I just upgraded from Ubuntu 8.10 to 9.04. I installed Webmin 1.470 but when I tried to run it from Firefox 3.09 I got the following message.
localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer).
Never had this problem with Ubuntu 8.04.
Got F13 installed yesterday, this afternoon I suddenly started getting Secure Connection Failed warnings. I'm not sure whose problem it is because it mentions uses an invalid security certificate.This certificate is only valid for *.opendns.com(Error Code: ssl_error_bad_cert_domain)It continues to say that someone could be impersonating the actual server. I am still receiving mail through google and my google calendars seem to be working. I do use OpenDNS for my DNS instead of my ISPs (Comcast which would very often slow down) and obviously I use IMAP mail with google on Thunderbird. So is it google, or OpenDNS, or Thunderbird that has a problem. Firefox does not seem to have a problem
View 2 Replies View RelatedAt the login webpage of <[URL]>, the Time Warner Cable (TWC) Webmail site, I am immediately confronted with a warning that the Security Certificate is invalid & that the site is untrusted. This occurs with Firefox, Seamonkey, & Konqueror. This does not occur on Microsoft or Apple systems; I have checked other colleagues machines. I have manually overridden the warning & everything functions fine. I have contacted TWC & am awaiting their tests. But, I would like some independent corroboration from other users in the Linux community. Could some of you perform the test yourself on this URL? An error will be readily apparent.
View 14 Replies View RelatedI get an Untrusted Connection error when I visit this site to login into my GRE account, and I cannot add it as an exception, in Mozilla Firefox 4.0 on Ubuntu 11.04. When I visit the site using Chrome, I have no issues. Is this a bug in Firefox's certificate management? I'm using Ubuntu 11.04. I do not get this error in Windows' Firefox 4.0.
View 3 Replies View RelatedI had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.
View 9 Replies View RelatedMy organization just moved to using a zscaler proxy system. Basically, I have to use a .pac file in Firefox to get onto the proxy, which directs me to a series of two Flash pages, one to input my username, one for the password. After reading through the .pac file, I was able to get some command-line things to work by specifying the proxy given at the end. However, this server uses an SSL certificate that is not emitted by an authority, but rather directly by our organization. In Firefox, I had to import this certificate to enable https:// browsing.
Is there any way to "import" this certificate so that yum can use it? Because yum freezes with the error:
Code:
Could not get metalink [URL] error was
14: Peer cert cannot be verified or peer cert invalid
I'm at the AirPort. I can't connect with Linux but can connect with Windozzze. In Linux I get: You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number (Error code: sec_error_reused_issuer_and_serial). The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
The airport requires that one look at a login message and agree to its terms before making any other connection: that's what I can't get and can't get further. Up-to-date Slackware, latest kernel (self-built), Atheros wireless chipset, eMachines e725-4250 laptop. I've connected here before, always in Linux.nl. Who's objecting? This is in Firefox the only browser with Javascript I have. What certificate are they talking about? I just downloaded Opera: it works. It detects the defective certificate and asks if I want to proceed. How do I get Firefox to do that? Should I move this message to a different forum?
I am trying to get the hello world example to work on my fedora box I have all the compilers etc I have followed the example [URL]... it all goes fine untill 5 I type in the command: java HelloServer -ORBInitialPort 1050 -ORBInitialHost localhost& and it says invalid arugment helloserer
[code]...
then it states the compiler usage.
Fixed. Follow the instructions below if you can't add computers through the FAQ method.bLogin to Ubuntu One on the website, open a terminal and type
Code:
u1sync --authorize
Press enter and a window should open redirecting you to one.ubuntu.com, if you are already logged in. Every time I try to login to U1, or add any computers to it, it gives me this error. I've tried removing cookies,history, etc. but it still doesn't work. Not even on a Windows machine using IE or Firefox.
Also, I can't add any computers to U1, as Firefox won't connect to http://localhost:37111[URL]... Tried resetting my hosts file, doing the things listed here, even in the Gnome proxy settings. Still no luck.
I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies View RelatedHaving read how a private company is providing governments (and probably criminals) with a box that can listen in on SSL traffic by the use of forged CA certificates - [URL]. It turns out there's already a forged certificate in Firefox 3.6.
Go to Edit>Preferences>Advanced>Encryption>View Certificates and look for 'Equifax Secure Inc.' - You should see a proof-of-concept rogue certificate called 'MD5 Collisions Inc.' and a link to phreedom which explains the method used to generate it. That little lock doesn't necessarily mean that you're safe...
