Search Results

Search found 768 results on 31 pages for 'rsa'.

Page 20/31 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • Agent admitted failure to sign using the key.

    - by Delirium tremens
    .ssh dir is chmodded 700, id_rsa.pub 600, id_rsa 400. I ran ssh-keygen -t rsa, imported key to launchpad and ran bzr branch lp:unity, but got error message: Agent admitted failure to sign using the key. Permission denied (publickey). bzr: ERROR: Connection closed: Unexpected end of message. Please check connectivity and permissions, and report a bug if problems persist. auth.log: Nov 28 20:23:13 ubuntu sudo: deltrem : TTY=pts/0 ; PWD=/home/deltrem/Documentos/repositories ; USER=root ; COMMAND=/usr/bin/bzr branch lp:unity Nov 28 20:39:01 ubuntu CRON[2959]: pam_unix(cron:session): session opened for user root by (uid=0) Nov 28 20:39:01 ubuntu CRON[2959]: pam_unix(cron:session): session closed for user root Nov 28 20:41:04 ubuntu gnome-screensaver-dialog: gkr-pam: unlocked login keyring

    Read the article

  • How to check sshd log?

    - by Eye of Hell
    Hello. I have Ubuntu 9.10 installed with sshd and i can successfully connect to it using login and password. I have configured an RSA key login and now have "Server refused our key" as expected. Ok, now i want to check sshd log in order to fingure out a problem. I have examined /etc/ssh/sshd_config and it have SyslogFacility AUTH LogLevel INFO Ok. I'm looking at /var/log/auth.log and... it's empty O_O. Changing Loglevel to VERBOSE helps nothing - auth.log is still empty. Any hints how i can check sshd log?

    Read the article

  • How to publishing access DB to https SharePoint2010 site with self-signed certificate

    - by ybbest
    If you are having troubles (shown below) when you publish your access database to https SharePoint2010 site with self-signed certificate. Problem: First you are getting a warning see the screenshot below: And then getting the error message: Solution: The error “The name of the security certificate is invalid or does not match the name of the site” comes when the ‘common name’ in the certificate doesn’t match the address you provided in browser to access the site. To fix the problem , you need to use script to generate the certificate rather than using the IIS UI, this is because it will default the common name to the server name and you will have the above problem when using that certificate to a different host-name web application. You can use SelfSSl.exe (IIS 6.0 only), you have to specify common name(cn), for example as: selfssl.exe /T /N:cn=testsharepoint.com /K:1024 /V:7 /S:1 /P:443 OR you can use makecert (IIS7.0 and above) makecert -r -pe -n 'CN=my.domain.here' -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 After you have created the certificate, you then need to add that self-signed certificate to your IIS web site and to the Trusted Root Certification Authorities. (To get to there, Key-in Windows + R and Type mmc.exe and add the certifications console) I have compiled the solution from the questions I have asked in sharepointstackexchange

    Read the article

  • Can't send emails through sendmail, error occured

    - by skomak
    Hi, I have sendmail MTA and i use pear:Mail class to send mails through remote sendmail server. Everything was fine till yesterday. Probably nothing changes was made in configs. At maillog i can see: May 6 12:58:55 xxx sendmail[25903]: STARTTLS=server, relay=hostxxxx.static.xx.xx.pl [85.x.x.x], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 6 12:58:56 xxx sendmail[25903]: o46AwtqE025903: hostxxxx.static.xx.xx.pl [85.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA2 and in /var/log/messages: May 6 13:00:17 lilia sendmail[27193]: realm changed: authentication aborted I use ldap to authenticate users but i used the same script to check mailing on another server and it works there good, only this server behave weird. Packets are deliverd to sendmail server i can see it in tcpdump, but there is smaller packets than on other server which sends emails. Could you tell me how can i check what is wrong with that? D.S.

    Read the article

  • Tell git which private key to use

    - by jrdioko
    ssh has the -i option to tell it which private key file to use when authenticating: -i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol ver- sion 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Iden- tity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). Is there a similar way to tell git which private key file to use when on a system with multiple private keys in the .ssh directory?

