Is there a guide somewhere that covers all the security module topics for Linux, somewhat from top to bottom. Such as LDAP TLS RSA secure auth... generating certs etc etc. All of it and how it all ties together. Sure I can find you should use this etc., or guides that don't explain much or how they work together to complete the sweet. TLD seems to suffer from the same thing that I just stated...
View 1 RepliesI am real tired of getting those SSL errors when I go to my intranet. So I am now trying to generate my own SSL certs (go me). I have easy-rsa installed for my openvpn can I use that so sign the csr?
View 2 Replies View RelatedI am currently using [URL] to send and receive faxes at work. I need the faxes to be encrypted. They offer public key encryption with PGP 9.8.2 They just need my public key to be compatible with their PGP version. I found a few statements at the GPG site, which may not be true for newer versions of gpg: PGP, Inc. refuses to accept Elgamal keys of type 20 even for encryption.They only support type 16.PGP 5.x does not accept v4 signatures for data material but OpenPGP requests generation of v4 signatures for all kind of data, that's why GnuPG defaults to them. By default, GnuPG encrypts your secret key using the Blowfish symmetric algorithm. Older PGPs will only understand 3DES, CAST5, or IDEA symmetric algorithms. PGP doesn't do Elgamal signing keys at all, so they are not usable with any version. I attempt to avoid using trial and error here, because an incompatible key may provoke loss of crucial information. It is difficult to estimate how long it would take them/me to find out that the key provided was not compatible; but probably it would entail a significant loss for the business.
View 1 Replies View RelatedI run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
Why is that certificates need to be revoked with openvpn?I simply removed them from the keys folder but everytime the client connects it just places the certificates back into the keys folder itself?! Should that be possible?
Secondly, I have a problems etting the revoke command.Is there a known setting on the openssl.cnf file that might cause this?
[root@server]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@server]# ./revoke-full client2
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/etc/openvpn/easy-rsa/2.0/openssl.cnf'
21368:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
code....
I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies View Relatedi just got a new internet connection from the local service provider. While installation, he insisted that i use my mobile number as the wpa password for the wifi. From what Ive heard, this is company policy. Im a little skeptical about this as ive read wpa is crackable using a dictionary if the password is in there. So i looked around and found the air-crack suite to test the security for my access point. As my password is only numeric, i couldn't find only a numeric dictionary to use with air-crack.
So, i would like to create a dictionary that has only 10 digits, and the first two digit should be "05", because thats what mobile numbers here start from. I would be really grateful if anyone could point me to a way to do this easily.
We have a web server running apache and a custom web app that we log into from a web browser and it ask you to except the certificate and all is well. I now have an user who is using a window server 2008 and he wants to manually import the *.cer file into his browser to be able to login. My question are:
1 - What is the file that is being imported into the browser? *.pem *.crt
2 - I see on our server that we have our certs I believe located in the /etc/pki/tls/certs. The openRADIUS servers that I have created, this is the directory to where it is stored.Is this the typical placement for certs.
3 -If the files is a .cert or *.pem than could I use openssl to convert them to the appropiate *.cer file for IE7
I would like to do 2 things in kmail.
1- I would like to sign and not encrypt the mail that I sent. How do I do that?
2- How do I import my digital certificate in kmail?
My desktop 10.10 is unable to access SOME https websites from all installed browsers (Firefox, Chrome and Opera). In firefox I get the error message "Firefox can't establish a connection to the server at www.[nameofsite.com]" One suggestion that I encountered was that the Root Certificates were outdated and/or corrupted and needed to be reset.
A Google search came with the suggestion:
Fix the root certificates on your system. Open Your browser and navigate to the following URL. Once at the web page follow the directions to reset your root certificates. [URL]
Unfortunately this website is one of the problem connections. Another PC with a fresh installation of 10.10 does not display these problems.
Which are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedI have gotten over my inability to add SELinux users and am trying to write an SELinux module on my Fedora 10 machine, standard SELinux distribution. Most of it works just fine, but I've been having strange troubles with some policy interfaces--m4 expands them to numbers rather than valid SELinux policy language. Here's what I'm getting:
seutil_read_config($1_t) ---> 679
seutil_read_src_policy($1_t) ---> 1021
files_search_etc($1_t) ---> 1875
As far as I know all of these are valid policy interfaces (I've checked them up in their respective files, and they do exist and contain what appears to be valid policy). The last one I know because I went into seutil_read_src_policy and put its contents into the module rather than the macro itself. Now, I could do the same with files_search_etc, but really I'd like the top-level macro to just work. Does anyone know what is causing this problem? I'm certain I'm using correct syntax, unless there's a whitespace rule I'm not familiar with.
A secondary problem I have, generating warnings rather than errors, is that for some reason ' s are popping up in my expanded module, right after the end of expansions of some (but not all) macros that I've defined.