I am having issues with using OpenSSL. How do I view the currently used certificate? Also, do you know of a good site that has instructions on how to install a certificate. The previous user installed a GoDaddy cert for an FTP server and I need to update it because it's expiring real soon.
View 10 Replies View RelatedHow can I add an existing certificate (pem format) as trusted in Fedora via the command line?Do I have to copy the files to a certain keystore? Where does Fedora store the trusted certificates
View 2 Replies View RelatedWhen running MUTT on a RHEL 5.4 box, I get the message:
------------------------------------------------------
Server certificate has expired
This certificate belongs to:
localhost.localdomain
Unknown
SomeOrganization
SomeOrganizationalUnit
[URL]
I choose "accept always", but the same message appears next time. I do not wish to have a certificate requirement for MUTT and did not intentionally set the program up to include this feature. How can I get rid of it? My second choice would be to get a new certificate, but then I have to go through this every year. I have MUTT working on two other servers and this does not happen.
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies View RelatedFirefox 3.6.12 on Ubuntu 10.10 on my desktop computer is reporting a "this connection is untrusted" error for sites that have security certificates provided by COMODO. Yet, the same sites work fine in Firefox 3.6.x on Windows XP, or Chromium in Ubuntu. Here is the more specific message: "The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)" The issuer is listed as "COMODO High Assurance Secure Server CA." Here are some examples that throw this error for me:[URL]... It appears that there was some controversy with COMODO and Mozilla (due to bad behavior by COMODO) in the past, but all I can find on that indicates that this should be not an issue any longer.
Anybody with ideas?
I want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies View RelatedThe problem is here:When I was open gmail in my system Certificate Error is coming. The error details:
This Connection is Untrusted You have asked Firefox to connect securely to url, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
code....
Occasionally my machine displays the following warning whenever left to itself for an hour or so. "www.windowsvistatestdrive.com:443 uses an invalid security certificate. The certificate expired on 09/16/2009 10:52 AM. (Error code: sec_error_expired_certificate)"
I am not trying to access this site. It is not always the same url. My machine, described below, is networked to an XP machine which recently had to be recovered after a viral attack. Since I am not usually interested I decline to use the certificate and the warning goes away.
I'm trying to set up Apache to do test dev, so I don't have a "fully qualified domain". If I enter the hostname as the ServerName in httpd.conf when I restart httpd I get the error_log message:
PHP Code:
[code]...
Sometimes I can get it to work, but it won't run on boot and right now even when service says httpd is running I can't reach it from another computers browser.
I am trying to renew the existing SSL certificate by using genkey for our shopping website. i havent seen any information how to generate a new certificate for. Is any one could tell me how to change SSL certificates?
View 4 Replies View RelatedWhile investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.
Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies View Relatedi was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
Let's say you have a host with some kind of locally installed root kit detector/scanner.
If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?
Girlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says: 'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:
Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside. Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things. The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
this is not on the master node, but rather the node that is being replicated to. The problem occurs when i query using ldapsearch or an `getent passwd` EG ldapsearch:
Code:
[root@cakeslave ~]# ldapsearch -x -b 'cn=Christian Unger,ou=People,dc=example,dc=org' -D "cn=replica,dc=example,dc=org" -H ldaps://cakeslave.example.org -w cakewalk
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[code]....
The cacert.pem in /etc/ssl/certs and /etc/openldap/certificate are identical (check using md5sum). I have done an strace and found that it looks at /etc/pki/tls/cert.pem .
I am trying to figure out what command to use to show the number of DROPPED and INVALID packets that the firewall is handling.I'm going to put these commands into a log analyzer script which will run every 15 minutes with cron. The firewall is running and operating the way I want it to. I'm running CentOS 5.4.
View 2 Replies View RelatedI have recently installed Fedora 14 on a new computer we presented as a gift to my sister-in-law. She is new to Linux. Although I've used Fedora since Core 1, I'm no expert on security issues, and this baffles me. She's doesn't know how to change the root password, so why doesn't it work any more? She discovered the problem when attempting a yum update from a terminal.(1) How could the root password have gotten changed? How likely is it that someone got onto her system through ssh, made a lucky guess on her root password, and then changed it? Are there robots that do this?
(2) The firewall is enabled. I have it set up as follows: (a) under "Trusted Services," only ssh is checked (I need to be able to get in remotely this way); (b) under "Trusted Interfaces," I have eth0 checked (I need to be able to use VNConto her desktop).Question: Are these settings giving ample protection? What settings would be recommended to protect her system while at the same time allowing me to access it through ssh and VNC?
i install from
yum install rkhunter
rkhunter 1.3.6-4.fc12
Invalid XINETD_CONF_PATH configuration option - non-existent pathname