I think there is something wrong with my CRL file, such as the file format.Is there any requirement to the CRL file? What can I do to enable this CRL file checking?
I am running Apache 2.2.13 with SSL and SNI enabled. This is what the virtual host portions looks like:
<VirtualHost *:443> ServerAdmin support@itherd.com DocumentRoot /srv/www/apps/login.itherd.com/ ServerName login.itherd.com ErrorLog /var/log/apache2/login.itherd.com-error_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key <Directory "srv/www/apps/login.itherd.com/"> AllowOverride None Options ExecCGI AddHandler cgi-script cgi pl Order allow,deny Allow from all </Directory> </VirtualHost>
<VirtualHost *:443> ServerAdmin support@clubherd.com DocumentRoot /srv/www/apps/app.clubherd.com/ ServerName app.clubherd.com ErrorLog /var/log/apache2/club.clubherd.com-error_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key <Directory "srv/www/apps/app.clubherd.com/"> AllowOverride None Options ExecCGI AddHandler cgi-script cgi pl Order allow,deny Allow from all </Directory> </VirtualHost>
When I start Apache it ask me for the pass phrase for the second host (both hosts have one). When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate. I have found and followed the directions of several web posts: [URLs]
libapr-0.so.0 is needed by httpd-2.0.59-1.i386 libaprutil-0.so.0 is needed by httpd-2.0.59-1.i386 libcrypto.so.4 is needed by httpd-2.0.59-1.i386 liblber-2.2.so.7 is needed by httpd-2.0.59-1.i386 libldap-2.2.so.7 is needed by httpd-2.0.59-1.i386 libssl.so.4 is needed by httpd-2.0.59-1.i386
[root@ganesh apache]# warning: httpd-2.0.59-1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 751d7f27 -bash: warning:: command not found
I was wondering if it is possible to have different certificates for different directories in a https-directory ?So what I want is that for a specificry a specific TLS-certificate is needed by the http-client to be authorized to the directory.Directory /var/www/html/secure/1 needs a certificate A.Directory /var/www/html/secure/2 need a different certificate B.So I have 1 CA, which signs the other certificates of the specific directory. The http-client gets the certificate A or certificate B (to be authenticated for secure/1 of secure/2)
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
I tried creating a virtual server in apache and it got created successfully. (I also added a zone in dns for that domain successfully) However, when I try opening that domain in my browser, I see a popup window which asks me what to do with "default" which is a php file type.
I dont see the index.php which should actually open. What do I do to make the php files display correctly?
I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux. But in the QNX OS I get this error.
./curl --cacert /mnt/temp/curl-ca-bundle.crt -v https://www.paypal.com * About to connect() to proxy 172.16.2.17 port 8080 (#0) * Trying 172.16.2.17... connected
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
On startup - prompt asking for apache certificate password doesn't accept input. Can switch to another tty but can't restart apache due to the port already being bound (suppose I could change ports for apache config after startup but that's pretty ugly and clearly not the right way to address the problem.
I have to pull certificate from multiple computers which are on network and store it in a single fie or each file belong to a particular computer.I am using certutil -store to import the certificate.
My webserver accesses a backend mySQL server using CentOS5
The last week, I have been getting a "page Load Error" on my web server whilst others told me they are getting a "broken link" error when they try to access my web site. It has been working fine for the last 12 months until last week.
ADSL, modem and router okay according to service provider (verizon)
I can ping my IP address and my domain name.
# netstat -tap
shows http and https both processes running.
# service httpd restart no issues
I shut down firewall and tried again, but got the same "page load error".
I just installed Citrix to my computer but when I try to use it I get an error message saying: "You have not chosen to trust "Equifax Secure Global eBusiness CA-1", the issuer of the server's security certificate (SSL error 61)."
So I downloaded the certificates to allow me to use it but I am unable to copy them to the /usr/lib/ICAClient/keystore/cacerts/ directory, I cant download them straight to that folder either. I have administrative privileges but still I cant do anything with the files in those folders other than look at them. How to put files in those folders?
for the last few releases, starting with 9.04 i've been having serious crashing problems with the nvidia driver. whether i installed it manually using the latest drivers directly from nvidia, or installing them through the restricted driver option. after a few hours CRASH. it's been awful. and i tried everything from this side to the moon to fix this issue, all to no avail. no idea why i've even stayed with ubuntu after all these issues. came from the debian world back in 5.04, and almost moved back a few times. but i did a clean install of 10.04, and thought i'd give the nvidia driver one last chance... if it didn't work i'd be moving back home to debian (with the suspicion the issue would stay).
so after i tried the restricted driver and CRASH. nothing to fix it. then i thought ok i'll try to use the latest driver from nvidia. but ran into this error when installing it:
Quote: ERROR: Unable to load the kernel module nvidia.ko. This happens most frequently when this kernel module was built against the wrong or improperly configured kernel sources, with a version of gcc that differs from the one used to build the target kernel, or if a driver such as rivafb/nvidiafb is present and prevents the NVIDIA kernel module from obtaining ownership of the NVIDIA graphics device(s), or NVIDIA GPU installed in this system is not supported by this NVIDIA Linux graphics driver release. so after googling around i found a fix to this error i was getting during the install:
Quote: sudo nano /etc/modprobe.d/blacklist.conf
blacklist vga16fb blacklist nouveau blacklist rivafb blacklist nvidiafb blacklist rivatv
I've installed Fontmatrix. It deactivates fonts correctly, but when I try to reactivate them, it does not do so, and gives this error message: "Fontmatrix has been unable to load the font in file /usr/share/fonts/truetype/ttf-liberation/LiberationMono-Bold.ttf. Please check missing files." It is still possible to reinstall them using Gnome Font Viewer. Does anyone know what to do about this?
I have a requirement of using a wildcard certificate for 5 subdomains running under apache httpd server and 1 subdomain under tomcat.Is there any possibility of using the single wildcard certificate both in tomcat and apache
Just did an auto update. Among the list of things was an SSL update and now I can no longer connect to my MSN account in Pidgeon. I get an error "unable to validate certificate, the certificate for Omega.contacts.msn.com could not be validated. The certificate chain present is invalid."
The problem is here:When I was open gmail in my system Certificate Error is coming. The error details:
This Connection is Untrusted You have asked Firefox to connect securely to url, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. code....
My organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password. After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.
Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error: Code: Could not get metalink [URL] error was 14: Peer cert cannot be verified or peer cert invalid
Occasionally my machine displays the following warning whenever left to itself for an hour or so. "www.windowsvistatestdrive.com:443 uses an invalid security certificate. The certificate expired on 09/16/2009 10:52 AM. (Error code: sec_error_expired_certificate)"
I am not trying to access this site. It is not always the same url. My machine, described below, is networked to an XP machine which recently had to be recovered after a viral attack. Since I am not usually interested I decline to use the certificate and the warning goes away.
