Software :: Security In KMail - Importing Digital Certificates?
Jul 22, 2011I would like to do 2 things in kmail.
1- I would like to sign and not encrypt the mail that I sent. How do I do that?
2- How do I import my digital certificate in kmail?
ADVERTISEMENT
OpenSUSE :: Kmail - Certificates Not Applying To Given Host
Feb 13, 2011I updated yesterday. Main change was from kde 4.5 to 4.6. Since then when I start kmail I have always a message about the certificate not applying to the given host. I use kmail to connect to a dovecot imap server. Everything worked fine before. I know very little about certificates. I tried to generate again the certificates (running /usr/share/doc/packages/dovecot/mkcert.sh) but I don't know what else to do.
View 8 Replies View RelatedSecurity :: How To Generate Own SSL Certificates
Mar 27, 2009I am real tired of getting those SSL errors when I go to my intranet. So I am now trying to generate my own SSL certs (go me). I have easy-rsa installed for my openvpn can I use that so sign the csr?
View 2 Replies View RelatedSecurity :: Looking For Documentation For Generating Certificates
May 10, 2011Is there a guide somewhere that covers all the security module topics for Linux, somewhat from top to bottom. Such as LDAP TLS RSA secure auth... generating certs etc etc. All of it and how it all ties together. Sure I can find you should use this etc., or guides that don't explain much or how they work together to complete the sweet. TLD seems to suffer from the same thing that I just stated...
View 1 Replies View RelatedServer :: Alternative To SSL Certificates / Make Self-signed Certificates Work On Most Popular Browsers Without Being Flagged?
Aug 24, 2010I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
Security :: Deleted Certificates But They Keep Reappearing - Openvpn?
Jan 10, 2010Why is that certificates need to be revoked with openvpn?I simply removed them from the keys folder but everytime the client connects it just places the certificates back into the keys folder itself?! Should that be possible?
Secondly, I have a problems etting the revoke command.Is there a known setting on the openssl.cnf file that might cause this?
[root@server]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@server]# ./revoke-full client2
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
error on line 282 of config file '/etc/openvpn/easy-rsa/2.0/openssl.cnf'
21368:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282
code....
Security :: Determine Which PKI Certificates Are Installed On A Red Hat Server
Jan 6, 2011I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
Networking :: Genrating X.509 Certificates / Create X.509 Certificates For Ipsec Vpn?
Jan 17, 2009i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies View RelatedSecurity :: PKI Certificates And Web Browsers / File That Is Being Imported Into The Browser?
Dec 29, 2010We have a web server running apache and a custom web app that we log into from a web browser and it ask you to except the certificate and all is well. I now have an user who is using a window server 2008 and he wants to manually import the *.cer file into his browser to be able to login. My question are:
1 - What is the file that is being imported into the browser? *.pem *.crt
2 - I see on our server that we have our certs I believe located in the /etc/pki/tls/certs. The openRADIUS servers that I have created, this is the directory to where it is stored.Is this the typical placement for certs.
3 -If the files is a .cert or *.pem than could I use openssl to convert them to the appropiate *.cer file for IE7
Ubuntu Security :: Suspected Outdated Or Corrupted Root Certificates
Dec 25, 2010My desktop 10.10 is unable to access SOME https websites from all installed browsers (Firefox, Chrome and Opera). In firefox I get the error message "Firefox can't establish a connection to the server at www.[nameofsite.com]" One suggestion that I encountered was that the Root Certificates were outdated and/or corrupted and needed to be reset.
A Google search came with the suggestion:
Fix the root certificates on your system. Open Your browser and navigate to the following URL. Once at the web page follow the directions to reset your root certificates. [URL]
Unfortunately this website is one of the problem connections. Another PC with a fresh installation of 10.10 does not display these problems.
Ubuntu Security :: Default Trusted Root Certificates In Java 1.4
Feb 20, 2011Which are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedUbuntu Security :: Digital Fingerprinting For Computers And Phones
Dec 1, 2010I read in the WSJ today that there is an effort to fingerprint computers and phones. I understand the business model, I'm concerned that too much information will be floating around.
