Ubuntu Security :: Verisign Cert Not Trusted?
Jan 28, 2011I'm trying to access a Verisign signed site [URL] and getting a certificate not known error when I do. Do I really need to import Verisign? If so, how?
View 6 Replies
ADVERTISEMENT
Ubuntu Security :: SSL Cert And CSR - Generating An HTTPS Cert For Apache And / Or Mail Access?
Aug 9, 2011I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
Ubuntu Security :: Removing 'trusted' Keys Ssh?
Feb 19, 2010I've installed the ssh server on my Ubuntu desktop and the very first time I accessed the server from my laptop, it got a message asking me whether to permanently add the key of the server. After I added this, it gave me a message saying that the key had been permanently added. My question is how do I remove this key? I just want to know how to do this because I'm going to disable password based logins and I want to start anew.
View 6 Replies View RelatedFedora Security :: Login Webpage Is Not Trusted (ISP)?
Nov 29, 2009got this message during my login to my ISP webpage broadband , this first time i got thisQuote:
You have asked Firefox to connect
securely to ******, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
[code]....
Ubuntu Security :: Default Trusted Root Certificates In Java 1.4
Feb 20, 2011Which are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedUbuntu Servers :: Installing Ssl Cert On Portal Server Behind Security Router
May 27, 2010I've setup OpenVPN-ALS (formerly known as Adito) on Ubuntu Server 10.04 edition. I have a security router (Untangle) in front of my internal network. I have a domain name and an SSL Certificate setup on our security router. I can access our web interface on our security router with no problems.
I've setup a portforward rule on our router to access this OpenVPN-ALS portal and I can access it, but I get an invalid certificate message. So I've bought another SSL certificate to install our our Portal, but I'm getting an error message when I enter in our information at the provider where I've bought the certificate.
Common Name does not contain fully qualified domain name. I'm not sure what the problem is. Do I use the hostname I've setup on the portal or do I use the hostname on my security router when I setup the SSL certificate on our portal?
Security :: Can't Import A Cert - Signed With OpenSSL- Into A Java Key Store Using Keytool
Feb 11, 2011When I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server
openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA
openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key
keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
Ubuntu Servers :: Trust New Verisign Root - Getting The Handshake Failure Error ?
May 9, 2011I need to trust a new Verisign Root cert, I have uploaded it to the /etc/ssl/certs store but I am still getting the Handshake failure error when WorldPay call back to my site..
Quote:
I believe I still need to create a sym link? So I followed this article but I get an error..
Quote:
I have also tried update-ca-certificates.
I'm using Ubuntu 8.04 LTS.
Ubuntu Servers :: Web Authentication Using Client Cert?
Aug 6, 2011I am running a ubuntu server and want to host a web application (php/mysql based) however I dont want to use usernames and passwords for authentication. I'd like to use a client certificate. The military uses similar technology using the CAC card to provide the certificate for authentication.
not sure if this would be done using the apache modules or if php would be a better place to play with this
Ubuntu :: Transfer A Tiny CA Cert To A Windows Server 2003?
Apr 14, 2010At work we are trying to avoid paying for a cert for our outlook owa. I thought of Tiny CA, but can't find a windows variant, it appears to depend on things that would not allow that.
Does anyone know if it is possible to create a Tiny CA Cert and install it on a Windows Server 2003? If not does anyone know of a good free Cert creation utility for Winedoze.
I have a feeling this is going to be another feather in the basket to convince my boss to go Ubunutu.
Ubuntu :: Sabayon User Manager Launchers Not Trusted?
Jan 30, 2010I'm working on setting up a computer lab for my kids' school, and am planning to use Ubuntu LTSP and Sabayon User Manager to lock things down.
When I edit a profile in Sabayon, and create the default desktop icons I'd like them to have (Firefox for example), when the user logs in the icon is generic and when clicked says:
"The application launcher Firefox.desktop is not marked as trusted. If this application launchers source is unknown to you then it may be unsafe to launch."
If I click "Mark as Trusted", the Firefox icon pops up and all is well. However whenever a new user logs in, they have to go through this process and I'm worried it may confuse them.
Why are application launchers created by Sabayon not trusted by my LTSP users?
Ubuntu 9.10 by the way.
Fedora Servers :: Building A Cert From A CRT File?
Feb 8, 2010I need to build a cert from an CRT file/
View 1 Replies View RelatedOpenSUSE Network :: Reinstall Ssl-cert Package Again?
