Debian Configuration :: Replace Snakeoil SSL Certificates?
Mar 2, 2010
It appears that on Debian (Squeeze) that when I install Postfix MTA, it looks like it uses a default Debian SSL certificate:
root@mail:~# postconf -n | grep -i snakeoil
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
My question is it safe to remove these and re-create my own with openssl?
cd /etc/ssl/certs
openssl req -new -x509 -newkey rsa:2048 -days 3650 -keyout mail.key -out mail.crt
openssl rsa -in mail.key -out mail.key
mv mail.key /etc/ssl/private
Will this impact my Debian system any or will it work fine? Do you guys have any experience with this? I would rather try generating them myself and change it from 1024 to 2048.
View 2 Replies
ADVERTISEMENT
Apr 19, 2011
I've just bought a Linksys WRT610N router and I ran through various problems during the configuration, that brought some questions.Here is what I did to configure it (following the short manual that I got with the router)1. plugged the router in my modem and in my computer via ethernet cables2. entered its IP address (given on the manual) on my browser and logged in with the factory login3. changed the login passwordAfter this the problems that I have encountered are that:I set up the administration of the router to be disabled via wireless and enabled locally via https, but when saving those settings I either lost the connection (the browser telling me the server was not accessible) or asked confirm a security certificate after being (logically) redirected to the https version of the administration pageafter trying to loggin again, I wasn't able to login via https but only via http even if after logging those parameters were still as I set them (wireless administrative login disabled and local administrative login enabled only via https)
via https when getting something else than "the server is not responding or could be too busy", I was prompted the untrusted connection site, saying that"192.168.1.1 uses an invalid security certificate.The certificate is not trusted because it is self-signed.The certificate is only valid for Linksys.The certificate expired on 01/01/71 01:21. The current time is 19/04/11 22:56.(Error code:sec_error_expired_issuer_certificate)"I noticed that after loosing the connection and not being able to reach the router either with http or https, the only way I was then able to reconnect to it was to go into (I am using firefox 4 on squeeze) edit > preferences > advanced > encryption > view certificates > servers and delete the linksys certificate
View 4 Replies
View Related
Aug 24, 2010
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
View 7 Replies
View Related
Jan 17, 2009
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies
View Related
Dec 18, 2010
I have enrolled some certificates from my own ca, to use to a couple of different services, like FTP, WEB, Mail etc. All these certificates comes from the same CA (my own), and I have created a root CA. But is it possible to import this root CA to the whole system, so I do not have to import the certificate or root CA to the different applications like iceweasel/firefox, chrome, icedove, filezilla etc.
View 2 Replies
View Related
Mar 1, 2016
I'm trying to install Debian Jessie, but the installation keeps failing when installing the ca-certificates package and then asks for a media change to the disk that is already in the drive, and keeps asking even though it's already in the drive.
View 0 Replies
View Related
Apr 23, 2011
Can the Replace function replace more than one word with the same character(s)?
Also, do you know how to access the plugins provided by the gedit-plugins package?
View 3 Replies
View Related
May 15, 2011
it happened first after upgrading about a week (|| more) ago. i thought that it's just em.. kinda normal (i'm running debian unstable, so such things are happening often).
but now it became a problem: i've tried reinstalling nvidia's drivers and compiz itself. no effect. also, i can't catch any errors in logs.
View 8 Replies
View Related
Aug 21, 2010
If I understand everything right I can use simple cd to create an install of my system then config everything and create an archive of /etc,/var,/usr and that give me a backup of my changed files. but what I am not able to do is create a script to replace the files with the archived version of the config files automatically. I need it to be ran as a post intall script or to configure the conf files as part of the install. what I configure on every reinstall. apache,proftpd,mysql,php,and wordpress. Since I am still learning I reinstall a lot and standard backups have not been working for me. But I can put the whole install including backup on one cd. Is there a way replace only the change files from the archive. or getting a list of just the modafied files on my system.
View 1 Replies
View Related
Jun 12, 2013
I have a directory of orchestral music .ogg files from a family member. Each track is from a different artist and the CDDB entry adds a ":" character after the artist name in the track title.
Here is an example of what I am referring to:
Code: Select all13_-_Mozart:_Sonata_in_A_major_KV_331.ogg
I would like to parse file names in any given directory and search for the string Code: Select all: and replace it with Code: Select all_ According to this post on stackoverflow, I can use Perl to accomplish this task. I've tried Code: Select allperl -i.bak -pe 's/:/_/' but since I am still learning Perl I'm probably commiting a PEBKAC error.
