does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
View 1 RepliesI have a requirement of using a wildcard certificate for 5 subdomains running under apache httpd server and 1 subdomain under tomcat.Is there any possibility of using the single wildcard certificate both in tomcat and apache
View 3 Replies View RelatedIn my httpd log I always get this recurring error
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[warn] RSA server certificate CommonName (CN) `srvspam' does NOT match server name!?
I have a problem about installing DHCPv6 on CentOS . I have 2 machines,a machine is DHCPv6 server and another is DHCPv6 client,they are in the same network.I configure 2 machines as the following link :[URL]
But,the client machine doesn't get a ipv6 from server.
I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking.
first, system info:
monitored server:
CentOS 5.3 2.6.18-128.1.1.el5
[code]....
I'm try to start certificate authentication from my web site..
vhosts.conf for httpd:
<IfModule mod_ssl.c>
<VirtualHost 127.0.0.1:443>
ServerName ca.asu
[Code].....
I just installed Centos 5.5 on one of my systems today and something is eluding me. Basically I had a web site and forum software (phpBB, but I don't think it's that, other forum software like Xoops does the same thing) running on Fedora 13, and I copied it over to the new Centos installation. Apache is running fine and displays a PHP test file and .html files just fine.
MySQL seems to be fine, I can log into that, show databases etc. Just can't get any forum software to know there is MySQL there. I did change the path of the site, and the databases, and edited /etc/my.cnf and /etc/httpd/conf/httpd.conf to reflect that. Thought I made the needed changes in /etc/php.ini but who knows. Seemed like everything should have tar'd up and moved easy, but not the case...
I have CentOS Directory Server running on CentOS 5. I try to add certificate, issued by our CA. I made an certificate request, and I got the certificate. I installed it, but I forgot to install the CA Certificate. Now I got the following error:
View 2 Replies View RelatedSetup a new machine with Apache, identical setup to all the other machines I got, yet this one is logging hostnames instead of IPs.
"HostnameLookups" are "Off" and LogFormat settings are identical to all the other machines:
Code:
Added a new LogFormat directive:
Code:
And told the virtual hosts to use it:
Code:
This solved the problem, though I'm at a loss as to why I've got this behavior on just this one box and none of the others. OS is Debian Lenny, same version of Apache installed via Debian package.
My understanding from Apache doc [url] is that when "HostnameLookups" are "Off, "%h" will yield IP instead of hostname..
Code:
It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy scripting and database integration, request/response filtering, many flexible authentication schemes, and more. Homepage: [url]
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View RelatedSimple task: I'd like to use uzbl, but I need to visit a couple of sites with client certificates. Chrome uses my local cert storage, I suppose uzbl can do that too. But how?
View 1 Replies View RelatedI am trying to install SSL certificate on my server.It is apache2, but I cant find the folders in which to install them.
E.g
ssl.key/
ssl.crt/
What should I do to get it?
I am running Apache 2.2.13 with SSL and SNI enabled. This is what the virtual host portions looks like:
<VirtualHost *:443>
ServerAdmin support@itherd.com
DocumentRoot /srv/www/apps/login.itherd.com/
ServerName login.itherd.com
ErrorLog /var/log/apache2/login.itherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key
<Directory "srv/www/apps/login.itherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
<VirtualHost *:443>
ServerAdmin support@clubherd.com
DocumentRoot /srv/www/apps/app.clubherd.com/
ServerName app.clubherd.com
ErrorLog /var/log/apache2/club.clubherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key
<Directory "srv/www/apps/app.clubherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
When I start Apache it ask me for the pass phrase for the second host (both hosts have one). When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate. I have found and followed the directions of several web posts: [URLs]
I was trying to setup SSL Client authentication on only one virtual host. Here is a brief excerpt sample of my conf file for the virtual host:
<VirtualHost xx.xx.xx.xx:443>
SSLRequire %{SSL_CLIENT_S_DN_O} eq "something"
SSLVerifyClient require
SSLVerifyDepth 2
</VirtualHost>
But when I try to check for syntax errors tells me SSLRequire not allowed here I do not want to add SSLRequire on the main httpd.conf because I only want it for one virtual host. The rest of the virtual hosts do not need it.
