I am currently using vsftpd with ssl support.Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.
View 2 RepliesAny clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies View RelatedI have just generated a new ssl key on my ftp server with the following command
Code:
I then put my new key onto my file server and attempted to connect to the FTP and it failed (this did work before with the default key).. I use curlFTPfs to mount the FTP directory locally as /ftpbackup, below is the command and the output.
Code:
Error connecting to ftp: server certificate not activated yet. As you see it gives an error about the certificate not being activated, I have looked this up and cant find a way to activate it.
Below is the contents of vsftpd.conf on the ftp server
Code:
i've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
[Code]...
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View RelatedUbuntu Jaunty Server connected via eth0 to a Billion residential ADSL router. I've locked the server MAC address to a specific IP in the router and set the DHCP renewal times to the longest possible times. For a certain number of days, the server will remain connected to the router, but then for some reason (the last time it was after about a month), the server loses it's connect and dumps into syslog the following:
Code:
Jun 2 17:10:15 defiant dhclient: DHCPREQUEST of 192.168.1.105 on eth0 to 192.168.1.254 port 67
Jun 2 17:11:26 defiant dhclient: last message repeated 5 times
[code]....
I used a self assigned certificate openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 i followed configurations from th below website [URL].. On my outlook client p.c`s whenever connecting for the first it pops up a message telling mi tht my certificate on my server cannot be verified then it continues after click yes.
How do i do away with tht message other thn buying trusted certificate Or refer me to a good site with Ubuntu mail server configuration which makes uses of mysql
these are the lines in my /etc/dovecot/dovet.conf file
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
In my httpd log I always get this recurring error
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[warn] RSA server certificate CommonName (CN) `srvspam' does NOT match server name!?
I have a requirement of using a wildcard certificate for 5 subdomains running under apache httpd server and 1 subdomain under tomcat.Is there any possibility of using the single wildcard certificate both in tomcat and apache
View 3 Replies View RelatedI have CentOS Directory Server running on CentOS 5. I try to add certificate, issued by our CA. I made an certificate request, and I got the certificate. I installed it, but I forgot to install the CA Certificate. Now I got the following error:
View 2 Replies View RelatedI have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I am trying to install SSL certificate on my server.It is apache2, but I cant find the folders in which to install them.
E.g
ssl.key/
ssl.crt/
What should I do to get it?
Security Type: WPA2-Enterprise
Encryption Type: AES
Network Authentication mode:
Microsoft: Protected EAP (PEAP) - Unvalidated Server Certificate
User must authenticate log-on. Its a wireless network. how to set this up for Ubuntu.
I have two Web server (RHEL 5.3) as cluster. i want to get a certificate for website. do i need to get two certificates for a website?
View 2 Replies View RelatedI am trying to implement a payment gateway, I have got a crt files from them, i have to add them into our trusted list so that we can establish a SSL handshake.i.e "Importing an SSL certificate into keystore" I dont have any idea on this one, can any one help me on this, my server is a ubuntu and runs apache as webserver.I am trying to use this in a soap request..An error occurred during a connection to ws.payconnexion.com:1401.
SoapFault exception: [HTTP] Could not connect to host in /var/domains/mywebroot/file/testpaymentmine.php:71
Stack trace:
[code]...
I install debian, I when I restart apache2, I got this error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?
How can I modify the commonName of the RSA server certificate?
does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
View 1 Replies View RelatedI'm try to start certificate authentication from my web site..
vhosts.conf for httpd:
<IfModule mod_ssl.c>
<VirtualHost 127.0.0.1:443>
ServerName ca.asu
[Code].....
OS: CentOS 5.3
vsftpd ver: vsftpd-2.0.5-12.el5_3.1
I installed vsftpd server in one of my servers using "yum install vsftpd" command. NFS server is running in the other server and mounted as "/data" in this FTP server. root in FTP server has also root authority in NFS server. All the files and sub-folders under "/data" in FTP server have 755 or 766 mode. Even I modified vsftpd setting to allow root login.
When I login as root to FTP server with FileZilla client, I can see all the file list in root home directory and move to /data directory. I can download any file in a local HDD but I can not download any file in /data directory.
