I install debian, I when I restart apache2, I got this error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?
How can I modify the commonName of the RSA server certificate?
In my httpd log I always get this recurring error
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[warn] RSA server certificate CommonName (CN) `srvspam' does NOT match server name!?
I'm trying to use LDAP with TLS but allways got Connect error. The message error is TLS : hostname does not match CN in peer certificate So I've tried to generate new certificate with my hostname for CN but my LDAP still don't want to work with TLS.
I use opensus 11.3. I used YAST2 for crating my CA and certificates.
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View RelatedSo I am creating a LDAP server for my school's Linux lab, so users on our school network can log into the Linux machines.
I found a guide here url...Authentication
But during the install, I get the following error.
update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none)
I have a requirement of using a wildcard certificate for 5 subdomains running under apache httpd server and 1 subdomain under tomcat.Is there any possibility of using the single wildcard certificate both in tomcat and apache
View 3 Replies View RelatedI used a self assigned certificate openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 i followed configurations from th below website [URL].. On my outlook client p.c`s whenever connecting for the first it pops up a message telling mi tht my certificate on my server cannot be verified then it continues after click yes.
How do i do away with tht message other thn buying trusted certificate Or refer me to a good site with Ubuntu mail server configuration which makes uses of mysql
these are the lines in my /etc/dovecot/dovet.conf file
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
I have the following query:
Code:
$sql="SELECT table1.datetime, table1.user_id, table2.ip, FROM table1,table2 WHERE id='$id' AND (table1.id = table2.id AND table1.datetime = table2.datetime)";
In table2 the datetime fields are about 1 to 2 seconds off due to the source of the data, which I cannot change.
Is it possible via a query match table1.datetime & table2.datetime by HH:MM (ie. to the minute instead of to the second)?
I have just generated a new ssl key on my ftp server with the following command
Code:
I then put my new key onto my file server and attempted to connect to the FTP and it failed (this did work before with the default key).. I use curlFTPfs to mount the FTP directory locally as /ftpbackup, below is the command and the output.
Code:
Error connecting to ftp: server certificate not activated yet. As you see it gives an error about the certificate not being activated, I have looked this up and cant find a way to activate it.
Below is the contents of vsftpd.conf on the ftp server
Code:
I have CentOS Directory Server running on CentOS 5. I try to add certificate, issued by our CA. I made an certificate request, and I got the certificate. I installed it, but I forgot to install the CA Certificate. Now I got the following error:
View 2 Replies View RelatedI have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I am trying to install SSL certificate on my server.It is apache2, but I cant find the folders in which to install them.
E.g
ssl.key/
ssl.crt/
What should I do to get it?
I use WLM (And yes, I realise odds are this is a problem on microsofts side) and almost every time claws mail connects WLM returns a new certificate. Valid, but I have to constantly accept or deny the certificate. Why is WLM pumping out fresh certs all the time and how can I fix this?
Whenever this pops up whatever I have at the moment shows "Signature status: No certificate issuer found" and the other shows "Signature status: Correct".
I have two Web server (RHEL 5.3) as cluster. i want to get a certificate for website. do i need to get two certificates for a website?
View 2 Replies View RelatedI am trying to implement a payment gateway, I have got a crt files from them, i have to add them into our trusted list so that we can establish a SSL handshake.i.e "Importing an SSL certificate into keystore" I dont have any idea on this one, can any one help me on this, my server is a ubuntu and runs apache as webserver.I am trying to use this in a soap request..An error occurred during a connection to ws.payconnexion.com:1401.
SoapFault exception: [HTTP] Could not connect to host in /var/domains/mywebroot/file/testpaymentmine.php:71
Stack trace:
[code]...
I am currently using vsftpd with ssl support.Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.
View 2 Replies View RelatedI had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.
View 9 Replies View RelatedIs it possible to provide encryption over HTTPS without a certificate?
I can't afford a certificate from a CA, but I do want to provide encryption with my website... without a self-signed certificate because I hate that screen popping up on the clients computer on first visits.
I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?
Here is a step-by-step description:
Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using:
$ openssl req -noout -text -in server.csr
does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
View 1 Replies View RelatedI'm try to start certificate authentication from my web site..
vhosts.conf for httpd:
<IfModule mod_ssl.c>
<VirtualHost 127.0.0.1:443>
ServerName ca.asu
[Code].....
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.
Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).
By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).
How to find a common-sense web page for Apache2 on Debian 8.1?
I upgraded my server yesterday via apt-get and my Perl scripts are not able to make HTTPS connections due to certificate verification problems.
This seems to be a problem for EVERY HTTPS site.
CURL gives the following error:
Code: Select allSSL certificate problem: unable to get local issuer certificate
I know that this has something to do with root certificate updates, but if I sound ignorant about it, it's because I am.
using CURL with the -k option allows the connection to be made.
I'm running OpenSSl 1.0.1k-3+deb8u2 on Jessie 8.2.
I would obviously prefer to not disable certificate verification on my server.
I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.
I had created the certificate like so:
Code: Select allopenssl ecparam -name secp521r1 -genkey -param_enc explicit -out private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out certs/ec-email-server.pem -days 365
So I've setup a test server, and connected to it with a test client like the following:
Code: Select allopenssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem -key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123
However, once again, I get "no shared cipher" errors.
I have a Red Hat Enterprise Linux 4 server on my network & that I inherited with no documentation what so ever and it has an application called 'Clearquest' installed from IBM. This application uses some proprietary web server that gets installed with the 'Clearquest' application. My problem is I need to find the SSL certificate the web server is using. If this were Apache, I would look in '/etc/httpd/conf.d/http.conf' but there is no Apache software installed. Can someone please assist me in a way I can look through the RHEL 4 server for any trace of the SSL certificate. I don't know the actual name of the certificate but I know the server is rendering it on the web. When I type the address of my server in the URL field, I can see the servers SSL certificate. Now how I can find that certificate path / location on the server itself?
View 1 Replies View RelatedSecurity Type: WPA2-Enterprise
Encryption Type: AES
Network Authentication mode:
Microsoft: Protected EAP (PEAP) - Unvalidated Server Certificate
User must authenticate log-on. Its a wireless network. how to set this up for Ubuntu.
We installed 3 new rhel 5.5 systems yesterday; each of which are generating this error " Error: certificate verify failed" in response to a basic "yum update". From what I can gather, via a general search, this may be isolated to x86_64 -- however the references I found were specific to Satellite Server (which we are not using). Never the less, I checked the PATHs for the cert and they are correct. All of our 32 bit systems are running RHEL 5.5 and this is not a problem on any of them.
View 6 Replies View RelatedThings beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?
I have built the linux-image deb using uclibc as cross compiler but I failed to install the package to the root file system on my CF card. It shows the following ERROR message :
Code:
dpkg: error processing linux-2.6.26_2.6.26-1_uclibc-linux-i386.deb (--install) :
Package architecture (uclibc-linux-i386) does not match system (i386)
Errors were encountered while processing :
linux-2.6.26_2.6.26-1_uclibc-linux-i386.deb