I've been trying to write php or perl code to generate the sha-512 password hashes in fedora. I've been unable to do the hashing which is encoded in the shadow file on fedora core 11. Does anyone have php or perl code which provides the hashing algorithm. (All of my attempts result in the encrypted hashing being longer than 86 character -- the length that crypt says the sha-512 should be)
View 3 Replies View RelatedI'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
I have enrolled some certificates from my own ca, to use to a couple of different services, like FTP, WEB, Mail etc. All these certificates comes from the same CA (my own), and I have created a root CA. But is it possible to import this root CA to the whole system, so I do not have to import the certificate or root CA to the different applications like iceweasel/firefox, chrome, icedove, filezilla etc.
View 2 Replies View RelatedI have the following problem with konqueror. Eveytime when I am trying to enter https://localhost:10000 (this is webmin) or https://localhost:631, konqueror asks me in a popup the following (translated from german):
"The authentification of the server has failed.The certificate does not suite to the server. The certificate has not been signed by a trustable authentification authority"
Then I press "continue". Then the next popup appears asking me: "Do you want to always accept this certificate without any request" And the possible buttons are "always" or "only this session". The problem is that I always press on "always" but obviously konqueror is not remembering this certificate since I have to press all the buttons a hundred times in the ongoing session and every new session. In firefox, I was only asked once and the certificate was stored in list. Does anyone know how to fix this problem in konqueror??
How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies View RelatedI just installed Citrix to my computer but when I try to use it I get an error message saying:
"You have not chosen to trust "Equifax Secure Global eBusiness CA-1", the issuer of the server's security certificate (SSL error 61)."
So I downloaded the certificates to allow me to use it but I am unable to copy them to the /usr/lib/ICAClient/keystore/cacerts/ directory, I cant download them straight to that folder either. I have administrative privileges but still I cant do anything with the files in those folders other than look at them. How to put files in those folders?
Is it possible to set up an OpenVPN without having to issue keys or certificates.All tutorials I found seem to use them.
I want just a basic username/password approach - I don't care that much about security obviously but is it at all possible?
Does anyone know how to configure an SSL cert with GoDaddy? On the following squid page it seems to use x509 and PEM format for everything. GoDaddy seems want CSR files to issue the cert. The x509 & PEM combo don't seem to generate these CSR files in the correct format. Does anyone know the openssl commands to generate the files and the config line(s) to put in squid.conf?
I started from this wiki: [URL]
I also tried following this godaddy wiki, but it was for apache and not squid [URL]
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
After the Sun Jan 24 20:22:46 UTC 2010 update in slackware-current (x86), I am unable to store SSL certificates until "Forever" when asked if greeted with an unknown certificate under KDE. No application can save the certificates eg.: konqueror, kmail etc... I am aware that the above mentioned update didn't bring any updated KDE applications/libs, but still, this has stopped working right after this upgrade. The certificates can be accepted, and after doing so everything works as expected. The only annoying thing, is that although I have selected to trust the certificate "Forever", it asks again after an application restart (eg. konqueror, kmail) if I want to trust this cert forever or for the current sessions only. So it seems, that I can not store/save/trust the SSL certificates forever with KDE.
View 1 Replies View Relatedhow to generate excel charts from C, or if it's possible at all? For example, if I had 2 arrays that I wanted to export to excel and graph against each other. I know how to export it to a csv file, that's no problem, but I have no idea where to start with generating a graph of the data. I can't seem to find any examples anywhere. Just a simple example to show you what I mean: Code:
char arr1[] = {'a','b','c'};
int arr2[] = {10,20,30};
int main ()
[code]....
I want to generate my own socks 5 proxy not for lan but for my use on internet I want to access that proxy from any pc and any connection. Like proxy supplied by atomintersoft.com or xroxy.com i want to create my own 300 socks 5 proxy. I can have dedicated server if required to do so.
1)tell me steps to create my own socks5 proxy.What are general system requirement.
2)Which Distro will be best for this purpose.I am new here and dont have idea about linux but can grasp everything faster than u!
I have a directory containing the following files.
Code:
1-res-opt-I189N-0001.pdb
1-res-opt-I189N-0002.pdb
1-res-opt-I189N-0003.pdb
1-res-opt-I189N-0004.pdb
[code].....
What I want is something like:
Code:
for i in *.pdb
do
python my_script.py 1-res-opt-I189N-00{1..10}.pdb 3-res-opt-I189N-00{1..10}.pdb
done
such that always the two files with corresponding index are submitted together to the Python script. How do I do that?
I have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
SARG seems ok but it is not generating any reports.... "Now generating Sarg report from Squid log file /var/log/squid/access.log squid and all rotated versions .... Sarg finished, but no report was generated. See the output above for details. There is also no view generated reports too.
View 1 Replies View RelatedUnfortunatelly since i have no background at all about GUI programming, i dont know even the keyword for that i want to generate a pop up window from my program (written in C) which show a message and an OK button. in my opinion, maybe i should use directly the Xlib library and not the GTK or QT library for example so the program can work almost on every linux system. A code snippet/hint for the pop-up window then?
View 2 Replies View Related