Apr 5, 2011I removed using yast the package "ssl-cert". At this point yast2 started throwing the error:
Code:
Download failed:
Download (curl) error for 'https://nu.novell.com/repo/repoindex.xml?cookies=0&credentials=NCCcredentials':
Error code: Unrecognized error
Error message: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
And of course a redownload and install of ssl-cert is not possible,I get the same error So I tried downloading and installing the openssl package by hand, but still I got nowhere Does anyone knows how to reinstall this ssl-cert package again??
Server :: Setting Up SSL Cert - 404 Error Not Found
May 18, 2010I'm having some problems setting up SSL certs.
Here's what I've done...
In the file ssl.conf I have (along with all the normal stuff):
Quote:
But, when I navigate to url], I get a 404 error (not found).
My SSL cert is with GoDaddy. I created the key and a csr file, for which GoDaddy supplied me with the files mydomain.com.crt and gd_bundle.crt. I placed all the files where they should be, and restarted Apache.
And... 404. No errors on Apache restart.
The cert still seems to be showing up as localhost.localdomain:
Quote:
When I go to [url], I'm told the cert is still a "self signed" cert (out of date, by the way).
The GoDaddy "help" on this (such that it is) is here: [url]
Debian :: Add A Key To Apt's List Of Trusted Keys?
Jun 16, 2011how to add a key to apt's list of trusted keys, there might be something I've missed but I don't think so.
View 7 Replies View RelatedFedora :: Use Yum Install Openvpn And I Am Stuck On How Can Input A Cert And Run The VPN?
Jul 3, 2009I am new and I need help to install VPN. I have use yum install openvpn and I am stuck on how I can input a cert and run the VPN.
View 5 Replies View RelatedDebian :: Having A Mixture Of Trusted And Untrusted Repositories?
May 29, 2011I have a repository that isn't signed (and would be a pain to get the administrator to sign)need to use APT::Get::AllowUnauthenticated to install anything from this. However, packages from this repository may have dependencies that I want to download from the main Debian repository and I don't want to install these if can't be authenticated.Is there any way to configure apt-get to allow packages to be unauthenticated from one repository, but forces authentication for all others or am I forced to manually download the dependencies and install myself in this scenario?
View 4 Replies View RelatedGeneral :: Add PHP User As Trusted Sender In Sendmail?
Jul 7, 2010I have a mail script that has been running on my website for several years. One problem I had with the script was when a bad address was put in, the mail was rejected to the server rather than to the sender. I have now recently added a fifth parameter to the mail script using the -f sendmail option to set the return path.
PHP Code:
$mailsend=mail("$email","$subject","$emess","$ehead","-f$adminEmail");
The PHP manual says this:
Quote:
The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users. I do have the 'X-Warning' header on e-mails sent with this script and have asked my server administrator for some help in adding "the user that the Web server runs as" as a trusted user.
Server :: Add A Certificate To Trusted List / Keypool?
Jun 8, 2011I am trying to implement a payment gateway, I have got a crt files from them, i have to add them into our trusted list so that we can establish a SSL handshake.i.e "Importing an SSL certificate into keystore" I dont have any idea on this one, can any one help me on this, my server is a ubuntu and runs apache as webserver.I am trying to use this in a soap request..An error occurred during a connection to ws.payconnexion.com:1401.
SoapFault exception: [HTTP] Could not connect to host in /var/domains/mywebroot/file/testpaymentmine.php:71
Stack trace:
[code]...
Server :: Sendmail - Trusted-users Or Aliases ?
Jul 27, 2011For a project that I have been assigned to, I need to send emails to a business partner(business_partner.com) from one production server. However, my emails neither reach their destination nor bounce back to me.
Working with our business partner's IT support, the following error was discovered in their maillogs:
Quote:
Further analysis by my IT support shows that emails are successfully sent out ("Message accepted for delivery"):
Quote:
The app I coded is not using a public internet email address (e.g. me@hidden_domain_name.com) to send these notifications.
Instead, it uses an intranet email address (the server's where my code resides: user_name@servername.hidden_domain_name.com).
We created an alias but it made no change. Would adding my public internet email address to "trusted-users" file (we use sendmail)
Software :: No Ultimately GPG Trusted Keys Found
Oct 16, 2010I am unable to get a key from keys.gnupg.net using:
Code:
gpg --keyserver keys.gnupg.net --recv 886DDD89
the above command returns
Code:
gpg: requesting key 886DDD89 from hkp server keys.gnupg.net
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
EDIT: Correction: was able to get "A" key; however, its shows as
Code:
requesting key 886DDD89 from hkp server keys.gnupg.net
gpg: /home/mrmunkey/.gnupg/trustdb.gpg: trustdb created
gpg: key 886DDD89: public key "deb.torproject.org archive signing key" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
and a search shows:
Code:
W: GPG error: [URL] lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 74A941BA219EC810
I would rather make sure and get it right. I can see some keys located here at the tor project site. Another issues, I have been having issues with gpg keys for at least a month now.
