I am trying to run Citrix XenDesktop on F13.I installed the .rpm package from their website and when I access my school's server, firefox acts like everything is ok but then I get a certificate error. A box pops up that says You have not chosen to trust "AddTrust External CA Root", the issuer of the server's security certificate (SSL error 61).' and I am not sure how to handle this.
View 2 RepliesI'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View Relatedi've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
[Code]...
I am having issues with using OpenSSL. How do I view the currently used certificate? Also, do you know of a good site that has instructions on how to install a certificate. The previous user installed a GoDaddy cert for an FTP server and I need to update it because it's expiring real soon.
View 10 Replies View RelatedGot F13 installed yesterday, this afternoon I suddenly started getting Secure Connection Failed warnings. I'm not sure whose problem it is because it mentions uses an invalid security certificate.This certificate is only valid for *.opendns.com(Error Code: ssl_error_bad_cert_domain)It continues to say that someone could be impersonating the actual server. I am still receiving mail through google and my google calendars seem to be working. I do use OpenDNS for my DNS instead of my ISPs (Comcast which would very often slow down) and obviously I use IMAP mail with google on Thunderbird. So is it google, or OpenDNS, or Thunderbird that has a problem. Firefox does not seem to have a problem
View 2 Replies View RelatedI am trying to get openssl to verify a certificate. I will walk you through what I have done so far.
1. openssl genrsa -des3 -out connect.mydomain.com.key 2048
2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr
3. Bought an SSL from GoDaddy.
4. Submitted my CSR
5. Downloaded sf_bundle.crt (CA File I presume)
6. Downloaded connect.mydomain.com.crt
Now I can do the following: [root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt
connect.mydomain.com.crt: OK This is specifying the CAfile.
[Code]...
How can I add an existing certificate (pem format) as trusted in Fedora via the command line?Do I have to copy the files to a certain keystore? Where does Fedora store the trusted certificates
View 2 Replies View RelatedI want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies View RelatedHow I can create and install a formal SSL certificate for Fedora issued by Geocerts or Verisign?
View 1 Replies View RelatedMy organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password. After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.
Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error:
Code:
Could not get metalink [URL] error was
14: Peer cert cannot be verified or peer cert invalid
I have installed a Citrix Client but to get it to function I need to copy a Certificate to /usr/lib/ICAClient/keystore/cacerts but my problem is I do not have a clue on how to find /usr/lib/ICAClient/keystore/cacerts
View 1 Replies View RelatedI am trying to renew the existing SSL certificate by using genkey for our shopping website. i havent seen any information how to generate a new certificate for. Is any one could tell me how to change SSL certificates?
View 4 Replies View Relatedi have installed openvpn and config it for a tunnel. my server.conf and client,conf is as follow:
server.conf
port 1194
proto udp
[code]...
I have PDF file that needs certificate to be shown.Its certificate is a .pfx file.I'm using Okular to view PDF files in Ubuntu 10.04 How can I use that certificate?
View 1 Replies View RelatedI use WLM (And yes, I realise odds are this is a problem on microsofts side) and almost every time claws mail connects WLM returns a new certificate. Valid, but I have to constantly accept or deny the certificate. Why is WLM pumping out fresh certs all the time and how can I fix this?
Whenever this pops up whatever I have at the moment shows "Signature status: No certificate issuer found" and the other shows "Signature status: Correct".
Simple task: I'd like to use uzbl, but I need to visit a couple of sites with client certificates. Chrome uses my local cert storage, I suppose uzbl can do that too. But how?
View 1 Replies View RelatedI opened Evolution to send an email, and up popped this warning: What's more, I can't get rid of the warning: clicking Cancel does no good, nor clicking the X in the corner of the box. And if I try to close it via the "Window Menu" at the top left corner of the box, Close does nothing. I haven't tried clicking OK, because I don't know what I'd be agreeing to.
