Apache2 on Debian 8.1?
View 8 Replies
View Related
Apr 27, 2016
I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.
I had created the certificate like so:
Code: Select allopenssl ecparam -name secp521r1 -genkey -param_enc explicit -out private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out certs/ec-email-server.pem -days 365
So I've setup a test server, and connected to it with a test client like the following:
Code: Select allopenssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem -key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123
However, once again, I get "no shared cipher" errors.
View 1 Replies
View Related
Jan 19, 2011
when i was updating my ubuntu 10.04 using update manager i got the error"W.A error occurred during the signature verification.the post is not updated and teh previous index files are used .GPG error: http://deb.playonlinux.com lucid release.
View 2 Replies
View Related
Jan 4, 2016
Yesterday I installed some updates on my Jessie system (I don't remember if the kernel was also updated). After rebooting the system nothing happens after the "Loading intial ramdisk"-message. If I boot in recovery mode the boot stops at the message:
Code: Select allfb: switching to nouveaufb from simple
If I add "nouveau.modeset=0" temporary to the GRUB-entry for the recovery mode, it will boot up in the console-mode.
I was able to get an ethernet connection with "dhclient eth0" and removed the "xserver-xorg-video-nouveau" package. Then I installed it and the removed gnome-desktop again. Before removing it, aptitude said the following to the package:
Code: Select alli A xserver-xorg-video-nouveau
Now it only says:
Code: Select alli xserver-xorg-video-nouveau
But this didn't change my problem. I found a similar case in the internet, but there were no solutions for it: [URL] ....
The next thing I would do, is to install the proprietary nvidia-drivers, but since I have a GTX 960 video card, I would have to use experimental drivers. So I'm afraid to make it more worse trying to install this drivers.
Also I'm not sure if it really is a driver-specific of kernel-specific problem. My kernel is version 3.16.0-4-amd64.
View 10 Replies
View Related
Jun 30, 2010
For anyone using Blueman with Testing (Squeeze), todays Python upgrade to version 2.6 stops it from working due to a Blueman bug. This has been fixed in blueman version 1.21-4, which you can install from SID if you don't want to wait the 10 days for the normal migration.
View 1 Replies
View Related
Jan 21, 2016
On my system nearly all subfolders of my home-directory are on another hard drive. I included them via /etc/fstab as shown in the example below:
UUID=12c12565-ece4-4a22-b5c5-275aba1a3fd4 /media/data ext4 defaults 0 2
/media/data/archive /home/XXX/archive none bind 0 0
etc.
View 1 Replies
View Related
Jan 30, 2016
I was using Synaptic to remove unwanted sound & audio programs...it seemed to take out other files that were non-related ?
(1) Now apt-get complains about a "Held Package" and doesn't tell me the pkg name.
(2) Synaptic is broken...error..E: The value 'stable-updates' is invalid for APT::Default-Release as such a release is not available in the sources
E: _cache->open() failed, please report.
stable-updates isn't even in my sources list. I've purged synaptic, and re-installed but remains broken. When you close error msg synaptic disappears ? Therefore can't use synaptic at all.
(3) apt-get says many packages that were available are no longer available...like one of the main repos has disappeared ?
(4) I put the same repos that are working for my brother who is running Debian Jessie also, but didn't improve the number of missing available packages.
deb [URL] ....
deb [URL] ....
How or why things have gone so wrong from just removing unwanted sound pkgs.
To recap problems...apt-get held pkg....broken synaptic....unavailable pkgs.
View 4 Replies
View Related
Feb 12, 2016
I'm restoring an old TI Silent 700 terminal [URL] ... and have connected it to an RPi running the debian based Jessie release using a serial converter. After learning more than I wanted to about serial settings and support I now have it interfaced and communicating bidirectionally but have one last hurdle - proper support for a single case (uppercase only) terminal in agetty.
With the -U flag on it seems like the the login name is detected as needing conversion because lowercase login names work - but lower case passwords do not and once I get a bash prompt all input comes in as upper case. So the -U agetty flag only seems to apply to login name and is then forgotten (not passed on to login process or bash?) and various settings in stty like iuclc, xcase, iexten don't seem to work.
I'd really like to get this terminal working with native support but I'll also take a kludge of some kind (I've tried a tr pipe for example).
