How can I add an existing certificate (pem format) as trusted in Fedora via the command line?Do I have to copy the files to a certain keystore? Where does Fedora store the trusted certificates
View 2 RepliesI am trying to renew the existing SSL certificate by using genkey for our shopping website. i havent seen any information how to generate a new certificate for. Is any one could tell me how to change SSL certificates?
View 4 Replies View RelatedI am having issues with using OpenSSL. How do I view the currently used certificate? Also, do you know of a good site that has instructions on how to install a certificate. The previous user installed a GoDaddy cert for an FTP server and I need to update it because it's expiring real soon.
View 10 Replies View RelatedGot F13 installed yesterday, this afternoon I suddenly started getting Secure Connection Failed warnings. I'm not sure whose problem it is because it mentions uses an invalid security certificate.This certificate is only valid for *.opendns.com(Error Code: ssl_error_bad_cert_domain)It continues to say that someone could be impersonating the actual server. I am still receiving mail through google and my google calendars seem to be working. I do use OpenDNS for my DNS instead of my ISPs (Comcast which would very often slow down) and obviously I use IMAP mail with google on Thunderbird. So is it google, or OpenDNS, or Thunderbird that has a problem. Firefox does not seem to have a problem
View 2 Replies View RelatedI want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies View RelatedWhen running MUTT on a RHEL 5.4 box, I get the message:
------------------------------------------------------
Server certificate has expired
This certificate belongs to:
localhost.localdomain
Unknown
SomeOrganization
SomeOrganizationalUnit
[URL]
I choose "accept always", but the same message appears next time. I do not wish to have a certificate requirement for MUTT and did not intentionally set the program up to include this feature. How can I get rid of it? My second choice would be to get a new certificate, but then I have to go through this every year. I have MUTT working on two other servers and this does not happen.
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies View RelatedHaving read how a private company is providing governments (and probably criminals) with a box that can listen in on SSL traffic by the use of forged CA certificates - [URL]. It turns out there's already a forged certificate in Firefox 3.6.
Go to Edit>Preferences>Advanced>Encryption>View Certificates and look for 'Equifax Secure Inc.' - You should see a proof-of-concept rogue certificate called 'MD5 Collisions Inc.' and a link to phreedom which explains the method used to generate it. That little lock doesn't necessarily mean that you're safe...
The problem is here:When I was open gmail in my system Certificate Error is coming. The error details:
This Connection is Untrusted You have asked Firefox to connect securely to url, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
code....
At the login webpage of <[URL]>, the Time Warner Cable (TWC) Webmail site, I am immediately confronted with a warning that the Security Certificate is invalid & that the site is untrusted. This occurs with Firefox, Seamonkey, & Konqueror. This does not occur on Microsoft or Apple systems; I have checked other colleagues machines. I have manually overridden the warning & everything functions fine. I have contacted TWC & am awaiting their tests. But, I would like some independent corroboration from other users in the Linux community. Could some of you perform the test yourself on this URL? An error will be readily apparent.
View 14 Replies View RelatedOccasionally my machine displays the following warning whenever left to itself for an hour or so. "www.windowsvistatestdrive.com:443 uses an invalid security certificate. The certificate expired on 09/16/2009 10:52 AM. (Error code: sec_error_expired_certificate)"
I am not trying to access this site. It is not always the same url. My machine, described below, is networked to an XP machine which recently had to be recovered after a viral attack. Since I am not usually interested I decline to use the certificate and the warning goes away.
I just upgraded from Ubuntu 8.10 to 9.04. I installed Webmin 1.470 but when I tried to run it from Firefox 3.09 I got the following message.
localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer).
Never had this problem with Ubuntu 8.04.
Firefox 3.6.12 on Ubuntu 10.10 on my desktop computer is reporting a "this connection is untrusted" error for sites that have security certificates provided by COMODO. Yet, the same sites work fine in Firefox 3.6.x on Windows XP, or Chromium in Ubuntu. Here is the more specific message: "The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)" The issuer is listed as "COMODO High Assurance Secure Server CA." Here are some examples that throw this error for me:[URL]... It appears that there was some controversy with COMODO and Mozilla (due to bad behavior by COMODO) in the past, but all I can find on that indicates that this should be not an issue any longer.
Anybody with ideas?