View 3 Replies View RelatedI have a server with Apache2 and I would like to use encryption to prevent eavesdropping POST requests and similar. I've had success using SSL with a self-signed certificate, but this will of course generate huge warnings from the web browser. It's no problem for me when I'm connecting to the server as I know what to expect, but any other user who sees such a warning will surely leave the site unless I have personally explained the procedure.
Is there really no way to encrypt HTTP without having to use certificates? I know that this is supposed to provide security by identifying the server,but my point is that an encrypted connection without a CA would in no way be inferior to one that sends passwords as plain text. All I want to do is prevent people who are using programs such as Cain or any other packet sniffer from getting their hands on my passwords. I'm not exactly running an online bank system her
I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux. But in the QNX OS I get this error.
./curl --cacert /mnt/temp/curl-ca-bundle.crt -v https://www.paypal.com
* About to connect() to proxy 172.16.2.17 port 8080 (#0)
* Trying 172.16.2.17... connected
[code]...
I am running Apache 2.2.13 with SSL and SNI enabled. This is what the virtual host portions looks like:
<VirtualHost *:443>
ServerAdmin support@itherd.com
DocumentRoot /srv/www/apps/login.itherd.com/
ServerName login.itherd.com
ErrorLog /var/log/apache2/login.itherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key
<Directory "srv/www/apps/login.itherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
<VirtualHost *:443>
ServerAdmin support@clubherd.com
DocumentRoot /srv/www/apps/app.clubherd.com/
ServerName app.clubherd.com
ErrorLog /var/log/apache2/club.clubherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key
<Directory "srv/www/apps/app.clubherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
When I start Apache it ask me for the pass phrase for the second host (both hosts have one). When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate. I have found and followed the directions of several web posts: [URLs]
When running MUTT on a RHEL 5.4 box, I get the message:
------------------------------------------------------
Server certificate has expired
This certificate belongs to:
localhost.localdomain
Unknown
SomeOrganization
SomeOrganizationalUnit
[URL]
I choose "accept always", but the same message appears next time. I do not wish to have a certificate requirement for MUTT and did not intentionally set the program up to include this feature. How can I get rid of it? My second choice would be to get a new certificate, but then I have to go through this every year. I have MUTT working on two other servers and this does not happen.
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies View RelatedI have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I am trying to install SSL certificate on my server.It is apache2, but I cant find the folders in which to install them.
E.g
ssl.key/
ssl.crt/
What should I do to get it?
I bought an SSL certificate that I am using for my whole website and would like to use that for postfix as well. I created my own as a test and it worked fine, but I want to use the one I bought because that is trusted, more secure, and the user doesn't get an untrusted popup every time they check their mail through outlook.
The problem is that I don't have a defined "key". I have two files, they are two certificate files. One is the website certificate and the other is a bundle certificate. I tried setting bundle as the key and the actual website cert as the certificate but that did not work. Can I do this? Is their a different type of cert I need to buy for this? What do I need to make "smtpd_tls_key_file" and "smtpd_tls_cert_file"?
My two files are, "sf_bundle.crt", and "website.com.crt".
I had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.
View 9 Replies View RelatedIs it possible to provide encryption over HTTPS without a certificate?
I can't afford a certificate from a CA, but I do want to provide encryption with my website... without a self-signed certificate because I hate that screen popping up on the clients computer on first visits.
I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?
Here is a step-by-step description:
Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using:
$ openssl req -noout -text -in server.csr
Having read how a private company is providing governments (and probably criminals) with a box that can listen in on SSL traffic by the use of forged CA certificates - [URL]. It turns out there's already a forged certificate in Firefox 3.6.
Go to Edit>Preferences>Advanced>Encryption>View Certificates and look for 'Equifax Secure Inc.' - You should see a proof-of-concept rogue certificate called 'MD5 Collisions Inc.' and a link to phreedom which explains the method used to generate it. That little lock doesn't necessarily mean that you're safe...
i just bought ssl certificate for my website but i really like huh? how to install it no idea!
View 1 Replies View Related