Here is what I think is the relevant portion of my systemd generator:
Code: Select all[Service]
ExecStart=-/sbin/agetty -U 300 %I $TERM
Type=idle
Restart=always
UtmpIdentifier=%I
TTYPath=/dev/%I
[Code] .....
View 1 Replies
View Related
Dec 3, 2010
Alright, I edited "/etc/default/isc-dhcp-server" and set "eth0" as the only thing listed for interfaces. I also have the code below in "/etc/dhcp/dhcp3/dhcpd.conf" and I even copied it to "/etc/dhcp/dhcpd.conf" for good measure, and I can't get the DHCP server to start. As an intermediate to advanced user, I am under the high assumption that it is broken since everything in the docs has been set. I have googled for two days and cannot find a fix, so before I report it as a broken package, would somebody with more experience with the package chime in?
Configuration file:
subnet 10.0.0.0 netmask 255.255.255.0 {
option domain-name-servers 10.0.0.254;
option broadcast-address 10.0.0.255;
[Code].....
I hid my wireless setup because it contains my WiFi network info including key. This box is routing, doing DNS resolution, and firewalling just fine. I just cannot get the friggin' DHCP server to start no matter what I try.
Oh, and is it safe to delete "/etc/dhcp" or "/etc/dhcp3"? They appear to be duplicates of each other...
View 1 Replies
View Related
Jun 17, 2011
I want to remove a keyring package I installed from a repository that I no longer want to use. However, I cannot remove it:
# apt-get remove -y --force-yes debian-xray-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be removed:
debian-xray-keyring
0 upgraded, 0 newly installed, 1 to remove and 130 not upgraded.
After this operation, 49.2 kB disk space will be freed.
(Reading database ... 181076 files and directories currently installed.)
Removing debian-xray-keyring ...
gpg: key "AB8F901D" not found: eof
gpg: AB8F901D: delete key failed: eof
dpkg: error processing debian-xray-keyring (--remove):
subprocess installed pre-removal script returned error exit status 2
configured to not write apport reports
Errors were encountered while processing:
debian-xray-keyring
E: Sub-process /usr/bin/dpkg returned an error code (1)
View 4 Replies
View Related
Aug 4, 2011
Having installed the 2.6.32 backport for Lenny, I have suddenly noticed that my Gkrellm doesn't display CPU and MB temperature anymore. Also, the smart sensors are inaccessible. Smartctl cannot access the readings even when run manually in a root terminal. I tried reinstalling lm-sensors and running sensor-detect again but it didn't help. What else needs to be updated to let the backported kernel see the hardware sensors?
View 4 Replies
View Related
Sep 18, 2015
My chrome browser has been broken since the last upgrade. I did (just a regular "apt-get upgrade").
I get this when I try to run the browser from a console :
Code: Select alldarko@paris:~$ google-chrome
[3229:3229:0918/103229:ERROR:nss_util.cc(845)] After loading Root Certs, loaded==false: NSS error code: -8018
[3229:3229:0918/103259:ERROR:zygote_host_impl_linux.cc(541)] Failed to send GetTerminationStatus message to zygote
[3229:3229:0918/103259:ERROR:zygote_host_impl_linux.cc(541)] Failed to send GetTerminationStatus message to zygote
So to be more specific :
My system is :
Code: Select alldarko@paris:~$ uname -a ; cat /etc/debian_version ; cat /etc/issue
Linux paris 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) i686 GNU/Linux
8.2
Debian GNU/Linux 8
l
I run the Xfce desktop
The problem is the same whether is use google-chrome stable, beta, unstable, or chromium
View 14 Replies
View Related
Sep 20, 2010
I've been upgrading a bunch of our servers from sarge to etch and then to lenny, on two of these servers, cron has broken, cronjobs will not run. On another two (that have no significant differences from the others) cron is unaffected I created a simple job to run while I was testing
*/1 * * * * root /usr/local/mailtest-1 in the script is echo test mail from busted server | mail -s "test mail from your busted server" [URL]. and that runs fine if I run it manually, I've added it into /etc/crontab and crontab -e but haven't got a single mail from it. The cron service is running
I tried apt-get remove --purge and then a re-install but it doesn't seem to have worked. All the logs have stopped rotating as well so I'm starting to think that maybe it's not a fault with cron but with some other service that it depends on. However, I've not been able to figure out what that might be.
