Debian Configuration :: OpenSSL ECDSA Certificate Does Not Work
Apr 27, 2016
I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.
I had created the certificate like so:
Code: Select allopenssl ecparam -name secp521r1 -genkey -param_enc explicit -out private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out certs/ec-email-server.pem -days 365
So I've setup a test server, and connected to it with a test client like the following:
Code: Select allopenssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem -key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123
However, once again, I get "no shared cipher" errors.
View 1 Replies
ADVERTISEMENT
Jan 8, 2011
I am trying to get openssl to verify a certificate. I will walk you through what I have done so far.
1. openssl genrsa -des3 -out connect.mydomain.com.key 2048
2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr
3. Bought an SSL from GoDaddy.
4. Submitted my CSR
5. Downloaded sf_bundle.crt (CA File I presume)
6. Downloaded connect.mydomain.com.crt
Now I can do the following: [root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt
connect.mydomain.com.crt: OK This is specifying the CAfile.
[Code]...
View 2 Replies
View Related
Apr 2, 2011
I've used ssh for a long time, but recently I set up a new server on my LAN. Often when I try to connect to it I get a message like so:
Code:
Warning: the ECDSA host key for '<snip>' differs from the key for the IP address '<snip>' Offending key for IP in /home/<snip>/.ssh/known_hosts:14 Matching host key in /home/<snip>/.ssh/known_hosts:12 Are you sure you want to continue connecting (yes/no)? What is weird is that, in the known_hosts file, the entry for the ip address (line 14) is a "ssh-rsa" type, but the entry for the hostname is a "ecdsa-sha2-nistp256", even though they both connect to the same server. What is going on here?
View 1 Replies
View Related
May 3, 2016
Is it mandatory to reboot a public server after upgrading openssl? Or is it sufficient to restart the services?
View 2 Replies
View Related
May 2, 2011
I recently bought two DreamPlugs and replaced the preinstalled aged Ubuntu 9.04 with Debian Squeeze on them.I built a Marvell Orion 2.6.35 kernel from git. OpenSSL performes lousy on this hardware (my VIA Nano with PadLock support gives me ~690 000k on 8192 size blocks):
[Code]...
View 1 Replies
View Related
Jun 22, 2015
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
View 1 Replies
View Related
Jul 17, 2015
Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.
Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).
By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).
How to find a common-sense web page for Apache2 on Debian 8.1?
View 8 Replies
View Related
Jan 24, 2016
I upgraded my server yesterday via apt-get and my Perl scripts are not able to make HTTPS connections due to certificate verification problems.
This seems to be a problem for EVERY HTTPS site.
CURL gives the following error:
Code: Select allSSL certificate problem: unable to get local issuer certificate
I know that this has something to do with root certificate updates, but if I sound ignorant about it, it's because I am.
using CURL with the -k option allows the connection to be made.
I'm running OpenSSl 1.0.1k-3+deb8u2 on Jessie 8.2.
I would obviously prefer to not disable certificate verification on my server.
View 6 Replies
View Related
Aug 17, 2011
in order to share profiles between a Mahara and a Moodle installation I need to get OpenSSL working.
I've got OpenSSL installed on the server and followed this tutorial. However, I still get an error message saying that either OpenSSL or PHPs support for OpenSSL are missing: Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?
What would be the next steps to actually set up the Apache server and PHP so they can use OpenSSL? (I've already specified the path to my caconfig.cnf file in Maharas config.php)
View 4 Replies
View Related
May 20, 2009
I am using debian base, and I want to know where can I download openssl-devel. What is the name in apt-get or aptitude?
View 4 Replies
View Related
Aug 24, 2011
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies
View Related
May 6, 2010
I am running Debian Sid, KDE 4.3.4 with kernel 2.6.33 on a dual core 1.6 GHZ Toshiba Satellite A100-VA3, 2G ram. I have 4 multimedia keys beside my main keyboard that I used to configure successfully using the KeyTouch-Editor, and then loading it via KeyTouch. My problem is KeyTouch worked great with KDE 3.5.x but now it doesn't work with KDE 4.x.x. Has anyone managed to get KeyTouch to work with KDE 4.x.x? Is it broken or am I missing some kind of trick to get it to work?
View 3 Replies
View Related
Jun 14, 2010
My touchpad just stopped working recently. It works in the framebuffer console, cat /dev/input/mice gives sensible output, X -retro shows a moving cross and it is completely functional during the gdm login prompt. But for some reason, it just stops responding halfway through the login process (roughly at the same time as gnome complains about my old laptop battery, if that is any help.) I run Debian Squeeze with Linux 2.6.32-5-686. The touchpad is a Synaptics PS/2 pad according to Xorg.
I do not understand the problem, actually. X seems unwilling to talk to my touchpad for some reason. When I run X manually from single-user mode, it complains that it cannot talk to my touchpad, but it works in the -retro test mode. As soon as gnome kicks in however, it stops working. synclient -l gives sensible output.
My external USB mouse works just fine.
