does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
I normally dont have a problem installing software. But im pulling my hair out trying to get openvas to work. i used this guide to install [URL].. when i try to login using the client it asks me to accept the certificate i click yes then it fails everytime
I'm trying to use Xchat, to communicate with a server which uses CAcert root certificate(s) for its SSL connection. I have Xchat all configured, and it works fine when I connect without SSL, but I'm getting pretty miffed about how to get it to find/use whatever local certificates I'm supposed to have, assuming I actually *have* these certs installed somewhere. This seems like it should be less difficult than I'm making it out to be. I've been to CAcert's website and their Wiki, and while they have the root certificates available for download (which I did, as well as inadvertently installing them into my browser, where they probably already were anyway) the only instructions I saw in their "Linux" docs department, on how/where to use/put them, were for a couple RH based distros, and some other distro I'm not using.
I checked the Xchat website and had a somewhat semi-thorough look around their user forum, but didn't find what I need there either. The openssl man page (yes, it's installed) doesn't tell me what I want, and xchat doesn't even *have* a man page. An LQ search turns up a few off-topic threads, mainly several years old and with very little in the way of replies. This ought to be easy :/ and I bet it is easy, with the right documentation in front of me. This is Slackware 13-64/-current. I've got /etc/ssl/certs folder, with nothing in it; and I have an /etc/ssl/openssl.cnf file which *appears* to be intended for using SSL on my own server (don't want that).
In case it helps, here's what the server tells me when I have enabled SSL and try to connect:
Code: [15:47] * * Certification info: [15:47] * Subject: [15:47] * CN=irc.twice-irc.de [15:47] * Issuer: [15:47] * O=CAcert Inc. [15:47] * OU=http: [15:47] * [15:47] * www.CAcert.org [15:47] * CN=CAcert Class 3 Root [15:47] * Public key algorithm: rsaEncryption (4096 bits) [15:47] * Sign algorithm sha1WithRSAEncryption [15:47] * Valid since Jun 13 14:38:18 2008 GMT to Jun 13 14:38:18 2010 GMT [15:47] * * Cipher info: [15:47] * Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) [15:47] * Connection failed. Error: unable to get local issuer certificate.? (20)
Can someone point me to a decent link/tutorial about how to connect by IRC, (using Xchat if that matters), and have it find my SSL certs and/or where/how I get the CA root certificates in the right location for this to work?
I have installed a Citrix Client but to get it to function I need to copy a Certificate to /usr/lib/ICAClient/keystore/cacerts but my problem is I do not have a clue on how to find /usr/lib/ICAClient/keystore/cacerts
When I try to install uzbl, a minimalistic web browser with apt-get, apt tries to remove all xserver-xorg packages that can't possibly have any relations to the uzbl package - since it's only a web browser.
[ ~/downloads ] % sudo apt-get install uzbl Reading package lists... Done Building dependency tree Reading state information... Done [code]....
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
I'm following a book (Mastering OpenLDAP) to install and setup OpenLDAP on CentOS, however this book is written for Debian, so some steps do not fit. Here's one, in order to setup TLS, I need CA certificate and server certificate and key. The book said in order to install the CA certificate, I should copy it to /usr/share/ca-certificates and run update-ca-certificates, obviously this doesn't work for CentOS. So I wonder what's the correct way to install CA certificate on CentOS? I suspect I can make OpenLDAP work without the installation, since in webmin configuration it only asks for the location of the certificate file, so I can stick it anywhere? Or is there a system wide certificate database I need to update?
I recently read a post and the comments in Linux Magazine concerning other browsers outside of firefox and chrome. Midori, Dillo, Kazehakase, and Netsurf were in the synaptic package manager so I installed them. Does anyone use the Amaya, Arora, or Uzbl browsers and what are they like?
I'm trying to install uzbl and was following the step by step guide on this page http://xanderboy.esdebian.org/36949/uzb ... orts-flash When i run make i get a lot of errors and warnings. Can anybody point out what I'm doing wrong?
I am running Apache 2.2.13 with SSL and SNI enabled. This is what the virtual host portions looks like:
<VirtualHost *:443> ServerAdmin firstname.lastname@example.org DocumentRoot /srv/www/apps/login.itherd.com/ ServerName login.itherd.com ErrorLog /var/log/apache2/login.itherd.com-error_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key <Directory "srv/www/apps/login.itherd.com/"> AllowOverride None Options ExecCGI AddHandler cgi-script cgi pl Order allow,deny Allow from all </Directory> </VirtualHost>
<VirtualHost *:443> ServerAdmin email@example.com DocumentRoot /srv/www/apps/app.clubherd.com/ ServerName app.clubherd.com ErrorLog /var/log/apache2/club.clubherd.com-error_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key <Directory "srv/www/apps/app.clubherd.com/"> AllowOverride None Options ExecCGI AddHandler cgi-script cgi pl Order allow,deny Allow from all </Directory> </VirtualHost>
When I start Apache it ask me for the pass phrase for the second host (both hosts have one). When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate. I have found and followed the directions of several web posts: [URLs]
I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux. But in the QNX OS I get this error.