View 5 Replies
View Related
Apr 28, 2015
I got a rather big problem since an attempt to upgrade.My debian version is 8.0.I upgraded when apt proposed the change. I did that in two steps, with apt-get upgrade and then apt-get dist-upgrade, with the installation of a new kernel. I moved from 3.2.0-4-686-pae to 3.16.0-4-686-pae.Since the upgrade, I can't boot my system any longer.During the boot sequence, this message appears with a countdown (it's copied by hand) :
Code: Select all(1 of 4) a start job is running for dev-disk-byX2du
At the end of the countdown, the boot sequence starts again, and ends up on an invite to log in as root in rescue mode. I can't connect (maybe due to some azerty/qwerty issue, I got a French keyboard. I tried to type in "qwerty mode", with no success (the password is not prompted)).I can connect with the 3.2 kernel however, selecting it form the grub interface. I can't log in in rescue mode either, but with this kernel the boot sequence goes on and I can log as a regular user or as root, at the end of the boot sequence. There is no X, but the system seems to work.What could I do to make the system boot properly with the new kernel, or to go back to the 3.2 version ?
View 14 Replies
View Related
Jun 2, 2015
I've changed my /etc/apt/sources.lst file to use "jessie" repositories instead of "wheezy". I then ran synaptic and updated everything (there were loads of packages, something like 2000 to update).
After this I rebooted. The grub menu shows as usual with the background image I'd set and the operating systems as usual (including Windows 7) however there is no longer a 5 second countdown and when I select *any* menu option, it asks for a username and password.
I don't know what username and password it's asking for as I never used to have one set!!! I did have a username and password set up so that if you wanted to edit a grub menu option so I tried that but to no avail.
I'm using MBR/BIOS not EFI.
View 3 Replies
View Related
Sep 14, 2010
I'm trying to upgrade a headless terminal server like box from Etch to Lenny. Users log in to this box using a GoGlobal client and use applications such as OpenOffice and Iceweasel. Because of the ended support for Etch we want to upgrade this machine to Debian Lenny as soon as possible and in order to save time we decided to dist-upgrade instead of installing a new machine. I've done this upgrade in a test environment and everything is working as expected except for OpenOffice, which seems broken after the upgrade:
The problem seems to be caused by the anti aliasing features of OpenOffice and disabling these features in the options panel (Extra -> Options -> OpenOffice.org View -> Screen font anti aliasing) fixes the UI somewhat:
However, as can be seen in the last screenshot, disabling anti aliasing makes the whole thing look terrible. I've searches the net for solutions such as this one but so far I've not been able to fix this. Is there anyone who can point me towards what has changed in the way fonts are rendered since Lenny and what might cause this breakage for OpenOffice? Other applications such as Iceweasel work perfectly and look better then before.
View 1 Replies
View Related
Apr 23, 2010
Unpacking replacement ffmpeg ... dpkg: error processing /var/cache/apt/archives/ffmpeg_5%3a0.5.1+svn20100411-0.0_i386.deb (--unpack): trying to overwrite '/usr/share/ffmpeg/libx264-ipod640.ffpreset', which is also in package libavcodec52 4:0.5.1-3 dpkg-deb: subprocess paste killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/ffmpeg_5%3a0.5.1+svn20100411-0.0_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
View 9 Replies
View Related
Nov 5, 2014
I just bought a recently-released Toshiba CB35-B3340 Chromebook, and I'm trying to install Debian on it (I want to wipe out CrOS and give all harddrive space to Debian). However, I'm having problems booting from USB. When I press Ctrl+U at boot, the screen flashes back, the computer beeps, and I'm brought back to the same "OS Verification is Off" screen. If I press Ctrl+L to get to what is supposed to be the SeaBios screen, the computer beeps twice and nothing else happens.
I followed steps 1-4 and 8 of this guide: [URL] .... and I just downloaded the amd64 netinstall image from the Debian website and dd'd it to the USB stick.
I've tried two different USB sticks and successfully booted another computer from them, but neither work on the Chromebook. I've also tried both USB ports, since I've heard some Chromebooks can only boot from one, but to no avail.
I have looked into things like ChrUbuntu and crouton, but they look like they just set up a dual-boot or chroot system. I want neither of these, my goal being to have a normal Linux laptop at the end.