View 1 Replies
View Related
Apr 13, 2011
i have download debian 6.0.1 DVD, and installed corectly,i am using internet behind proxy, but i configure all the things thier and i still can ping to google from CLI bt i could nt update my system
View 2 Replies
View Related
Aug 4, 2015
I'm trying to install using windows 7 on a 2010 macbook pro. Firstly the network configuration won't work and secondly the cd rom can't be detected. I've rewritten the usb drive several times with no joy.
View 3 Replies
View Related
Sep 4, 2015
i've installed debian 8 on this laptop but can't use the nvidia card from nvidia-detect can't find the card but it work 'cause i can see it in the list of hardware, 3d controller the driver from nvidia don't work, and i had a problem with force installation and xorg.conf file.. how i can make it work ? the card it's nvidia 820m
View 3 Replies
View Related
Mar 14, 2016
I just followed [URL] .... and [URL] .... because I need to connect to an iDRAC. I can't get I never see the Java Web Start Plugin as an option. If I do test my Java version, I only get the IceTea plugin.
View 2 Replies
View Related
Jan 21, 2010
I'm having trouble getting my wireless card (RNX-G300LX, from Rosewill) working with my Debian install. I had it working at one point in time, but (apparently) something has gone wrong, as it no longer connects. The network I'm trying to connect to uses WPA2. When I try to start up my wireless card as follows:
# ifup wlan0
I get the following response:
wmaster0: unknown hardware address type 801
wmaster0: unkown hardware address type 801
Listening on LPF/wlan0/00:1a:...
Sending on LPF/wlan0/00:1a:...
Sending on Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 15
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 17
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 12
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
No DHCPOFFERS received.
No working leases in persistent database - sleeping.
I have set up /etc/network/interfaces as follows:
auto lo
iface lo inet loopback
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant.conf
auto wlan0
and /etc/wpa_supplicant.conf looks like this:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1
fast_reauth=1
network={
ssid="apt_102"
scan_ssid=1
key_mgmt=WPA-PSK
psk="mypassword"
proto=WPA2 }
I should also note that running wpa_cli -i wlan0 tells me that it is "trying to associate" with my router, but authentication times out each time.
View 8 Replies
View Related
Jun 8, 2010
I cant log in as user. My keyboard doesn't work, not even ctrl+f1. So i cant get dmesg....Only thing that is working is alt+print screen+REISUB.
When i booted in safe mode from grub i can log in but only if i enter my root password. And then do /etc/init.d/gdm start.
If i tray to continue straight to gdm in safe mode my keyboard is not working so i can`t log in.
Day before i notices`d that i cant log in with ctrl+f1. When i tray i get this masage madone-desktop login: madone /bin/sh : cant open madone
View 1 Replies
View Related
Aug 13, 2010
I've been having this problem for a long time now. It started suddenly and without apparent cause. 3D games won't work. At first I tried to play OpenArena, and it didn't work, the graphics went terribly slow and choppy, videos were not continious, but rather a succession of pictures of movement. I tried installing and re installing the game several times, but nothing... Now, I'm trying to run hedgewars (the re-make of worms) and it doesn't crash or anything, but the graphics are too slow and choppy again. This is the output from the terminal:
[Code]...
The 'there is no soundcard' message is scary... I have been having sound problems lately, where sounds just stops working in all applications, and only restarting the system will bring sound back. So as you can see my audio and video seem to be on the wrong track. But I don't know how to diagnose the disease... by the way. I installed hedgewars from squeeze though I have lenny. I added the squeeze line to sources.list.and then apt-get-ed it. Is that OK?
View 3 Replies
View Related
Dec 7, 2010
I have installed Firestarter, and set it up following some manual (just a simple, baseline setting, nothing fancy). However, after restart I got error message: Starting the Firestarter firewall... failed! and then, later: startpar: service(s) returned failure: firestarter ... failed! Why this happens?
View 4 Replies
View Related
Sep 6, 2011
I've been running 6.0.2 amd64 stable since release day and recently have noticed my suspend and hibernate do not work. Normally I have transmission running and have set it to not enter sleep mode while torrents are active. However today I have not had transmission and was wanting to see if the sleep mode options would kick in. So I have set my display to "sleep when inactive for" 5 mins (this works perfect)
I have set "put computer to sleep when inactive for" 10 mins (this does not work at all)
When I try to manually test suspend my display flashes black for a few seconds but remains backlit, then asks me to log back in
When I manually go into hibernate mode my display turns off, pops back on for a second and in a terminal says something about a usb device (something failed but it happens so fast I cannot read it)
View 3 Replies
View Related
Sep 10, 2011
I have an Atheros wireless USB dongle that will connect to my Wifi network just fine in Gnome but in KDE doesn't. I've read through the http://wiki.debian.org/WiFi/HowToUse and have installed all packages and tried all methods noted there but still can't get the wlan0 to work at all in KDE. Is wireless in KDE & Debian Squeeze useless?