    Read the article

  • Connecting a LAN to an OpenVPN server via a windows 7 client gateway

    - by user705142
    I've got OpenVPN set up between my windows 7 client and linux server. The goal is that I'll get secure access to a webapp running on the server from any computer on the client LAN. I'm using ccd to assign static ip addresses to each client connection, with key authentication. It's working on my client machine (10.83.41.9), and when you go to the gateway IP address (10.83.41.1), it loads up the webapp. Now I really need the other computers on the client LAN to be able to connect to the webapp as well, via the windows machine. The client has a static IP address of 192.168.2.100 on the LAN, and I've enabled IP forwarding in windows (confirmed by ipconfig /all). In my router I've forwarded 10.83.41.1 / 255.255.255.255 to 192.168.2.100. In server.conf I have.. route 192.168.2.0 255.255.255.0 And in the office ccd.. ifconfig-push 10.83.41.9 10.83.41.10 iroute 192.168.2.0 255.255.255.0 The client log is as follows: Thu Mar 15 20:19:56 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Thu Mar 15 20:19:56 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Mar 15 20:19:56 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Mar 15 20:19:56 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 LZO compression initialized Thu Mar 15 20:19:56 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] Thu Mar 15 20:19:56 2012 Socket Buffers: R=[8192->8192] S=[64512->64512] Thu Mar 15 20:19:56 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Mar 15 20:19:56 2012 Local Options hash (VER=V4): '9e7066d2' Thu Mar 15 20:19:56 2012 Expected Remote Options hash (VER=V4): '162b04de' Thu Mar 15 20:19:56 2012 UDPv4 link local: [undef] Thu Mar 15 20:19:56 2012 UDPv4 link remote: 111.65.224.202:1194 Thu Mar 15 20:19:56 2012 TLS: Initial packet from 111.65.224.202:1194, sid=ceb04c22 8cc6d151 Thu Mar 15 20:19:56 2012 VERIFY OK: depth=1, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 VERIFY OK: nsCertType=SERVER Thu Mar 15 20:19:56 2012 VERIFY OK: depth=0, /C=NZ/O=XXX./CN=XXX Thu Mar 15 20:19:56 2012 Replay-window backtrack occurred [1] Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Mar 15 20:19:56 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Mar 15 20:19:56 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Mar 15 20:19:56 2012 [server] Peer Connection Initiated with 111.65.224.202:1194 Thu Mar 15 20:19:58 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Mar 15 20:19:59 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.83.41.1,topology net30,ping 10,ping-restart 120,ifconfig 10.83.41.9 10.83.41.10' Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: timers and/or timeouts modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: --ifconfig/up options modified Thu Mar 15 20:19:59 2012 OPTIONS IMPORT: route options modified Thu Mar 15 20:19:59 2012 ROUTE default_gateway=192.168.2.1 Thu Mar 15 20:19:59 2012 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{B32D85C9-1942-42E2-80BA-7E0B5BB5185F}.tap Thu Mar 15 20:19:59 2012 TAP-Win32 Driver Version 9.9 Thu Mar 15 20:19:59 2012 TAP-Win32 MTU=1500 Thu Mar 15 20:19:59 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.83.41.9/255.255.255.252 on interface {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} [DHCP-serv: 10.83.41.10, lease-time: 31536000] Thu Mar 15 20:19:59 2012 Successful ARP Flush on interface [45] {B32D85C9-1942-42E2-80BA-7E0B5BB5185F} Thu Mar 15 20:20:04 2012 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Thu Mar 15 20:20:04 2012 C:\WINDOWS\system32\route.exe ADD 10.83.41.1 MASK 255.255.255.255 10.83.41.10 Thu Mar 15 20:20:04 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Thu Mar 15 20:20:04 2012 Route addition via IPAPI succeeded [adaptive] Thu Mar 15 20:20:04 2012 Initialization Sequence Completed From the other machines I can ping 192.169.2.100, but not 10.83.41.1. In the how-to, it mentions "Make sure your network interface is in promiscuous mode." as well. I can't find in the windows network config, so this may or may not be part of it. Ideally this would be achieved without any special configuration the other LAN computers. Not sure how far I'm going to get on my own at this point, any ideas? Is there something I'm missing, or anything I should need to know?

    Read the article

  • unable to upgrade to 12.10 beta 2 from 12.04 [closed]

    - by user85959
    Possible Duplicate: There's an issue with an Alpha/Beta Release of Ubuntu, what should I do? authenticate 'quantal.tar.gz' against 'quantal.tar.gz.gpg' exception from gpg: GnuPG exited non-zero, with code 2 Debug information: gpg: Signature made Fri 28 Sep 2012 03:55:55 AM IST using DSA key ID 437D05B5 gpg: /tmp/update-manager-bpIptI/trustdb.gpg: trustdb created gpg: Good signature from "Ubuntu Archive Automatic Signing Key " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5 gpg: Signature made Fri 28 Sep 2012 03:55:55 AM IST using RSA key ID C0B21F32 gpg: Can't check signature: public key not found Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/UpdateManager/UpdateManager.py", line 1110, in on_button_dist_upgrade_clicked fetcher.run() File "/usr/lib/python2.7/dist-packages/UpdateManager/Core/DistUpgradeFetcherCore.py", line 253, in run _("Authenticating the upgrade failed. There may be a problem " File "/usr/lib/python2.7/dist-packages/UpdateManager/DistUpgradeFetcher.py", line 41, in error return error(self.window_main, summary, message) File "/usr/lib/python2.7/dist-packages/UpdateManager/Core/utils.py", line 384, in error d.window.set_functions(Gdk.FUNC_MOVE) RuntimeError: unable to get the value gpg: /tmp/tmplqoLDu/trustdb.gpg: trustdb created

    Read the article

  • Unable to find valid certification path to requested target while CAS authentication