OpenSUSE Network :: Nagios Won't Monitor Service With Self Signed Cert
Jan 14, 2011Updating my install of OpenSUSE from 11.0 to 11.3 and notice that the Nagios network monitor can no longer probe servers with self signed certs.It appears to be any monitor that used openssl 1.0.0 has an issue. If I install the openssl 0.9.8 libraries and use old plugins linked against it, they work fine.
View 9 Replies View RelatedServer :: UCC SSL Cert Error - Key Values Missmatch - On Remote Servers
May 4, 2010I have a Godaddy UCC (Multiple domain) certificate for the following domains:
example.com
upload1-example.com
upload2-example.com
The rsa was generated from example.com server using example.com as CN Common name.
GoDaddy's website adds the extra names to a CSR you provide, does the checks and grants the cert.
My problem is that whilst the certificate works fine on the server example.com (from which the csr was created), it comes up with two errors when restarting apache on remote servers.
1>> Certificate common name does not match server name
2>> SSL Library error - check private key:key missmatch.
I donn't understand how these keys could ever work as no reference to the private keys of the remote servers is ever used in creating the UCC certificate.
Fedora Networking :: Add Custom Trusted Services To Firewall?
Jan 20, 2010I'd like to have an easy way to configure firewall, e.g. eable/disable what mythtv needs, or enable/disable what mediatomb needs. Basically open/close a few tcp and/or udp ports for all interfaces (I have two), or just one of them.
Is there a way to add my own trusted services for the firewall?
Other recommended ways to do that? Or just write a simple shell script?
General :: CPU Comparison - Trusted Source That Compares Performance?
Dec 5, 2010How to compare CPUs? Is there a trusted source that compares cpu performance?
View 4 Replies View RelatedServer :: Junk Email - How To Make Address As Trusted
Nov 12, 2010I have a domain address and I keep my website in the server at my home. I use bind for DNS. I opened an email address for myself, but when I send an email to for example hotmail, gmail, it signs that as junk or spam. How can I make this address as trusted?
View 7 Replies View RelatedOpenSUSE :: Import Root CA Into System Wide Trusted Store?
Aug 27, 2010I have my company's CA root.crt certificate and I would like to import into openSUSE 11.2 so every application could trust this authority. Is there any instruction for this procedure?
You know, something like you can do in Windows: just click certificate and there is a button "Install certificate"
Where is system certificate store in openSUSE?
Red Hat / Fedora :: Creating Trusted Connection Between Machines For Shared Accou
Jan 20, 2011I tried to create trusted connection between two machines (named "master" and "node1") for shared account, but no luck. what I had done are as follows:
1.create user account "tester" in "master"
2.set NFS server configuration to have RW for /home/tester for "node1"
3.create user account "tester" without creating home dir in "node1" with same userID and groupID as the one in "master"
4.create dir "homester" in "node1" and mount to "master" (mount -t nfs master:/home/tester /home/tester).in master node: ssh-keygen -t rsa
5.generate authorized_keys in "node1" (details not shown)
but it is not working, if I don't use home/tester as shared dir, and two machines have their own /home/tester , the trusted connection gets created and scp works fine. can we create trusted connection for shared account, if yes, how and did I do miss anything.
Ubuntu :: Citrix Receiver 11 And That Error 61 "not Trusted Certs."?
Mar 22, 2011Have extensively Googled and searched on here, but with no success. We have a MYPC service at our company, but our support staff have been well trained in the phrase..."we do not offer support for Linux", but the MYPC service that we have did work recently under Ubuntu 9.04 that I had at home, however since upgrading both my laptop and desktop to 10.10 and 10.4 respectively, neither now work when I use the Citrix 11 Receiver client.
I get; "You have not chosen to trust "GeoTrust Global CA", the issuer of the server's security certificate (SSL error 61." So I got, what I thought were the relevant certificates from [URL].. tes/index.html (see image for a list of certificates) but still no joy. whilst I don't want to call my support department, I wonder if they have taken a conscious decision to block access to the MYPC system from anything other than Windows OSs?
Server :: Setup An Ssh Server That Doesn't Require A Username,password Or Cert To Login?
Jun 22, 2010Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login?I wish to provide shell access to a console program, which will prompt for a username and password.Encryption is essential though, and users must not be able to snoop in on each other
View 9 Replies View Related