View 9 Replies View RelatedOpenSUSE :: Kmail Has Disappeared - Getting "if Kmail Is Not Typo" Speech
Apr 17, 2010I have been using kmail on opensuse (11.2) for about 3 months with few issues. I usually launch using alt+F2, type "kma" and it appears top of the list. I have turned on my laptop today and kmail has simply disappeared. I have gone through the ghekko and the only mail client listed is thunderbird. It is not in the alt+F2 menu. If I type kmail in konsole I get the "if kmail is not a typo" speech. I've also tried using kontact (for the first time) to see if my mail appears there
View 4 Replies View RelatedSecurity :: Digital Certificate - "can't Set The Browser Java Is Enabled And So On"
May 10, 2010Girlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says: 'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:
Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside. Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things. The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
Server :: Database Can't Use SSL Certificates?
Apr 19, 2011I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
Debian :: Import Certificates To Whole System
Dec 18, 2010I have enrolled some certificates from my own ca, to use to a couple of different services, like FTP, WEB, Mail etc. All these certificates comes from the same CA (my own), and I have created a root CA. But is it possible to import this root CA to the whole system, so I do not have to import the certificate or root CA to the different applications like iceweasel/firefox, chrome, icedove, filezilla etc.
View 2 Replies View RelatedOpenSUSE :: Konqueror, Localhost And The Certificates
May 17, 2011I have the following problem with konqueror. Eveytime when I am trying to enter https://localhost:10000 (this is webmin) or https://localhost:631, konqueror asks me in a popup the following (translated from german):
"The authentification of the server has failed.The certificate does not suite to the server. The certificate has not been signed by a trustable authentification authority"
Then I press "continue". Then the next popup appears asking me: "Do you want to always accept this certificate without any request" And the possible buttons are "always" or "only this session". The problem is that I always press on "always" but obviously konqueror is not remembering this certificate since I have to press all the buttons a hundred times in the ongoing session and every new session. In firefox, I was only asked once and the certificate was stored in list. Does anyone know how to fix this problem in konqueror??
General :: Add Self-signed Certificates To Different Browsers?
May 16, 2011How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies View RelatedUbuntu :: Citrix Certificates - SSL Error 61
May 28, 2010I just installed Citrix to my computer but when I try to use it I get an error message saying:
"You have not chosen to trust "Equifax Secure Global eBusiness CA-1", the issuer of the server's security certificate (SSL error 61)."
So I downloaded the certificates to allow me to use it but I am unable to copy them to the /usr/lib/ICAClient/keystore/cacerts/ directory, I cant download them straight to that folder either. I have administrative privileges but still I cant do anything with the files in those folders other than look at them. How to put files in those folders?
Networking :: Run OpenVPN Without Keys Or Certificates?
Jul 31, 2009Is it possible to set up an OpenVPN without having to issue keys or certificates.All tutorials I found seem to use them.
I want just a basic username/password approach - I don't care that much about security obviously but is it at all possible?
Networking :: How To Configure SSL Certificates (CSR Files)
Jul 13, 2010Does anyone know how to configure an SSL cert with GoDaddy? On the following squid page it seems to use x509 and PEM format for everything. GoDaddy seems want CSR files to issue the cert. The x509 & PEM combo don't seem to generate these CSR files in the correct format. Does anyone know the openssl commands to generate the files and the config line(s) to put in squid.conf?
I started from this wiki: [URL]
I also tried following this godaddy wiki, but it was for apache and not squid [URL]
Server :: Multiple SSL Certificates On Apache
Apr 4, 2010I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
Slackware :: Kde 4.3 Won't Store / Save Ssl Certificates?