    - by Dmitriy Sukharev
    I'm trying to configure CAS authentication. It requires both CAS and client application to use HTTPS protocol. Unfortunately we should use self-signed certificate (with CN that doesn't have anything in common with our server). Also the server is behind firewall and we have only two ports (ssh and https) visible. As far as there're several application that should be visible externally, we use Apache for ajp reverse proxying requests to these applications. Secure connections are managed by Apache, and all Tomcat are not configured to work with SSL. But I obtained exception while authentication, therefore desided to set keystore in CATALINA_OPTS: export CATALINA_OPTS="-Djavax.net.ssl.keyStore=/path/to/tomcat/ssl/cert.pfx -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.keyAlias=alias -Djavax.net.debug=ssl" cert.pfx was obtained from certificate and key that are used by Apache HTTP Server: $ openssl pkcs12 -export -out /path/to/tomcat/ssl/cert.pfx -inkey /path/to/apache2/ssl/server-key.pem -in /path/to/apache2/ssl/server-cert.pem When I try to authenticate a user I obtain the following exception: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) ~[na:1.6.0_32] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) ~[na:1.6.0_32] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ~[na:1.6.0_32] Meanwhile I can see in catalina.out that Tomcat see certificate in cert.pfx and it's the same as the one that is used while authentication: 09:11:38.886 [http-bio-8080-exec-2] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Constructing validation url: https://external-ip/cas/proxyValidate?pgtUrl=https%3A%2F%2Fexternal-ip%2Fclient%2Fj_spring_cas_security_proxyreceptor&ticket=ST-17-PN26WtdsZqNmpUBS59RC-cas&service=https%3A%2F%2Fexternal-ip%2Fclient%2Fj_spring_cas_security_check 09:11:38.886 [http-bio-8080-exec-2] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Retrieving response from server. keyStore is : /path/to/tomcat/ssl/cert.pfx keyStore type is : PKCS12 keyStore provider is : init keystore init keymanager of type SunX509 *** found key for : 1 chain [0] = [ [ Version: V1 Subject: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 13??a lot of digits here??19 public exponent: ????7 Validity: [From: Tue Apr 24 16:32:18 CEST 2012, To: Wed Apr 24 16:32:18 CEST 2013] Issuer: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country SerialNumber: [ d??????? ????????] ] Algorithm: [SHA1withRSA] Signature: 0000: 65 Signature is here 0070: 96 . ] *** trustStore is: /jdk-home-folder/jre/lib/security/cacerts Here is a lot of trusted CAs. Here is nothing related to our certicate or our (not trusted) CA. ... 09:11:39.731 [http-bio-8080-exec-4] DEBUG o.j.c.c.v.Cas20ProxyTicketValidator - Retrieving response from server. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1347433643 bytes = { 63, 239, 180, 32, 103, 140, 83, 7, 109, 149, 177, 80, 223, 79, 243, 244, 60, 191, 124, 139, 108, 5, 122, 238, 146, 1, 54, 218 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } *** http-bio-8080-exec-4, WRITE: TLSv1 Handshake, length = 75 http-bio-8080-exec-4, WRITE: SSLv2 client hello message, length = 101 http-bio-8080-exec-4, READ: TLSv1 Handshake, length = 81 *** ServerHello, TLSv1 RandomCookie: GMT: 1347433643 bytes = { 145, 237, 232, 63, 240, 104, 234, 201, 148, 235, 12, 222, 60, 75, 174, 0, 103, 38, 196, 181, 27, 226, 243, 61, 34, 7, 107, 72 } Session ID: {79, 202, 117, 79, 130, 216, 168, 38, 68, 29, 182, 82, 16, 25, 251, 66, 93, 108, 49, 133, 92, 108, 198, 23, 120, 120, 135, 151, 15, 13, 199, 87} Cipher Suite: SSL_RSA_WITH_RC4_128_SHA Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** %% Created: [Session-2, SSL_RSA_WITH_RC4_128_SHA] ** SSL_RSA_WITH_RC4_128_SHA http-bio-8080-exec-4, READ: TLSv1 Handshake, length = 609 *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 13??a lot of digits here??19 public exponent: ????7 Validity: [From: Tue Apr 24 16:32:18 CEST 2012, To: Wed Apr 24 16:32:18 CEST 2013] Issuer: CN=wrong.domain.name, O=Our organization, L=Location, ST=State, C=Country SerialNumber: [ d??????? ????????] ] Algorithm: [SHA1withRSA] Signature: 0000: 65 Signature is here 0070: 96 . ] *** http-bio-8080-exec-4, SEND TLSv1 ALERT: fatal, description = certificate_unknown http-bio-8080-exec-4, WRITE: TLSv1 Alert, length = 2 http-bio-8080-exec-4, called closeSocket() http-bio-8080-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I tried to convert our pem certificate to der format and imported it to trustedKeyStore (cacerts) (without private key), but it didn't change anything. But I'm not confident that I did it rigth. Also I must inform you that I don't know passphrase for our servier-key.pem file, and probably it differs from password for keystore created by me. OS: CentOS 6.2 Architecture: x64 Tomcat version: 7 Apache HTTP Server version: 2.4 Is there any way to make Tomcat accepts our certificate?

    Read the article

  • scp through ssh gateway connection

    - by zidarsk8
    so my network layou is something like this (I don't have enough reputation to post images so here's the link) http://i.imgur.com/OaD4i.png now Alice has access to SSH gateway (just gateway from now on) with: ssh [email protected] and the authorized keys file on the gateway looks like this #/home/Alice/.ssh/authorized_keys command="ssh -t alice@web" ssh-rsa ABCD...E== alice@somehost so when Alice trys to connect to the Gateway with her private key, she actually gets connected to the Web server (the gateway pc can make a connection to the web server with a passwordless private key, so that stays transparent). The question 1) How can I set this up so that Alice will be able to scp things to web server too? 2) I know this makes a separete connection, but is there any way for this to work as a normal ssh so that even something like -R12345:localhost:22 would work?

