Debian :: Creating Certificate Signing Request - CSR?

Jun 9, 2015

I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?

Here is a step-by-step description:

Make sure OpenSSL is installed and in your PATH.

Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):

$ openssl genrsa -des3 -out server.key 1024

Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:

$ openssl rsa -noout -text -in server.key

If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:

$ openssl rsa -in server.key -out server.key.unsecure

Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):

$ openssl req -new -key server.key -out server.csr

Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via, enter "" here. You can see the details of this CSR by using:

$ openssl req -noout -text -in server.csr

View 2 Replies


General :: Creating Formal SSL Certificate For Fedora

Dec 8, 2010

How I can create and install a formal SSL certificate for Fedora issued by Geocerts or Verisign?

View 1 Replies View Related

General :: Creating Certificate Authenticated User?

Aug 19, 2010

I am trying to create a certificate case user logon via ssh. On the server I have openSSH and a few users. I want to be able to assign a user a certificate to connect remotely via SSH.

View 1 Replies View Related

Debian Installation :: "Signing Keys" / Verify The File With MD-5, SHA-256?

Mar 31, 2011

Anyone attempting to install Debian Squeeze from CD-1, or Debian-live DVD will want to know how to verify the file with MD-5, SHA-256 and (available for some versions only) SHA-512 checksums of the iso images, using the appropriate signing key. But there are no instructions that I can find in the Debian CD FAQ, which simply points users at the archive keyring. Now according to this message, as of 9 Feb 2011 the Debian Squeeze archive signing key has fingerprint 9FED 2BCB DCD2 9CDF 7626  78CB AED4 B06F 4730 41FA

The Debian signing key website gives the archive signing key as the master key, and (this addresses the problem I raised elsewhere) even makes it available via https. That sounds good! Just one problem: the detached signatures for files such as url

which gives the SHA-256 sum for url

have been signed with a different key, which has fingerprint DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

No wonder I am confused! And it seems that I may not be the only one; others seem to be confused also.

If no-one at the Debian mailing list can explain what is going on, I have little hope that anyone here will be able to clear this up, but I'll ask anyway: what are all the Debian related GPG keys and where do you find them all? is it true that there are different keys needed to verify CD iso images and debs? (And... what else?) where do you go to obtain all the lastest Debian keys via https? (This is important as it can hinder MITM attacks by lone crackers, assorted crooks, maybe even state actors, etc.; the "Comodogate" story provides clear evidence that there are people or organizations interested in mounting MITM attacks on persons downloading open-source software). in particular, it is sometimes convenient to use a live-CD to download an iso image (for example, when you no longer trust the system you are trying to upgrade!) and then one wants to use GPG to check the file with the checksum, so one needs to quickly locate and import into the GPG keyring of the (temporary) live-CD session the correct key; so where can I find the CD-signing key availalble via https? shouldn't the CD FAQ explain all this?

View 5 Replies View Related

Server :: Redirect All Client Http Request To Https Request In Squid?

Jun 25, 2010

how to redirect all client http request to https request in squid

View 1 Replies View Related

General :: Get A Certificate Error 60: "server Certificate Verification Failed" When Trying To Setup A Ubuntu Cloud?

Aug 24, 2011

I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

View 1 Replies View Related

Debian :: SSL Certificate Constantly Changing

Apr 22, 2011

I use WLM (And yes, I realise odds are this is a problem on microsofts side) and almost every time claws mail connects WLM returns a new certificate. Valid, but I have to constantly accept or deny the certificate. Why is WLM pumping out fresh certs all the time and how can I fix this?

Whenever this pops up whatever I have at the moment shows "Signature status: No certificate issuer found" and the other shows "Signature status: Correct".

View 2 Replies View Related

Debian :: Firefox - Getting Invalid Certificate On Every Page

Jun 20, 2011

I had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.

View 9 Replies View Related

Debian :: Provide Encryption Over HTTPS Without A Certificate?

Jul 17, 2011

Is it possible to provide encryption over HTTPS without a certificate?

I can't afford a certificate from a CA, but I do want to provide encryption with my website... without a self-signed certificate because I hate that screen popping up on the clients computer on first visits.

View 4 Replies View Related

Debian Installation :: RSA Server Certificate CommonName (CN) Does NOT Match

Feb 26, 2015

I install debian, I when I restart apache2, I got this error

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?

How can I modify the commonName of the RSA server certificate?

View 1 Replies View Related

Debian Configuration :: Vsftpd Won't Accept Legit Certificate

Jun 22, 2015

I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.

500 OOPS: SSL: cannot load RSA certificate.

Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.

Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.

I'm successfully using the same certificate for NGINX.

Configuration file:
Code: Select alllisten=YES

[Code] ....

View 1 Replies View Related

Debian Configuration :: Install StartSSL Certificate For Apache2 In 8.1

Jul 17, 2015

Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.

Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).

By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).

How to find a common-sense web page for Apache2 on Debian 8.1?

View 8 Replies View Related

Debian Configuration :: Certificate Verification Broken After Upgrade

Jan 24, 2016

I upgraded my server yesterday via apt-get and my Perl scripts are not able to make HTTPS connections due to certificate verification problems.

This seems to be a problem for EVERY HTTPS site.

CURL gives the following error:

Code: Select allSSL certificate problem: unable to get local issuer certificate

I know that this has something to do with root certificate updates, but if I sound ignorant about it, it's because I am.

using CURL with the -k option allows the connection to be made.

I'm running OpenSSl 1.0.1k-3+deb8u2 on Jessie 8.2.

I would obviously prefer to not disable certificate verification on my server.

View 6 Replies View Related

Debian Configuration :: OpenSSL ECDSA Certificate Does Not Work

Apr 27, 2016

I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.

I had created the certificate like so:

Code: Select allopenssl ecparam -name secp521r1 -genkey -param_enc explicit -out private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out certs/ec-email-server.pem -days 365

So I've setup a test server, and connected to it with a test client like the following:

Code: Select allopenssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem -key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123

However, once again, I get "no shared cipher" errors.

View 1 Replies View Related

Fedora :: How To Boot Up Without Signing In

Jul 2, 2010

I have had to ditch ubuntu after 4 happy years as their 10.04 release was crazily resource hungry on my humble machine. Installed F13 smoothly and without any problems and so far it doesn't appear to be as resource hungry as ubuntu. One thing I have not been able to find in either gnome preferences or administration is where to set it to go straight to desktop without messing around with passwords and stuff.

View 3 Replies View Related

Debian :: Create Own Self-signed SSL Certificate To Ensure The Basket Area Remains Secure?

Dec 27, 2010

Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.

I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?

View 1 Replies View Related

Fedora :: Pidgin And Empathy Not Signing Into Msn?

Jan 18, 2010

Recently jumped from Ubuntu to Fedora 12 over the weekend, has been quite the bumpy ride. Though fun of course. But I'm having trouble coming to a solution for this problem, that started today. When signing into both Empathy or Pidgin (only with msn account) they both just hang on the white screen inactive... I say "inactive" the program hasn't frozen I just cannot be signed in. Also, in Pidgin at the bottom, next to where it shows your status, it has;

"Available - Waiting for network connection"

View 3 Replies View Related

Server :: Signing Up To The Amazon EC2 Service With EBS?

Jan 9, 2011

I am interested in signing up to the Amazon EC2 service with EBS. I have never used a unmanaged vps before, but I know how to use the command line etc. There are some basic packs on there to use, with basic LAMP stacks. But I would like to ask about how do I:

Upgrade a lamp stack? - someone mentioned yum, but what is this? how easy is it to use? is it enough? secure the lamp stack? - assuming I have no idea of linux security, can you give me a list or something of things I need to consider so I can begin the search (or just cover the steps would be awesome!) My website just uses php and mysql, so thats all i'll need. If you have any other tips on this,

View 1 Replies View Related

Debian :: Conky Making DNS Request Infinite Loops

Sep 14, 2015

For some reason my Conky is making my machine do infinite DNS requests to the last host I'm connected with. For example, if I visit it'll start the infinite DNS request to this host. If I close the navigator it stops. If I try to connect to it starts the DNS requests. If I disconnect it stops. Why is it happening?

That's my script:

Code: Select allbackground no
update_interval 1
total_run_times 0
own_window yes
own_window_type desktop
own_window_transparent yes

[Code] .....

View 0 Replies View Related

Debian Configuration :: Show Grub2 Menu Only Upon Request?

Mar 23, 2010

Daily updated Debian Testing Because Debian is the only operating system on this laptop and I keep at least two working kernels, I would like to hide Grub2's menu unless I press a key (like one could do with Grub). I can hide the menu if the line GRUB_TIMEOUT=0 is in /etc/default/grub but it doesn't appear after pressing SHIFT, which is a threat if the system cannot boot the selected kernel. Right now, the timeout is set to one second. I've read Grub2's documentation and [URL] and tried various combinations, but I haven't been able to make this work.