./curl --cacert /mnt/temp/curl-ca-bundle.crt -v https://www.paypal.com * About to connect() to proxy 172.16.2.17 port 8080 (#0) * Trying 172.16.2.17... connected
I am testing about using SSL Certificate in apache web server using Ubantu 10.04.2 (64 bit edition). And I insert SSLcertificate and private.key file into "default-ssl" file in "sites-available" folder. But when I call the website, SSL certificate show "Could not verify this certificate for unknown reason".
I have a problem related with certificate generation. I had successfully installed openssl. After that I do these.
[root@localhost openssl-1.0.0a]# cd /usr/local/ssl/misc [root@localhost misc]# ./CA.sh -newca CA certificate filename (or enter to create)
Making CA certificate ... Generating a 1024 bit RSA private key .........++++++ ..........++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:IN State or Province Name (full name) [Berkshire]:KERALA Locality Name (eg, city) [Newbury]:KOCHI Organization Name (eg, company) [My Company Ltd]:squad Organizational Unit Name (eg, section) :SUPPORT Common Name (eg, your name or your server's hostname) :localhost Email Address :firstname.lastname@example.org
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :mahhghh An optional company name :mca Using configuration from /etc/pki/tls/openssl.cnf Enter pass phrase for ./demoCA/private/./cakey.pem: I am unable to access the ../../CA/newcerts directory ../../CA/newcerts: No such file or directory Distro:Centos 5.3 kernel 2.6.18
I started to prepare myself to RHCSA certificate from RedHat. In order to get this cert I have to pass exam EX200.THe best way to prepare would be to take part in courses RH124 and RH135 but I don't have cash for this and that's why I decided to prepare by myself.I downloaded ebook and have some experience in linux administration :McGraw.Hill.RHCE.Red.Hat.Certified.Engineer.Linux.Study.Guide.Exam.RH302.5th.Edition.Jun.2007Do you think that's enough to pass this EX200 exam ?Maybe someone have torrents to RH124 and RH135 courses ?
I am trying to run Citrix XenDesktop on F13.I installed the .rpm package from their website and when I access my school's server, firefox acts like everything is ok but then I get a certificate error. A box pops up that says You have not chosen to trust "AddTrust External CA Root", the issuer of the server's security certificate (SSL error 61).' and I am not sure how to handle this.
trying to create a "local network" by directly connecting an IBM Thinkpad with Debian Linux installed on it to an Alix computer running Voyager Linux. I'm following a "how to" I found to create a music server, hence the requirement. My issue is I can't get a static IP address to be configured on the Debian machine.I've trawled the net and have found the instructions about editing the /etc/network/interfaces and have tried to do this. First I tried to get DHCP working so I could connect the Debian machine to the net and this proved successful. I edited the interfaces file to look as follows:
# The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
Then I tried adding a static IP address to the machine. As this is a network purely between two machines I made up the IP addres and used 192.168.0.1 and used a NetMask calculator to give me a NetMask of 255.255.255.254 (I told the calculator there would be 2 machines on the network). I then edited the interfaces file as follows:
# The loopback network interface auto lo iface lo inet loopback
I re-booted the machine (ifdown eth0 followed by ifup eth0 keeps saying that eth0 hasn't been configured - a problem there that I don't understand), but during boot up time it failed to assign the Static IP address to eth0 and made me go into SU mode. To fix it I simply replaced the interface file with the static IP inputs with the file that had the DHCP entries (I'd made a copy of the DHCP file), and re-started the machine. Everthing came up fine. So the first question is how do I get a static IP address to be assigned to eth0 such that whenever I shut down and restart the machine the static IP address is always loaded?
The second question is around creating the network via the cross over cable. From what I've found via Google, all I should have to do is create a static IP address on the Debian machine and a static IP address on the Voyager machine. Once they're connected by the cross over cable they should see each other. Is that correct, or do I have to do anything else?
I am writing a TCP server in C, and the server listens to incoming client connections and accepts them. It then creates a thread to handle the client. The clients are expected to only receive data from my server and not send any data. So if I use a select() call with a recv(), I believe that the recv() will just block forever since there will not be any data coming from the client. If I use a non-blocking recv(), then this will just return a 0 which tells me nothing because the client is not expected to send any data. I am not sure if I have misunderstood some socket concepts, but I need a solution to detect when the client has disconnected so that I can close the socket and stop sending data to the client. As I understand it, simple ACKs etc are not captured by the recv(), and only data sent by the client will cause recv() to return a non-zero value, so I am not sure how to know when the client has disconnected.
I have configured server ubuntu 11.04. Everything works fine, but there is a need for some clients to connect local hard drive. What should I do? How and what modules are added to the ltsp-image? How to register in the fstab on the client? Maybe I'm going the wrong way?
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.