    Read the article

  • MinGW MSYS ssh error: Could not create directory '/home/<username>/.ssh'

    - by SoldOut
    I have just installed a fresh MinGW installation on Windows 7 64bit using the Graphical User Interface Installer (the recommended approach) following the instructions given here and keeping the default options (i.e. installation in C:\MinGW) - hopefully without missing any steps or messing things up in any way. However, when running the ssh command, I get the following error: C:\Users\Diablossh username@host Could not create directory '/home/username/.ssh'. The authenticity of host 'username@host (host ip here)' can't be established. RSA key fingerprint is (fingerprint here). Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/username/.ssh/known_hosts). So, I basically have to confirm the connection every time. Why does this happen and how do I fix it?

    Read the article

  • How to generate a private/public key pair to use for a Linux server on Windows Azure?

    - by MainMa
    Following Windows Azure documentation, I generated a pair of private/public keys on an Ubuntu machine using the exact comment as given: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout myPrivateKey.key -out myCert.pem When I open the private key in puttygen, the following error is displayed: Couldn't load private key (unrecognised key type) The private key generated by openssl looks correct: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG6w0xAQEFAASCBKcwggSjAgEsAoIBAQC6OEZ5ULe6F6u2 Cybhqqfqqh2ao9sd2tpqB+HGIoMMHrmnD3YegRgZJIddTQaWKdwaKrYul21YNt5y ... P0RyfL9kDnX/XmIOM38FOoucGvO+Zozsbmgmvw6AUhE0sPhkZnlaodAU1OnfaWJz KpBxkXulBaCJnC8w29dGKng= -----END PRIVATE KEY----- Note that the comments to Azure documentation (the same link as above) report that the pair should be generated using OpenSSL for Windows instead of openssl on Linux. This doesn't help, since the same error appears for a private key generated by OpenSSL for Windows. What am I doing wrong?

    Read the article

  • OpenVPN stopped working, what could have happened?

    - by jaja
    I have Openvpn, and it worked great when I used it on PC (Windows 8), then I copied all files (Certificates and config) to an Android 4 phone to use them. Now, Openvpn works on the phone, but not the PC. Specifically, when I open Google I get: The server at www.google.com can't be found, because the DNS lookup failed, but the VPN seems to be connected. I have a simple question, could the problem be because I copied the same files? Routing table before connecting:- IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.101 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 =========================================================================== Routing table after connecting:- IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.101 25 0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30 10.8.0.4 255.255.255.252 On-link 10.8.0.6 286 10.8.0.6 255.255.255.255 On-link 10.8.0.6 286 10.8.0.7 255.255.255.255 On-link 10.8.0.6 286 **.**.***.** 255.255.255.255 192.168.1.254 192.168.1.101 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 10.8.0.6 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 10.8.0.6 286 =========================================================================== Server conf:- port 1194 proto udp dev tun ca ca.crt cert myservername.crt key myservername.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt duplicate-cn keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 push "redirect-gateway def1" Client conf:- client dev tun proto udp remote 89.32.148.35 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert client1.crt key client1.key verb 3 comp-lzo redirect-gateway def1 Here is the log file:- Tue Dec 18 16:34:27 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Tue Dec 18 16:34:27 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Dec 18 16:34:27 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Dec 18 16:34:27 2012 LZO compression initialized Tue Dec 18 16:34:27 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Dec 18 16:34:27 2012 Socket Buffers: R=[65536-65536] S=[65536-65536] Tue Dec 18 16:34:27 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Dec 18 16:34:27 2012 Local Options hash (VER=V4): '41690919' Tue Dec 18 16:34:27 2012 Expected Remote Options hash (VER=V4): '530fdded' Tue Dec 18 16:34:27 2012 UDPv4 link local: [undef] Tue Dec 18 16:34:27 2012 UDPv4 link remote: ..*.:1194 Tue Dec 18 16:34:27 2012 TLS: Initial packet from ..*.:1194, sid=4d1496ad 2079a5fa Tue Dec 18 16:34:28 2012 VERIFY OK: depth=1, /C=/ST=/L=/O=/OU=/CN=/name=/emailAddress= Tue Dec 18 16:34:28 2012 VERIFY OK: depth=0, /C=/ST=/L=/O=/OU=/CN=/name=/emailAddress= Tue Dec 18 16:34:29 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Dec 18 16:34:29 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 18 16:34:29 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Dec 18 16:34:29 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 18 16:34:29 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Dec 18 16:34:29 2012 [myservername] Peer Connection Initiated with ..*.:1194 Tue Dec 18 16:34:32 2012 SENT CONTROL [myservername]: 'PUSH_REQUEST' (status=1) Tue Dec 18 16:34:32 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: timers and/or timeouts modified Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: --ifconfig/up options modified Tue Dec 18 16:34:32 2012 OPTIONS IMPORT: route options modified Tue Dec 18 16:34:32 2012 ROUTE default_gateway=192.168.1.254 Tue Dec 18 16:34:32 2012 TAP-WIN32 device [Local Area Connection] opened: \.\Global{F0CFEBBF-9B1B-4CFB-8A82-027330974C30}.tap Tue Dec 18 16:34:32 2012 TAP-Win32 Driver Version 9.9 Tue Dec 18 16:34:32 2012 TAP-Win32 MTU=1500 Tue Dec 18 16:34:32 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {F0CFEBBF-9B1B-4CFB-8A82-027330974C30} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Tue Dec 18 16:34:32 2012 Successful ARP Flush on interface [26] {F0CFEBBF-9B1B-4CFB-8A82-027330974C30} Tue Dec 18 16:34:37 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD ..*. MASK 255.255.255.255 192.168.1.254 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5 Tue Dec 18 16:34:37 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Tue Dec 18 16:34:37 2012 Route addition via IPAPI succeeded [adaptive] Tue Dec 18 16:34:37 2012 Initialization Sequence Completed