I get an Untrusted Connection error when I visit this site to login into my GRE account, and I cannot add it as an exception, in Mozilla Firefox 4.0 on Ubuntu 11.04. When I visit the site using Chrome, I have no issues. Is this a bug in Firefox's certificate management? I'm using Ubuntu 11.04. I do not get this error in Windows' Firefox 4.0.
View 3 Replies View RelatedI'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View RelatedGirlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says: 'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:
Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside. Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things. The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
this is not on the master node, but rather the node that is being replicated to. The problem occurs when i query using ldapsearch or an `getent passwd` EG ldapsearch:
Code:
[root@cakeslave ~]# ldapsearch -x -b 'cn=Christian Unger,ou=People,dc=example,dc=org' -D "cn=replica,dc=example,dc=org" -H ldaps://cakeslave.example.org -w cakewalk
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[code]....
The cacert.pem in /etc/ssl/certs and /etc/openldap/certificate are identical (check using md5sum). I have done an strace and found that it looks at /etc/pki/tls/cert.pem .
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
Is there a way to encrypt existing home directories in lucid so that they will unlock with pam-encfs when the user logs in? Or must you do this when the directory is created?
View 1 Replies View RelatedI am trying to run Citrix XenDesktop on F13.I installed the .rpm package from their website and when I access my school's server, firefox acts like everything is ok but then I get a certificate error. A box pops up that says You have not chosen to trust "AddTrust External CA Root", the issuer of the server's security certificate (SSL error 61).' and I am not sure how to handle this.
View 2 Replies View Relatedi've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
[Code]...
I am trying to get openssl to verify a certificate. I will walk you through what I have done so far.
1. openssl genrsa -des3 -out connect.mydomain.com.key 2048
2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr
3. Bought an SSL from GoDaddy.
4. Submitted my CSR
5. Downloaded sf_bundle.crt (CA File I presume)
6. Downloaded connect.mydomain.com.crt
Now I can do the following: [root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt
connect.mydomain.com.crt: OK This is specifying the CAfile.
[Code]...
How I can create and install a formal SSL certificate for Fedora issued by Geocerts or Verisign?
View 1 Replies View RelatedMy organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password. After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.
Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error:
Code:
Could not get metalink [URL] error was
14: Peer cert cannot be verified or peer cert invalid
I have an existing unix user that some how didnt make it into the copy over to our LDAP server. How do I add an existing unix user to an existing LDAP directory? Will ldapadd work? I was under the impression ldapadd required an ldif file to work properly.
View 7 Replies View RelatedI have installed a Citrix Client but to get it to function I need to copy a Certificate to /usr/lib/ICAClient/keystore/cacerts but my problem is I do not have a clue on how to find /usr/lib/ICAClient/keystore/cacerts
View 1 Replies View RelatedMy company's default OS is Windows 7. I convinced my manager so that I could use Fedora 12, since I am mostly familiar with development environment in Fedora. However there are a few things I need in Windows 7, and I want to stop going back and forth in two OS'es in dual boot-up setting.
I've searched online for easy way to use the existing Windows 7 as guest virtual machine. I first tried VMware's Vcenter Converter Standalone in Windows 7, but it failed with some error code, and searching the particular error code didn't turn up any solution. I also tried to use Sun's VirtualBox, but I get segmentation fault error in Fedora. I tried to see if VMware server has a tool, but installation exists with an error, and searching the web for the error code didn't turn up anything either.... I wonder if I am having this much difficulties because I am using x86_64 version of OS'es.
Anyhow, if anyone has done it successfully - using existing Windows 7 as guest virtual machine in x86_64 version of Fedora 12.
i have installed openvpn and config it for a tunnel. my server.conf and client,conf is as follow:
server.conf
port 1194
proto udp
[code]...
We are having perl version 5.8 and executing the perl scripts to maintain oracle database on Solaris10. Our existing perl version is 5.8.Now, we want to try the same existing perl scripts on Fedora14.Is it possible to run the existing perl scripts on Fedoara14?Do I have to seperately install the perl on Fedora14 ?
View 2 Replies View RelatedI have a doubt with how to add un-used space in my RHEL 4.0(linux) server to a existing partition. I will explain the scenario:-I have some 220 GB space on my linux server as shown by the command as below-
[root@JispNewDB ~]# fdisk -l
Disk /dev/cciss/c0d0: 733.9 GB, 733909245952 bytes
255 heads, 63 sectors/track, 89226 cylinders
[code]...