How would I go about solving this issue with regular expressions using Perl?
View 3 Replies
View Related
Nov 18, 2010
I am having no luck configuring ProFTPd on a Debian Lenny production server we use to host our MySQL databases and a few websites. I had originally set it up so I could login and manage our internal sites, but I have the need to allow a few clients in to access their sites that we host. I am trying to root the users in their site directory, which would be "/sites/www.whatever.com/".
It just hit me while typing this. Is it possible to create a user without a shell to prevent login via SSH and set the home folder to /sites/whatever instead of /home/username? That would allow me to continue operating with my current configuration and root them in their site while preventing SSH logins.
View 6 Replies
View Related
Jul 20, 2011
i have a HP MSA 2312fc SAN with 2 LUNs configured. The first LUN (LUN ID 1) is correctly connected to the system, but when i connect the second LUN (LUN ID 30), i find in the syslog this message: multipathd: 8:64: size 6835937472, expected 5267578112. Discard
Here is the multipath.conf
[Code]....
So I correctly see the two luns, but multipath doesn't create the relative devices. Under /dev/mapper I see: control mpath0 mpath0-part1 mpath0-part1 is the first lun, the one I mounted in a directory under filesystem. I can't find the device for the second lun
View 1 Replies
View Related
Apr 5, 2010
I am *finally* getting around to rebuilding my file-sharing computer. I'll be sharing files with both Linux and Windoze machines. It's a home network, so there's nothing fancy needed. I know I have to tweak my smb.conf file until I'm satisfied with the features and security. I'm using SWAT and I'm starting with a bare-bones conf file. It's not secure but I can see the server and selected files/directories from my other Linux box.
My really dumb question is, do I have to reboot both the server and the client machines every time I change the SAMBA configuration? I thought I just had to stop and restart the SAMBA service in the SWAT software - but then the server disappears from my client. It looks like I need to reboot both machines for the client to see the server.
View 1 Replies
View Related
Aug 23, 2011
I have some errors when run the mount -all command: mount: wrong fs type, bad option, bad superblock on /dev/sdc5, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so Failed to open /proc/filesystems: No such file or directory
[Code]..
View 14 Replies
View Related
Mar 16, 2014
Is there any way to use sed to replace certain text in a file with the persons username automatically? Right now i'm using
Code: Select allsed -i.bak s/STRING_TO_REPLACE/STRING_TO_REPLACE_IT/g file.foo
I would like it to automatically inject the persons usrname in the replacement string. Is this possible? I've been looking on line at various sed tutorials and I cant quite find what i'm looking for. I also didn't really see anything in the forums search function.Essentially i'm trying to take this file URL...Android.rules and replace all instances of username with the persons actual username automatically.
Code: Select allsed -i.bak s/username/$USER/g 51_Android.rules
View 0 Replies
View Related
Aug 3, 2011
I have a PC104 running debian. I have 3 hard drives (in addition to the one booting) mounted in fstab by UUID. I use the options defaults,error=remount-ro. However, this means that when I boot with the hard drives not attached, I have to press Ctrl-D to bypass when the boot discovers the drives are missing. Is there a timeout commandoption I can add to fstab so that it automatically continues booting even if the hard drives are not attached? I could not find anything on a timeout command. (I tried adding timeout=1000 but no-random guess)
View 5 Replies
View Related
Mar 19, 2011
A week ago I opened this thread viewtopic.php?f=17&t=61580 in "Board index ‹ Help ‹ Installation" and asked for a moderator to move this to here. Because it hasnt happened up to know, I am reopening the thread here. It would be reeeeally great if somebody could help me with my problem!
I own two computers, one netbook and one laptop. I want to boot my netbook as a diskless client via PXE.I set up a dhcp-, tftp and nfs-server on my laptop but when i boot my netbook, the follwoing messages are displayed:(to make it more clear, i uploaded the whole output and shortened the output below)
[Code]...
View 1 Replies
View Related
Jul 31, 2011
I am using Squessze and Gnome. When I try to use the gui System>Administration>Network or Users and Groups I get the error The configuration could not be loaded. You are not allowed to access the system configuration.Everything was working before. I read around a bit. In some cases,it was caused by mismatching group and password files after using the gui. I do not know how to check if they are matching. Of course I do not know for sure that is the problem in my case.