View 3 Replies
View Related
Nov 20, 2015
So, as per Arch Linux's wiki, I tried to make some optimisations to the intel driver through setting it up in Xorg.conf (or as advised by that wiki article, in '/etc/X11/xorg.conf.d/20-intel.conf' ), but I've ran into trouble enabling DRI3. Here's my current config file:
Code: Select allSection "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "AccelMethod" "SNA"
Option "DRI" "3"
Option "TearFree" "true"
EndSection
So far everything works fine, I haven't seen any noticeable tearing, nor did I had any problems with any graphics-intensive programs I run, but there's a slight problem with the DRI3 part as indicated by Xorg's logs:
Code: Select all[ 26.556] (II) Loading sub module "dri2"
[ 26.556] (II) LoadModule: "dri2"
[ 26.556] (II) Module "dri2" already built-in
[ 26.556] (==) Depth 24 pixmap format is 32 bpp
[ 26.616] (II) intel(0): SNA initialized with Haswell (gen7.5, gt2) backend
[ 26.616] (==) intel(0): Backing store enabled
[Code] ....
First of all it still mentions the DRI2 driver, is this supposed to happen, or did something go wrong? Also it complains that it cannot find a file, which I can't figure out which package it belongs to, and taking a quick search around the interwebs hasn't produced anything useful...
The IGP is the CPU, which is actually a i5-4460... which according to Wikipedia it has a HD Graphics 4600 GPU.
View 3 Replies
View Related
Dec 23, 2015
I can not to start dnscrypt-proxy-1.6 like server.
I use the man: [URL]
The man work for dnscrypt-proxy-1.2. It was work good. On latest version the man don't work.
I want that my DNS server is work well work.
uname -a
Code: Select allLinux raspberrypi 4.1.13-v7+ #826 SMP PREEMPT Fri Nov 13 20:19:03 GMT 2015 armv7l GNU/Linux
cat /etc/dnsmasq.conf
Code: Select alldns-forward-max=500
bogus-priv
resolv-file=/etc/resolv-dnsmasq.conf
no-resolv
listen-address=192.168.1.5
bind-interfaces
cache-size=600
[code]....
My system is Reaspbian (Like debian but for Raspberry pi 2).
View 0 Replies
View Related
Jul 30, 2010
i have recompiled kernel on my netbook (lenovo s10-3t).suspend works correctly but then i cannot wake up. i think i just missed some kernel options.what options must be set for suspend/wake up?
View 7 Replies
View Related
Nov 16, 2010
I've been running my server for a few months now. I'm using the latest version of Lenny, regularly updated. The system is basic: it's a Celeron 1.2GHz-based machine with 512MB RAM. Since it runs SAMBA, I wanted it to run on Gigabit, so I bought a generic gigabit ethernet card with a Realtek RTL8169 chipset. For reference, the original ethernet adapter is an Intel 82801 (815 chipset) 10/100MBit. The card appeared in lspci when I first started up the system but eth1 wasn't up; I installed the Realtek drivers anyway (having installed all the kernel sources etc) and brought eth1 up. However, no matter what I do, it will NOT run at gigabit speeds!
It's plugged into a Belkin gigabit switch that I know will run at gigabit speeds; I've tried different ports and cables (including one that definitely allows gigabit) but nothing will allow the card to run at full speed. Eth0 is no longer set to automatic; only eth1 comes up on boot with a static IP.
[Code]...
View 12 Replies
View Related
Jan 8, 2011
I enabled java and flash in Iceweasel 3.5.16 via the related/required packages in the repository so flash-nonfree (or whatever it is) and the related java one. I didn't install either flash or java manually so no plugins that way. Flash and java works in Iceweasel. If I wanted to try Swiftfox, what do I do? I have it installed but both flash and java don't work.
I assume that one has to do the manual installs for both so go to both Flash and Java official sites and install the related Linux package. Will this conflict with my Iceweasel-based java/flash packages? Or do they go in separate directories and files? I don't want a conflict or interference and thus, don't want to break what's working.
View 7 Replies
View Related
May 12, 2011
I just bought for my T60 a pcmcia cardreader (16 in1) from HT-Link (HT-190). In Windows 7 no problem, but squeeze does not evenzethe card.It's not shown in lsusb or lspci.lspcmcia showsSocket 0 Bridge: [yenta_cardbus] (bus ID: 0000:15:00.0)
dmesg | grep pcmcia brings
[ 4.538206] yenta_cardbus 0000:15:00.0: pcmcia: parent PCI bridge I/O window: 0x9000 - 0xcfff
[code]...
View 6 Replies
View Related
Feb 14, 2011
My net-book is working properly with Debian squeeze 2-6-32-5-686, only the wlan does not work. After typing lsusb I have got the message: lsusb : Bus 002 Device 002 : ID 160a:3184 VIA Technologies, Inc. VIA VNT-6656 [WiFi 802.11b/g USB Dongle]
So I obtained the driver package : VT6656_Linux_src_v1.19_12_x86. I followed the instructions ( make install... ) - but the result is only a lot of error messages. Mayby I am using the wrong driver package for the squeeze kernel - I don't know.
View 9 Replies
View Related