    Read the article

  • Creating a chain of certificates

    - by StackedCrooked
    This question is a follow up to my previous question, which was, in retrospect, not completely answered: http://superuser.com/questions/126121/how-to-create-my-own-certificate-chain. I'll represent my certificate chain like this: ROOT - A - B - C - ... I am now able to create the ROOT and A certificates, but I didn't succeed in continueing the chain. My command for creating the root certificate is: openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem Certificate A: openssl genrsa -out client.key 1024 openssl req -new -key client.key -out client.csr openssl ca -in client.csr -out client.cer This command depends on the root certificate implicitly using the data found in the openssl config file. Certificate B will only rely on A, so the previous command won't work here. How can I complete the chain?

    Read the article

  • postfix, TLS and rapidssl - "verify error:num=19:unable to get local issuer certificate"

    - by technobuddha
    I have been googeling for days! I have a cert from rapidssl. I read up that the problem with num=20, is that indicates it doesn't know the issuer, or doesn't know the ROOT Cert, right? I run this command: openssl s_client -showcerts -connect smtp.server.com:465 I get this error: verify error:num=19:self signed certificate in certificate chain Here is what i have in my postfix main.cf, and what i have done: smtpd_tls_key_file = /etc/postfix/ssl/smtp.server.com.rsa.key (this is the private key) smtpd_tls_cert_file = /etc/postfix/ssl/smtp.server.com.PUBLIC.key (this is the public key given to me by rapidssl) smtpd_tls_CAfile = /etc/postfix/ssl/combo.csr.key This key has both the intermediate keys ON TOP, and the ROOT KEY on the bottom. Here is the Intermediate keys: https://knowledge.geotrust.com/library/VERISIGN/ALL_OTHER/geotrust%20ca/GT_QuickSSL_and_Premium_and_Trial_intermediate_bundle.pem and here is the root CERT: http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer anyone know how to use rapidssl certs?