View 4 Replies
View Related
Feb 5, 2015
I have moved from MS directX to OpenGL on Linux Debian. My computer is running Jessie version with Gimp. I am trying to use several of the gl 4.0 functions but getting compiler error. I check for OpenGL version and appears to be version 1.5 .... How can I verify the correct openGL version and how can I upgrade to a moder version of at least 4.0?
View 4 Replies
View Related
Sep 24, 2015
I have a MyBookLive where i installed a Debian 2.6 kernel. The system is running fine so far. Because of an error message when apt-get upgrade (udev) i tried to upgrade to 3.16. Here's what i did:
- apt-get install linux-image-xx
- apt-get install linux-source-xx
- extract the source
- copied the old .config from running 2.6 kernel over to the 3.16 directory
- make oldconfig
- make uImage
- make modules
- make modules_install
- copied uImage to /boot
No error messages because its a headless device - its just not booting up.
View 2 Replies
View Related
May 21, 2010
i'm running debian lenny - latest stable i have recently installed smartcam (mobile phone as webcam over bluetooth) from .deb package , get errors of unmet dependency , but application works like a charm, unfortunately broken dependences block my aptitude , i cant fix them either as latest stable use older versions of dependences even in backports... how do i mark smartcam package as not broken and release my apt?
View 8 Replies
View Related
Nov 2, 2015
I have a system that was upgraded from Debian 7 to 8. Unfortunately it is not able to boot from the new kernel 3.16. Only the old 3.2 kernel is able to boot. I could transfer a backup, install it in Virtualbox, redo the upgrade and I can reproduce the error..The last error before "panic" is this line
Code: Select all 59.073579] Freeing unused kernel memory: 216K (ffff8800017ca000 - ffff880001800000)
Loading, please wait...
[ 59.226154] systemd-udevd[53]: starting version 215
[ 59.326564] random: systemd-udevd urandom read with 4 bits of entropy available
Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... /init: .: line 210: can't open '/scripts/init-premount/ORDER'
[ 59.552148] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000200
The directory is indeed empty. I have reinstalled
Code: Select allapt-get install -reinstall initramfs-tools
and rerun initramfs
Code: Select allupdate-initramfs -c -u
View 5 Replies
View Related
Feb 2, 2016
I am running Debian on an ARM module (BananaPi).5 minutes ago, i started upgrading the system, but fortunately the power cable moved and the system closed.Now i open it up again and i'm trying to re-upgrade the system but i'm always getting this message
# apt-get upgrade
E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
View 4 Replies
View Related
Aug 22, 2010
1) old a1300 laptop: P3 800, 256 MiB RAM, HDD, PC-CARD NIC. from lspci: Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10) with debian (i386), previously lenny, now squeeze. running as server.
[Code]...
Smaller files seem to transfer faster, but I have no idea why. I've checked with ethtool that both NICs are running at 1000Mb/s, and both are connected to the same Gigabit switch. The HDD in the laptop had previously provided (nfs) transfer speeds of 12-13 MiB/s. The options in fstab on the client are what I've changed them to since, while trying to fix the problem. Can't remember exactly what they were, but rsize, wsize and nfsvers are some I put there trying to fix it.
I had considered buying a new, faster HDD for the laptop, but that is certainly out of the question until this is resolved. Edit: Is this the right place to ask about this? I did wonder if the 'General Questions' category was a better fit.
View 1 Replies
View Related
Sep 1, 2011
I was having a problem with a fresh 11.04 install and the VPN software I use for work. I found the fix was to upgrade the software, so I downloaded an RPM, converted it to .deb and installed it via dpkg. The install worked and the VPN software now works, but Package Manager says I have a broken package and wants to 'upgrade' to the older broken one. How can I fix this without breaking my VPN SW again?
View 1 Replies
View Related
Jun 14, 2011
I am using debian squeeze and did an aptitude upgrade yesterday. Today I've found that VLC won't play any video; the files open and the audio plays, but the video is black. The aptitude log is below.
I note that VLC received a security upgrade a few days ago, but my suspicion is that the source of this problem is more likely to be the upgrade of libavcodec52 from version 4:0.5.2.6 -> 5:0.6.1+svn20101128-0.2. I believe this upgrade came from the debian-multimedia stable repo I have enabled.
Does this sound right, and what could I do to fix my VLC playback? This is new territory for me, and I'm slightly surprised that such an upgrade would come from the stable branch of debian-multimedia (although I know this is not an official source).
[Code].....
View 6 Replies
View Related