I normally dont have a problem installing software. But im pulling my hair out trying to get openvas to work. i used this guide to install [URL].. when i try to login using the client it asks me to accept the certificate i click yes then it fails everytime
View 1 Replies View RelatedI have installed a Citrix Client but to get it to function I need to copy a Certificate to /usr/lib/ICAClient/keystore/cacerts but my problem is I do not have a clue on how to find /usr/lib/ICAClient/keystore/cacerts
View 1 Replies View RelatedI'm trying to use Xchat, to communicate with a server which uses CAcert root certificate(s) for its SSL connection. I have Xchat all configured, and it works fine when I connect without SSL, but I'm getting pretty miffed about how to get it to find/use whatever local certificates I'm supposed to have, assuming I actually *have* these certs installed somewhere. This seems like it should be less difficult than I'm making it out to be. I've been to CAcert's website and their Wiki, and while they have the root certificates available for download (which I did, as well as inadvertently installing them into my browser, where they probably already were anyway) the only instructions I saw in their "Linux" docs department, on how/where to use/put them, were for a couple RH based distros, and some other distro I'm not using.
I checked the Xchat website and had a somewhat semi-thorough look around their user forum, but didn't find what I need there either. The openssl man page (yes, it's installed) doesn't tell me what I want, and xchat doesn't even *have* a man page. An LQ search turns up a few off-topic threads, mainly several years old and with very little in the way of replies. This ought to be easy :/ and I bet it is easy, with the right documentation in front of me. This is Slackware 13-64/-current. I've got /etc/ssl/certs folder, with nothing in it; and I have an /etc/ssl/openssl.cnf file which *appears* to be intended for using SSL on my own server (don't want that).
In case it helps, here's what the server tells me when I have enabled SSL and try to connect:
Code:
[15:47] * * Certification info:
[15:47] * Subject:
[15:47] * CN=irc.twice-irc.de
[15:47] * Issuer:
[15:47] * O=CAcert Inc.
[15:47] * OU=http:
[15:47] *
[15:47] * www.CAcert.org
[15:47] * CN=CAcert Class 3 Root
[15:47] * Public key algorithm: rsaEncryption (4096 bits)
[15:47] * Sign algorithm sha1WithRSAEncryption
[15:47] * Valid since Jun 13 14:38:18 2008 GMT to Jun 13 14:38:18 2010 GMT
[15:47] * * Cipher info:
[15:47] * Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
[15:47] * Connection failed. Error: unable to get local issuer certificate.? (20)
Can someone point me to a decent link/tutorial about how to connect by IRC, (using Xchat if that matters), and have it find my SSL certs and/or where/how I get the CA root certificates in the right location for this to work?
My server gets ddos attacks. I dig into access logs and I saw that attacker ips doesn't have valid requests headers, like their browser application info or requested url info.I want to close those connections immediately, and if it's possible block those ips for a time period.Can I do that with Apache and iptables?I searched on the internet but couldn't find useful results. Probably couldn't search for the right words.
View 2 Replies View RelatedOn startup - prompt asking for apache certificate password doesn't accept input. Can switch to another tty but can't restart apache due to the port already being bound (suppose I could change ports for apache config after startup but that's pretty ugly and clearly not the right way to address the problem.
View 5 Replies View RelatedI have a Nis server on Suse 11 which is configured using Yast and nis clients on Suse and CentOs .All clients which is on the Suse Os is working fine. But on CentOs , users couldn't login using nis username.I have mounted home directory using nfs in fstab . I can switch to nis users homedirectory only when i am root. But nis users could'nt login on reboot.' ypcat passwd username ' is showing the output . No selinux is enabled in the client .Is there is any problem with Suse server to Centos Client in nis ??