View 1 Replies View Related

Fedora :: Flash Plugin Signing Key - Cannot Update

Aug 11, 2010

Running graphical software update, fc13. Attached are screenshots, which appear in sequence. The first seems to be asking if I trust the source, Adobe. (The Help for this window says I can go to the adobe website to confirm details of the signing key, which I will do if there is not a simpler fix.) If I respond in affirmative to the first window I get the failure window, second shot, with traceback.

View 5 Replies View Related

Ubuntu :: Archive Automatic Signing Keys 10.10?

May 14, 2011

Initially I had a problem installing restricted extras. However, it appears the problem is more than a media problem, so I moved my thread here. I copied over what I thought the relevant code was from my previous thread. Anyone have ideas on how I can fix this?

onoku@onoku-MacBook:~$ sudo apt-get update && sudo apt-get upgrade
[sudo] password for onoku:


View 9 Replies View Related

Programming :: Digitally Signing Bash Scripts?

Feb 1, 2011

Is there any way to protect a bash script with a digital signature, so that it can't be executed if it has been meddled with? Or, if this is not possible for bash scripts, is it possible for any other type of scripts (Python, Perl?) in Linux?

View 5 Replies View Related

Debian :: Request Maintainers For Upgrade Package Version In Repos?

Feb 23, 2011

how i can request debian maintainers for upgrade package version in repos?

View 11 Replies View Related

Debian Configuration :: Network - Access Servers Request Failed

Feb 1, 2010

I recently installed two PC with debian lenny (kernel 2.6.26). One is called serveur-debian1 and the second one serveur-debian2. I have installed gnome,samba, mysql5, apache2, php5, and Virtualbox,bridge-tools on them. On serveur-debian2, i installed an other virtual debian lenny with apache2,mysql5,php5,nagios and centreon on it to view my network. I remember having installed a soft to access nntp on serveur-debian2 in order to test nagios.

Since a few days, i have problem to access to my servers. rom my windows 7 client, i try to ping serveur-debian1. Response is OK but not for all resquets Always from the same computer, i try to ping serveur-debian2. Response is OK but not for all again.

When i launch a ping on serveur-debian1 and serveur debian2 at the same time i have:

ping 1 to 10: serveur-debian1: response OK
serveur-debian2: no response
ping 11to 14: serveur-debian1: no response
serveur-debian2: response OK
ping 15 to 25: serveur-debian1: respone OK
serveur-debian2: @ip serveur-debian1 network unreachable (there's no error, it shows me the ip of serveur-debian1)

If i switch on the debian virtual server on the serveur-debian2, and i ping it at the same time, the response is OK for all resquests. The problem is very strange. I can't have a correct connection and when i launch a request from a software which access the mysql server, the requests failed ...

View 4 Replies View Related

Ubuntu :: Pidgin Not Signing In After Changed Hotmail IM Password?

Feb 23, 2010

So Pidgin was workign just fine in Ubuntu Studio karmic... After i Changed my password for my msn IM for security reasons it just woun't sign me in.

Iv tried so many times, my pass is correct... But i keep getting this message

"NEW MSN account
Authentication failed
Edit Account"

View 2 Replies View Related

General :: Yahoo Messenger Not Signing In With Squid 2.5 Stable 6

Aug 30, 2009

I have configured squid 2.5 stable 6. I can browse any website. I can even use msn messenger but I cannot use yahoo messenger. I have also set the http proxy settings in preference for yahoo messenger but still it does not sign in.

View 6 Replies View Related

Debian Hardware :: Wireless Card Error, Failed To Request Firmware

Jul 10, 2011

During installation at, Select and install software, i had this extra option "Packages to install: rt2x00-source", and answered yes. sources.list has main and contrib sections.

lspci -k
Network controller: RaLink RT2561/RT61 802.11g PCI
Subsystem: Linksys WMP54G ver 4.1
Kernel driver in use: rt61pci
ifup wlan0 returns this,
SIOCSIFFLAGS: No such file or directory


View 5 Replies View Related

Ubuntu :: Which Jabber/XMPP Client Supports Both Signing And Encrypting Messages With Openpgp

Jun 16, 2010

I've been trying to find out which jabber/XMPP clients out there automatically sign messages with openpgp you send but documentation on that has been spotty. Could you tell me a. if you know any clients that can easily sign and encrypt all outgoing messages and b. should I worry if a client is only able to sign presence and not messages?

View 1 Replies View Related

Debian :: Creating A Debian Live CD For The Base System

Feb 10, 2010

I am thinking about creating a Debian Live CD with only the base system. I would like to know how to make the CD bootable so that it can load the kernel and continue with the booting sequence.

View 12 Replies View Related

Copyrights 2005-15, All rights reserved