    Read the article

  • Oracle Linux Tips and Tricks: Using SSH

    - by Robert Chase
    Out of all of the utilities available to systems administrators ssh is probably the most useful of them all. Not only does it allow you to log into systems securely, but it can also be used to copy files, tunnel IP traffic and run remote commands on distant servers. It’s truly the Swiss army knife of systems administration. Secure Shell, also known as ssh, was developed in 1995 by Tau Ylonen after the University of Technology in Finland suffered a password sniffing attack. Back then it was common to use tools like rcp, rsh, ftp and telnet to connect to systems and move files across the network. The main problem with these tools is they provide no security and transmitted data in plain text including sensitive login credentials. SSH provides this security by encrypting all traffic transmitted over the wire to protect from password sniffing attacks. One of the more common use cases involving SSH is found when using scp. Secure Copy (scp) transmits data between hosts using SSH and allows you to easily copy all types of files. The syntax for the scp command is: scp /pathlocal/filenamelocal remoteuser@remotehost:/pathremote/filenameremote In the following simple example, I move a file named myfile from the system test1 to the system test2. I am prompted to provide valid user credentials for the remote host before the transfer will proceed.  If I were only using ftp, this information would be unencrypted as it went across the wire.  However, because scp uses SSH, my user credentials and the file and its contents are confidential and remain secure throughout the transfer.  [user1@test1 ~]# scp /home/user1/myfile user1@test2:/home/user1user1@test2's password: myfile                                    100%    0     0.0KB/s   00:00 You can also use ssh to send network traffic and utilize the encryption built into ssh to protect traffic over the wire. This is known as an ssh tunnel. In order to utilize this feature, the server that you intend to connect to (the remote system) must have TCP forwarding enabled within the sshd configuraton. To enable TCP forwarding on the remote system, make sure AllowTCPForwarding is set to yes and enabled in the /etc/ssh/sshd_conf file: AllowTcpForwarding yes Once you have this configured, you can connect to the server and setup a local port which you can direct traffic to that will go over the secure tunnel. The following command will setup a tunnel on port 8989 on your local system. You can then redirect a web browser to use this local port, allowing the traffic to go through the encrypted tunnel to the remote system. It is important to select a local port that is not being used by a service and is not restricted by firewall rules.  In the following example the -D specifies a local dynamic application level port forwarding and the -N specifies not to execute a remote command.   ssh –D 8989 [email protected] -N You can also forward specific ports on both the local and remote host. The following example will setup a port forward on port 8080 and forward it to port 80 on the remote machine. ssh -L 8080:farwebserver.com:80 [email protected] You can even run remote commands via ssh which is quite useful for scripting or remote system administration tasks. The following example shows how to  log in remotely and execute the command ls –la in the home directory of the machine. Because ssh encrypts the traffic, the login credentials and output of the command are completely protected while they travel over the wire. [rchase@test1 ~]$ ssh rchase@test2 'ls -la'rchase@test2's password: total 24drwx------  2 rchase rchase 4096 Sep  6 15:17 .drwxr-xr-x. 3 root   root   4096 Sep  6 15:16 ..-rw-------  1 rchase rchase   12 Sep  6 15:17 .bash_history-rw-r--r--  1 rchase rchase   18 Dec 20  2012 .bash_logout-rw-r--r--  1 rchase rchase  176 Dec 20  2012 .bash_profile-rw-r--r--  1 rchase rchase  124 Dec 20  2012 .bashrc You can execute any command contained in the quotations marks as long as you have permission with the user account that you are using to log in. This can be very powerful and useful for collecting information for reports, remote controlling systems and performing systems administration tasks using shell scripts. To make your shell scripts even more useful and to automate logins you can use ssh keys for running commands remotely and securely without the need to enter a password. You can accomplish this with key based authentication. The first step in setting up key based authentication is to generate a public key for the system that you wish to log in from. In the following example you are generating a ssh key on a test system. In case you are wondering, this key was generated on a test VM that was destroyed after this article. [rchase@test1 .ssh]$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/rchase/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/rchase/.ssh/id_rsa.Your public key has been saved in /home/rchase/.ssh/id_rsa.pub.The key fingerprint is:7a:8e:86:ef:59:70:ef:43:b7:ee:33:03:6e:6f:69:e8 rchase@test1The key's randomart image is:+--[ RSA 2048]----+|                 ||  . .            ||   o .           ||    . o o        ||   o o oS+       ||  +   o.= =      ||   o ..o.+ =     ||    . .+. =      ||     ...Eo       |+-----------------+ Now that you have the key generated on the local system you should to copy it to the target server into a temporary location. The user’s home directory is fine for this. [rchase@test1 .ssh]$ scp id_rsa.pub rchase@test2:/home/rchaserchase@test2's password: id_rsa.pub                  Now that the file has been copied to the server, you need to append it to the authorized_keys file. This should be appended to the end of the file in the event that there are other authorized keys on the system. [rchase@test2 ~]$ cat id_rsa.pub >> .ssh/authorized_keys Once the process is complete you are ready to login. Since you are using key based authentication you are not prompted for a password when logging into the system.   [rchase@test1 ~]$ ssh test2Last login: Fri Sep  6 17:42:02 2013 from test1 This makes it much easier to run remote commands. Here’s an example of the remote command from earlier. With no password it’s almost as if the command ran locally. [rchase@test1 ~]$ ssh test2 'ls -la'total 32drwx------  3 rchase rchase 4096 Sep  6 17:40 .drwxr-xr-x. 3 root   root   4096 Sep  6 15:16 ..-rw-------  1 rchase rchase   12 Sep  6 15:17 .bash_history-rw-r--r--  1 rchase rchase   18 Dec 20  2012 .bash_logout-rw-r--r--  1 rchase rchase  176 Dec 20  2012 .bash_profile-rw-r--r--  1 rchase rchase  124 Dec 20  2012 .bashrc As a security consideration it's important to note the permissions of .ssh and the authorized_keys file.  .ssh should be 700 and authorized_keys should be set to 600.  This prevents unauthorized access to ssh keys from other users on the system.   An even easier way to move keys back and forth is to use ssh-copy-id. Instead of copying the file and appending it manually to the authorized_keys file, ssh-copy-id does both steps at once for you.  Here’s an example of moving the same key using ssh-copy-id.The –i in the example is so that we can specify the path to the id file, which in this case is /home/rchase/.ssh/id_rsa.pub [rchase@test1]$ ssh-copy-id -i /home/rchase/.ssh/id_rsa.pub rchase@test2 One of the last tips that I will cover is the ssh config file. By using the ssh config file you can setup host aliases to make logins to hosts with odd ports or long hostnames much easier and simpler to remember. Here’s an example entry in our .ssh/config file. Host dev1 Hostname somereallylonghostname.somereallylongdomain.com Port 28372 User somereallylongusername12345678 Let’s compare the login process between the two. Which would you want to type and remember? ssh somereallylongusername12345678@ somereallylonghostname.somereallylongdomain.com –p 28372 ssh dev1 I hope you find these tips useful.  There are a number of tools used by system administrators to streamline processes and simplify workflows and whether you are new to Linux or a longtime user, I'm sure you will agree that SSH offers useful features that can be used every day.  Send me your comments and let us know the ways you  use SSH with Linux.  If you have other tools you would like to see covered in a similar post, send in your suggestions.

    Read the article

  • Apache Redirect from https to https

    - by Nikolaos Kakouros
    I am trying to redirect without a rewrite rule from eg https://www.domain.com to https://www.domain.net . I have a wildcard certificate for *.domain.net . This yields the following warning in my error_log [warn] RSA server certificate wildcard CommonName (CN) `*.domain.net' does NOT match server name!? This makes sense and I understand why the warning. I would like to ask if there is a way to use the Redirect directive to accomplish the above without the warnings. Here is my virtual hosts in ssl.conf: <VirtualHost *:443> SSLEngine on ServerName www.domain.net DocumentRoot /var/www/html/domain SSLOptions -FakeBasicAuth -ExportCertData +StrictRequire +OptRenegotiate -StdEnvVars SSLStrictSNIVHostCheck off </VirtualHost> <VirtualHost *:443> SSLEngine on ServerName www.domain.com ServerAlias www.domain.info Redirect permanent / https://www.domain.net </VirtualHost> Also, if there is a solution, can it be used for redirection from htps://domain.com to htps://www.domain.com? Thanks a lot!