I have a Red Hat Enterprise Linux 4 server on my network & that I inherited with no documentation what so ever and it has an application called 'Clearquest' installed from IBM. This application uses some proprietary web server that gets installed with the 'Clearquest' application. My problem is I need to find the SSL certificate the web server is using. If this were Apache, I would look in '/etc/httpd/conf.d/http.conf' but there is no Apache software installed. Can someone please assist me in a way I can look through the RHEL 4 server for any trace of the SSL certificate. I don't know the actual name of the certificate but I know the server is rendering it on the web. When I type the address of my server in the URL field, I can see the servers SSL certificate. Now how I can find that certificate path / location on the server itself?
View 1 Replies View RelatedWe installed 3 new rhel 5.5 systems yesterday; each of which are generating this error " Error: certificate verify failed" in response to a basic "yum update". From what I can gather, via a general search, this may be isolated to x86_64 -- however the references I found were specific to Satellite Server (which we are not using). Never the less, I checked the PATHs for the cert and they are correct. All of our 32 bit systems are running RHEL 5.5 and this is not a problem on any of them.
View 6 Replies View Relatedpls tell me complete configuration of vsftpd server on redhat 5
View 1 Replies View RelatedI just upgraded my Ubuntu Server from 10.04 to 11.04. I am having issues with the ethernet connection upon boot. The connection will blink slowly and not stay connected to the network. If I then unplug the ethernet from the switch and then replug it in, eth0 will get a steady connection, at which point I have to run the following command to get everything working.
Code:
sudo dhclient eth0
After running the command I have no issues with the ethernet connection.
lshw -C network
Code:
*-network:0
[Code]...
I have an Internet connection with a Webstar cablemodem by Scientific-Atlanta Inc. DCP2100 series.I'm running an unstable distribution of Debian with the 2.6.32-5-amd64 kernel.I have installed JDownloader and works great, but I couldn't configure the reconnection features.What I need is a simple executable to run a script to change my IP adress, if possible. An specific tutorial could just be great for me to learn.And if you can't do this in linux as well as in XP, I'd really appreciate to inform me about it.
View 14 Replies View RelatedI just realized that since I reinstalled slackware on my laptop, the machine is not obtaining an IP from my router during the startup proccess like it used to do before.
Now I see something like:
Code:
dhcpcd: eth0: waiting for carrier
dhcpcd: eth0: timed out
dhcpcd: eth0: waiting 8 sec
and it fails. After I login in KDE, I need to manually renew (or acquire) an IP. Issuing the command
[Code]...
I am wondering, what are the merits of staying with an LTS release versus the renewal of the system by upgrading to a new release? Certainly, staying with an LTS release isn't going to be more or less dangerous than upgrading to a new release that specifically addresses security issues. With Lucid Lynx coming up this spring, should I try sticking it out until the LTS after Lynx, or keep upgrading regularly?
View 9 Replies View RelatedOver the last few weeks I have rapidly been coming up to speed with all things Kerberos and I'm pretty much sorted apart from one thing. On our Solaris machines I can use the 'ktkt_warnd' daemon to automatically renew user's tickets up to the maximum renewal time of the ticket.
However, I'm not sure how I do this on our Linux machines (Red Hat Enterprise 4). Does anyone know of a daemon for Linux that provides the same sort of functionality?
I made a "test" server recently, put a samba + apache + vsftp server on it. The first 2 work but the VSFTP server is troubling me. On my lan it works. but on a wan: My ISP blocks port 21 so I changed it to 2200, my friend tried to connect earlier (With "ftp://myip:2200") and he had to type in a name and password, he did that (I made him an account)he got 425 failed to establish connection. Now I Re-installed vsftpd again, did the exact same thing and now it just wouldn't connect. saying the webpage can't be found. Question 1: What should I do to let a user acces from outside of my LAN? I think it's because of passive mode: but I have no idea what ports I should open for passive mode? My ftp port is 2200.
FileZilla tells me.
Entering passive mode
Command: List
And than that it can't find directory's
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies View Related