Jan 25, 2010After the Sun Jan 24 20:22:46 UTC 2010 update in slackware-current (x86), I am unable to store SSL certificates until "Forever" when asked if greeted with an unknown certificate under KDE. No application can save the certificates eg.: konqueror, kmail etc... I am aware that the above mentioned update didn't bring any updated KDE applications/libs, but still, this has stopped working right after this upgrade. The certificates can be accepted, and after doing so everything works as expected. The only annoying thing, is that although I have selected to trust the certificate "Forever", it asks again after an application restart (eg. konqueror, kmail) if I want to trust this cert forever or for the current sessions only. So it seems, that I can not store/save/trust the SSL certificates forever with KDE.
View 1 Replies View RelatedDebian Installation :: Ca-certificates Fails During OS Install
Mar 1, 2016I'm trying to install Debian Jessie, but the installation keeps failing when installing the ca-certificates package and then asks for a media change to the disk that is already in the drive, and keeps asking even though it's already in the drive.
View 0 Replies View RelatedDebian :: Router Configuration And Certificates Warnings?
Apr 19, 2011I've just bought a Linksys WRT610N router and I ran through various problems during the configuration, that brought some questions.Here is what I did to configure it (following the short manual that I got with the router)1. plugged the router in my modem and in my computer via ethernet cables2. entered its IP address (given on the manual) on my browser and logged in with the factory login3. changed the login passwordAfter this the problems that I have encountered are that:I set up the administration of the router to be disabled via wireless and enabled locally via https, but when saving those settings I either lost the connection (the browser telling me the server was not accessible) or asked confirm a security certificate after being (logically) redirected to the https version of the administration pageafter trying to loggin again, I wasn't able to login via https but only via http even if after logging those parameters were still as I set them (wireless administrative login disabled and local administrative login enabled only via https)
via https when getting something else than "the server is not responding or could be too busy", I was prompted the untrusted connection site, saying that"192.168.1.1 uses an invalid security certificate.The certificate is not trusted because it is self-signed.The certificate is only valid for Linksys.The certificate expired on 01/01/71 01:21. The current time is 19/04/11 22:56.(Error code:sec_error_expired_issuer_certificate)"I noticed that after loosing the connection and not being able to reach the router either with http or https, the only way I was then able to reconnect to it was to go into (I am using firefox 4 on squeeze) edit > preferences > advanced > encryption > view certificates > servers and delete the linksys certificate
Debian Configuration :: Replace Snakeoil SSL Certificates?
Mar 2, 2010It appears that on Debian (Squeeze) that when I install Postfix MTA, it looks like it uses a default Debian SSL certificate:
root@mail:~# postconf -n | grep -i snakeoil
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
My question is it safe to remove these and re-create my own with openssl?
cd /etc/ssl/certs
openssl req -new -x509 -newkey rsa:2048 -days 3650 -keyout mail.key -out mail.crt
openssl rsa -in mail.key -out mail.key
mv mail.key /etc/ssl/private
Will this impact my Debian system any or will it work fine? Do you guys have any experience with this? I would rather try generating them myself and change it from 1024 to 2048.
Ubuntu Servers :: Certificates For Both WWW And Root Domain
Mar 1, 2011I am in the process of securing our web server (apache) using openssl generated certificates. Is it possible to generate a certificate for both www.example.com and example.com?
View 4 Replies View RelatedGeneral :: Apache, Https & Certificates Per Directory?
Nov 23, 2010I was wondering if it is possible to have different certificates for different directories in a https-directory ?So what I want is that for a specificry a specific TLS-certificate is needed by the http-client to be authorized to the directory.Directory /var/www/html/secure/1 needs a certificate A.Directory /var/www/html/secure/2 need a different certificate B.So I have 1 CA, which signs the other certificates of the specific directory. The http-client gets the certificate A or certificate B (to be authenticated for secure/1 of secure/2)
View 5 Replies View RelatedServer :: Client Certificates In Vsftpd: Require_cert Is Ignored?
Jun 28, 2009I have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
Server :: SSL Certificates And Virtual Hosts On Apache
Jan 9, 2011I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies View Related