    Read the article

  • OpenSSL without prompt

    - by JP19
    Hi, I am using following code to generate keys: apt-get -qq -y install openssl; mkdir -p /etc/apache2/ssl; openssl genrsa -des3 -out server.key 1024; openssl req -new -key server.key -out server.csr; cp server.key server.key.org; openssl rsa -in server.key.org -out server.key; openssl x509 -req -days 12000 -in server.csr -signkey server.key -out server.crt; mv server.crt /etc/apache2/ssl/cert.pem; mv server.key /etc/apache2/ssl/cert.key; rm -f server.key.orig; rm -f server.csr How can I skip the passphrase prompting? thanks JP

    Read the article

  • Can you specify git-shell in .ssh/authorized_keys to restrict access to only git commands via ssh?

    - by Matt Connolly
    I'd like to be able to use a ssh key for authentication, but still restrict the commands that can be executed over the ssh tunnel. With Subversion, I've achieved this by using a .ssh/authorized_keys file like: command="/usr/local/bin/svnserve -t --tunnel-user matt -r /path/to/repository",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIetc... I've tried this with "/usr/bin/git-shell" in the command, but I just get the funky old fatal: What do you think I am? A shell? error message.

    Read the article

  • Dovecot and StartSSL problems with issuer

    - by knoim
    I am using dovecot (1) and trying to get my StartSSL certificate running. ssl_key_file points to my private key I tried pointing ssl_cert_file to my public key, with and without using the class1 certificate from http://www.startssl.com/certs/sub.class1.server.ca.pem as ssl_ca_file aswell as combing them with cat publickey sub.class1.server.ca.pem chained My mail client keeps telling me the certificate has no issuer, but doing openssl x509 on my public certificate tells me it is C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA My option for the CSR were: openssl req -new -newkey rsa:4096 -nodes Dovecot's log doesn't mention any problems. EDIT: Doesn't seem to be a problem with dovecot. I am having the same problem with postfix. openssl verify gives me the same error.

    Read the article

  • How to use public-key ssh authentication

    - by Poma
    I have 2 ubuntu 12.04 (beta) servers (node1 and node2) and want to establish passwordless root access between them. Other users should not have access to other boxes. Also note that ssh default port is changed to 220. Here's what I did: sudo -i cd /root/.ssh ssh-keygen -t rsa # with default name and empty password cat id_rsa.pub > authorized_keys then copied id_rsa & id_rsa.pub to node2 and added id_rsa.pub to authorized_keys. Both hosts have the same /root/.ssh/config file: Host node1 Hostname 1.2.3.4 Port 220 IdentityFile /root/.ssh/id_rsa Host node2 Hostname 5.6.7.8 Port 220 IdentityFile /root/.ssh/id_rsa Now the problem is that when I type ssh node2 it asks me for password. What may be the problem?

    Read the article

  • Cannot install new certificate in IIS 7 on Windows Server 2008 R2

    - by Alex B.
    We are trying to renew our existing web site certificate on our IIS 7 site under Windows Server 2008 R2, but we continue to get the "Access is denied" error that others have posted. However, when we have gone to implement the common fix of making sure the Administrator group has full access to all folders and subfolders on the C:\ProgramData\Microsoft\Crypto\RSA folder, we get an "Access is Denied" error on changing those permissions. Yes, we are logged in as Administrator user - it just seems to not allow us to modify the group permissions to this folder. Help! We need to renew our certificate before March 2011!

    Read the article

  • How to install Gyachi on ubuntu 12.10

    - by Oguz Can Sertel
    I would like to use Gyachi on ubuntu 12.10. I tried these steps but it doesn't work.. I wanted to compile it myself... but it need some libs... it made me confused... so I gave up sudo add-apt-repository ppa:adilson/experimental sudo apt-get update sudo apt-get install gyachi Thank you for your helps at first command the output: sudo add-apt-repository ppa:adilson/experimental You are about to add the following PPA to your system: Contains packages that are not in the official Debian/Ubuntu repositories and newer versions and snapshots which are not available yet in the repositories. Theses packages are experimental. Use them at your own risk. More info: https://launchpad.net/~adilson/+archive/experimental Press [ENTER] to continue or ctrl-c to cancel adding it gpg: keyring `/tmp/tmp3y3i7p/secring.gpg' created gpg: keyring `/tmp/tmp3y3i7p/pubring.gpg' created gpg: requesting key 27B81625 from hkp server keyserver.ubuntu.com gpg: /tmp/tmp3y3i7p/trustdb.gpg: trustdb created gpg: key 27B81625: public key "Launchpad Experimental Packages PPA" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK and after sudo apt-get update; this is (sudo apt-get install gyachi)'s output here is the output: sudo apt-get install gyachi Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package gyachi

    Read the article

  • ssl_error_log apache issue

    - by lakshmipathi
    https://localhost works but https://ipaddress didn't cat logs/ssl_error_log [Mon Aug 02 19:04:11 2010] [error] [client 192.168.1.158] (13)Permission denied: access to /ajaxterm denied [root@space httpd]# cat logs/ssl_access_log 192.168.1.158 - - [02/Aug/2010:19:04:11 +0530] "GET /ajaxterm HTTP/1.1" 403 290 [root@space httpd]# cat logs/ssl_request_log [02/Aug/2010:19:04:11 +0530] 192.168.1.158 SSLv3 DHE-RSA-CAMELLIA256-SHA "GET /ajaxterm HTTP/1.1" 290 httpd.conf file NameVirtualHost *:443 <VirtualHost *:443> ServerName localhost SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /usr/share/ajaxterm > Options FollowSymLinks AllowOverride None Order deny,allow Allow from All </Directory> DocumentRoot /usr/share/ajaxterm DirectoryIndex ajaxterm.html ProxyRequests Off <Proxy *> # Order deny,allow Allow from all </Proxy> ProxyPass /ajaxterm/ http://localhost:8022/ ProxyPassReverse /ajaxterm/ http://localhost:8022/ ErrorLog error_log.log TransferLog access_log.log </VirtualHost> How to fix this ?

