I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
I am real tired of getting those SSL errors when I go to my intranet. So I am now trying to generate my own SSL certs (go me). I have easy-rsa installed for my openvpn can I use that so sign the csr?
View 2 Replies View RelatedIs there a guide somewhere that covers all the security module topics for Linux, somewhat from top to bottom. Such as LDAP TLS RSA secure auth... generating certs etc etc. All of it and how it all ties together. Sure I can find you should use this etc., or guides that don't explain much or how they work together to complete the sweet. TLD seems to suffer from the same thing that I just stated...
View 1 Replies View RelatedWhy is that certificates need to be revoked with openvpn?I simply removed them from the keys folder but everytime the client connects it just places the certificates back into the keys folder itself?! Should that be possible?
Secondly, I have a problems etting the revoke command.Is there a known setting on the openssl.cnf file that might cause this?
[root@server]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@server]# ./revoke-full client2
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/etc/openvpn/easy-rsa/2.0/openssl.cnf'
21368:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
code....
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies View RelatedWe have a web server running apache and a custom web app that we log into from a web browser and it ask you to except the certificate and all is well. I now have an user who is using a window server 2008 and he wants to manually import the *.cer file into his browser to be able to login. My question are:
1 - What is the file that is being imported into the browser? *.pem *.crt
2 - I see on our server that we have our certs I believe located in the /etc/pki/tls/certs. The openRADIUS servers that I have created, this is the directory to where it is stored.Is this the typical placement for certs.
3 -If the files is a .cert or *.pem than could I use openssl to convert them to the appropiate *.cer file for IE7
I would like to do 2 things in kmail.
1- I would like to sign and not encrypt the mail that I sent. How do I do that?
2- How do I import my digital certificate in kmail?
My desktop 10.10 is unable to access SOME https websites from all installed browsers (Firefox, Chrome and Opera). In firefox I get the error message "Firefox can't establish a connection to the server at www.[nameofsite.com]" One suggestion that I encountered was that the Root Certificates were outdated and/or corrupted and needed to be reset.
A Google search came with the suggestion:
Fix the root certificates on your system. Open Your browser and navigate to the following URL. Once at the web page follow the directions to reset your root certificates. [URL]
Unfortunately this website is one of the problem connections. Another PC with a fresh installation of 10.10 does not display these problems.
Which are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedI've just setup a new Ubuntu Server 10.10 serving SVN through Apache (HTTP, HTTPS).It seems all ports are open by default on this new server. Why is this? Do I need to lock it down with iptables, or is it secure as it is anyway (somehow)?
View 6 Replies View RelatedI've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
I have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies View RelatedI am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
i have a quick question about using plesk on centos 5.x server and installation of ssl certificates. if anyone out there has expertise with above,
View 1 Replies View RelatedMy sendmail server makes use of the TLS_SRV_OPTIONS which is set to `V' meaning it shouldn't verify certificates. As a server, it doesn't and the {verify} macro shows "NOT" in the logs, showing that no certificate request was sent out.
Acting as a client though, and I'm talking both about the server acting as a client towards other mail servers and about the local mail submission agent, it always verifies certificates. My mail submission agent when contacting my own mail server verifies the mail servers' certificate and still, the mail server has not initiated any exchanging of certificates since it still says "verify=NOT" in the logs (whereas the same entry for the submission agent reads OK or FAIL depending on what I use).
So, does mail servers ALWAYS send out its certificates and when they do, the "client" in question (no matter if it's the mail server acting as client or the mail submission agent) validates it because the TLS_SRV_OPTIONS setting just applies to when it's running as a server, or is there a setting to tell Sendmail not to send out certificates since you're not in the business of certificate verification relaying anyways?
Ubuntu 10.04
When I execute a sudo or gksu evolution (e.g. synaptic package manager) I find that the escalated privileges remain in effect for a period of time. Sometimes, not often, the notifier applet shows an icon indicating that escalated privileges are in effect.
What I would like to know:
What is the default amount of time which escalated privileges remain in effect on my system?
Is it possible, if so how, to change this amount of time?
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
View 2 Replies View RelatedI've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies View RelatedUsing Debian Lenny I'm getting the following message in my mail: /etc/cron.daily/logrotate:
Quote:
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
I get the following error while starting apache httpd
Code: httpd: Could not determine the server's fully qualified domain name, using <Server's-ip-address> for ServerName I googled it and have come across the following solutions, all of them involve changing the ServerName setting in httpd.conf:ServerName localhost ServerName www.example.com:80 ServerName <ip-address-of-server> ServerName <hostname-of-machine/FQDN>
I am setting up httpd to be accessed from over a LAN, so i don't have a .com domain name. I am thinking of going with the first option, it seems to be working...
Is there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies View RelatedI have one physical dedicated server. The name of the server is 'mail.iamghost.tld' which is obviously my Postfix mail server for my users. Now I generated SSL self signed certificates with 'OpenSSL' which is for 'mail.iamghost.tld'. I also have Apache installed on the same server to access my webmail application. I created a pointer record for 'url' to point to the same static I.P. as 'mail.iamghost.tld'. So my question is if I also want to encrypt site login's for url, do I need to generate a unique SSL certificate for 'url' or can I use my existing SSL certificates that are assigned to 'mail.iamghost.tld'? It's the same server but when people browse to my 'url' site, I don't want there to be an issue with the certificates saying it's for 'mail.iamghost.tld' when they're really communicating with 'url'.
View 5 Replies View RelatedI got a machine with RedHat Enterprise Linux 5 installed. I set the ifcfg-eth0 as following:
Code:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
when the machine rebooted, eth0 has the ip address 192.168.24.234. But if executing 'dhclient', eth0 will get the ip address 10.200.34.208, which is my expected ip address. I'm not quite familiar with networking things. I don't know what's going on there. Why should I need to execute 'dhclient' to obtain the expected ip address? Is there any way to obtain the ip address 10.200.34.208 right after host boot?
Is there a command to determine of a device supports IO Fencing?We are trying to run a Sybase cluster that shares storage. I'm sure the device supports fencing, but don't know how to show that it does.
View 1 Replies View RelatedWe are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedOn one of my servers the "free" command tells me that a lot of swap space are in use. What I'd like to do is to determine which processes have been swapped out. I tried issuing "top" and sort by the "swap" column, but this doesn't seem to provide correct values - when performing the same excersize on another server with close to no pages swapped out, the sum when adding the swap value for each process greatly exceeds the swap usage reported by "free". So how do I go about determining the swap space used for individual processes?
View 7 Replies View Related