View 2 Replies View RelatedI am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
I used the Center for Internet Security Benchmark for Apache Web Server v2.1 (January 2008) manual.
This is the guidelines I have to follow when installing and configuring Apache...So the problem arises when we get to page:28
Just after running this command: openssl x509 -in url | more
We get this error:unable to load certificate 31352:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
I have a CentOS + Samba server and Windows XP client machines. Users, passwords and permissions are entered on the server machine.users and passwords ( same as on the server ) are entered in the XP client machine.When attempting to access a public file on the server using a XP client machine and the IP address of my server, I am asked a user name and password and none of the already entered seem to work. I cannot access the server file (prompted again and again to enter user name and password). What did i miss
View 7 Replies View RelatedI am running a CentOS 5.6 Server with a website and Forum. The website has a contact form and users can email various people in the organization. I have setup sendmail to send any mails like this to my email address on a Windows machine.The problem is that there emails don't have a header which has the senders original email header. It comes from localhost on my sendmail. How can I get any mail generated from the apache site to ALSO send mail to root on the Centos Server? That way I should be able to see the header and report the spammer or block them.
View 2 Replies View RelatedI am trying to make FTP server on Linux machines(Fedora/Centos) . How can we install and configure FTP?
View 1 Replies View RelatedI recently got a new server. I installed CentOS 5.2. Here's some more info:
[root@thalamus etc]$ uname -a
Linux thalamus.tch.harvard.edu 2.6.18-92.el5 #1 SMP Tue Jun 10 18:51:06 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.
My setup at home.
Openldap server � light.deathnote.net -- 10.0.1.21
client server � vm-centos01.deathnote.net � 10.0.1.7 -- VM on virtualbox
Virtualbox host � L (OS MAC) � 10.0.1.2
router (apple airport extreme) / default gatway � 10.0.1.1
All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.I used these guids to setup my openldap.
[URL]
Below I have included some output from the files I'm using with openldap.
[root@vm-centos01 ~]# tail /var/log/messages
Jul 2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server
[code]....
I have a web server with the specs below and my apache server is being a hog using all my RAM 7gigs or 8gigs of ram. When there is a rush of traffic at once my whole server crashes and I have to reboot apache. The way my site is set up I have a tube script and I use the tube script to host videos on my forum I have 1000 videos on the tube script. I brought a bigger server and more ram because of the down time I been having . I am really trying to figure out why its crashing and using so much ram. I installed eAccelerator didn't seem to help with the apache server.
Intel Quad Core Xeon X3430 (4 x 2.40 GHz, 8MB Cache)
> 2-bay Supermicro Chassis and Motherboard
> 8 GB REG ECC DDR3 (twice your current setup)
> 250 GB Enterprise Grade SATA II
> 10 TB Bandwidth 1gig Uplink Port
> CentOS 64 Bit (Latest Stable)
TOP Command and free -m command screenshots are attached this is with only 160 people online at once
I saw many people were talking about how to optimize apache and mysql here and also in other forums and blogs. I am currently hosting some sites and some IRCD processes (a tiny network)in a dedicated server with spec:
Quote:
Intel Dual Core 1.6GHz E1200
1GB RAM
160 HDD
10Mbits port
We got about 30,000 to 40,000 page views per day. I would like to ask people here about the opinion of apache and mysql optimization based on this server spec and current number of page view.
I have Centos 5.4 installed on my server. Everything works perfect, however sometimes apache does not work properly. When I write my domain to browser it tries to reach the site, however it can't get any result. (There is no "browser couldn't find" error). The browser just tries to get the content.
When I login to my server with ssh using my domain name, there is no problem. (Named works.) When I give the "service httpd restart" command the problem disappears.I looked at httpd log files but there wasn't any problem at that time.I use the API's of the Facebook and Twitter, so there are many Curl requests are made with PHP. Could that be the reason?