View 14 Replies
View Related
Mar 27, 2009
I am real tired of getting those SSL errors when I go to my intranet. So I am now trying to generate my own SSL certs (go me). I have easy-rsa installed for my openvpn can I use that so sign the csr?
View 2 Replies
View Related
Apr 19, 2011
I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
View 3 Replies
View Related
Mar 5, 2010
I use apache2 with virtual host and I 've a solution of Webftp who run on it. This solution send automatically email when a new client register himself. In the header of the mail I look this "Content-type: text/html". But when I look this mail with Outlook 2007 the accents are bad coding.It's a script who generate this Html content email.
View 1 Replies
View Related
Jun 17, 2010
I am working on a Debian 2.6.26-19 Distribution with exim4 as MTA. After a system restart a problem occurred with delivering emails to local addresses. These local addresses use a 1and1 mailserver for email. The MX records for the local domain are set correctly but exim does not use a DNS lookup for these addresses because it identifies them as local addresses. I figured this out by executing the exim4 -d -bt command. The dns lookup part of the result looks like this (I replaced the actual address with placeholders):
[Code]....
The eventual result of the exim4 -d -bt command is: [user]@[domain.ext] is undeliverable: Unrouteable address How can I make sure, that exim4 makes a DNS lookup for the local addresses instead of skipping it? I know that I have to edit a exim4 configuration file, but I could not figure out which and how.
View 1 Replies
View Related
Jul 6, 2010
I have a set of vm's with stable, testing, and sid to keep track of how things are going. When I did an apt-get dist-upgrade with squeeze last week, things seemed to OK (350 package updates) until the end. It didn't seem to like and / or was confused by a kernel dependency.
I am not too concerned yet. Because these are in vm's, I do a snapshot before any significant change. I can futz around with impunity because I have that backup.
I re-booted, and tried the apt-get dist-upgrade again with same results. I think I also tried apt-get -f install.
So I reverted to the snapshot, and will simply try again in the future. I recall that with lenny as testing, the font-desktop was really screwed up for about a period of 6 weeks.
However, just in case someone else runs into this:
1) a re-boot worked, but the failure of apt-get made me nervous enough to revert.
2) waiting for corrections has seemed to work in the past (with a single exception with a 4-disk SCSI software RAID10 update that failed to re-boot lenny successfully after what seemed to be a minor update -- that was on a real system, not a vm. I haven't gotten back to look at that.)
View 14 Replies
View Related
Oct 3, 2010
I was trying to get the Windows one working again. Here's what fdisk -l reads:
[Code]...
I'll change these or do some grub configurations, if anyone knows what ones can work.
View 1 Replies
View Related
Nov 14, 2010
I have problems with the system harddrive. I would like to install my Debian on to a new HDD with the same configuration and packages. How do I get the configuration to the new Debian. What files/directory do I need to copy? How do install the same packages?
View 4 Replies
View Related
Jan 24, 2011
To configure SMS gateway using Kannel configuration for Huwei GSM Modem
dmesg gives attached modem in my system:
View 2 Replies
View Related
Apr 30, 2011
I have a problem with the configuration of the NS zone. Looked through the logs, and there:
Apr 28 21:20:19 szewczyk named[18340]: /etc/bind/db.domain.pl:1: no current owner name
Apr 28 21:20:19 szewczyk named[18340]: zone domain.pl/IN: loading from master file /etc/bind/db.domena.pl failed: no owner
[code]....
View 1 Replies
View Related
Feb 26, 2011
I have downloaded NETINSTALL disk from debian.org burned it and during installation it says that error and inst will not continued. This disk havent error replace disks and reburned them. On this computer debian 6 has been installed two weeks ago. "Running post-installation trigger fontconfig" on this stage i have fail.
View 6 Replies
View Related
May 17, 2011
I have the following problem with konqueror. Eveytime when I am trying to enter https://localhost:10000 (this is webmin) or https://localhost:631, konqueror asks me in a popup the following (translated from german):
"The authentification of the server has failed.The certificate does not suite to the server. The certificate has not been signed by a trustable authentification authority"
Then I press "continue". Then the next popup appears asking me: "Do you want to always accept this certificate without any request" And the possible buttons are "always" or "only this session". The problem is that I always press on "always" but obviously konqueror is not remembering this certificate since I have to press all the buttons a hundred times in the ongoing session and every new session. In firefox, I was only asked once and the certificate was stored in list. Does anyone know how to fix this problem in konqueror??
View 3 Replies
View Related
May 16, 2011
How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies
View Related