    Read the article

  • Speed up ADF Mobile Deployment to Android with Keystore

    - by Shay Shmeltzer
    As you might have noticed from my latest ADF Mobile entries, I'm doing most of my ADF Mobile development on a windows machine and testing on an Android device. Unfortunately the Android/windows experience is not as fast as the iOS/Mac one. However, there is one thing I learned today that can make this a bit less painful in terms of the speed to deploy and test your application - and this is to use the "Release" mode when deploying your application instead of the "Debug" mode. To do this you'll first need to define a keystore, but as Joe from our Mobile team showed me today, this is quite easy. Here are the steps: Open a command line in your JDK bin directory (I just used the JDK that comes with the JDeveloper install). Issue the following command: keytool –genkey –v –keystore <Keystore Name>.keystore –alias <Alias Name> -keyalg RSA –keysize 2048 –validity 10000 Both keystore name and alias names are strings that you decide on. The keytool utility will then prompt you with various questions that you'll need to answer. Once this is done, the next step is to configure your JDeveloper preferences->ADF Mobile to add this keystore there under the release tab:  Then for your application specific deployment profile - switch the build mode from debug to release. The end result is a much smaller mobile application (for example from 60 to 21mb) and a much faster deployment cycle (for me it is about twice as fast as before).

    Read the article

  • SPF record doesn't work (not sure which DNS server to tweak)

    - by Ion
    Problem: Google (and perhaps others) marks our emails as SPF neutral. Let me give you some background about the setup: initially got a dedicated server (Hetzner) with Plesk installed to host a domain/web application, let's say: bigjaws.com. Plesk automatically creates a DNS zone for it with some records for the various services it provides out of the box, e.g. webmail.bigjaws.com as a CNAME to bigjaws.com to provide Horde/whatever, etc. Let me point out four relevant of these records (where XXX.XXX.XXX.158 is our dedicated IP): bigjaws.com. A XXX.XXX.XXX.158 mail.bigjaws.com. A XXX.XXX.XXX.158 bigjaws.com MX (10) mail.bigjaws.com. bigjaws.com. TXT v=spf1 +a +mx -all The above records are not(?) valid anymore though, because after using this dedicated server for a while, our site got bigger and bigger so we decided to move our operations over to AWS (EC2, RDS, ELB, etc), but we retained the mail functionality as is, i.e. emails from [email protected] are sent by connecting to our dedicated server where Plesk takes care of things. This was decided in order not to setup anything from scratch. Of course for all DNS-related things we now use Route53. In Route53 I have the following records: mail.schoox.com. A XXX.XXX.XXX.158 bigjaws.com. MX (10) mail.bigjaws.com bigjaws.com. SPF "v=spf1 +ip4:XXX.XXX.XXX.158 +mx ~all" From my understanding of SPF, the SPF status should have been passed: I designate that all email being sent by bigjaws.com from XXX.XXX.XXX.158 are valid/not spam (I added +mx there but I'm not sure if needed). When a mail server receives an email, doesn't it lookup the SPF record of the domain and checks against the IP it got the email from? Checking with spfquery: root@box:~# spfquery -ip XXX.XXX.XXX.158 -sender [email protected] -rcpt-to [email protected] StartError Context: Failed to query MAIL-FROM ErrorCode: (2) Could not find a valid SPF record Error: No DNS data for 'bigjaws.com'. EndError noneneutral Please see http://www.openspf.org/Why?id=employee1%40bigjaws.com&ip=XXX.XXX.XXX.158&receiver=spfquery : Reason: default spfquery: XXX.XXX.XXX.158 is neither permitted nor denied by domain of bigjaws.com Received-SPF: neutral (spfquery: XXX.XXX.XXX.158 is neither permitted nor denied by domain of bigjaws.com) client-ip=XXX.XXX.XXX.158; [email protected]; If I go to the address listed above (openspf.org) it tells me that the message should have been accepted(!): spfquery rejected a message that claimed an envelope sender address of [email protected]. spfquery received a message from static.158.XXX.XXX.XXX.clients.your-server.de (XXX.XXX.XXX.158) that claimed an envelope sender address of [email protected]. The domain bigjaws.com has authorized static.158.XXX.XXX.XXX.clients.your-server.de (XXX.XXX.XXX.158) to send mail on its behalf, so the message should have been accepted. It is impossible for us to say why it was rejected. What should I do? If the problem persists, contact the bigjaws.com postmaster. Also, here are some headers from an email sent by one of our [email protected] addresses to a gmail.com address (by the way, bigjaws.de listed in the "Received: from" field was the initial domain hosted on the dedicated server before adding the .com one -- both are still listed as separate subscriptions under Plesk). Delivered-To: [email protected] Received: by 10.14.177.70 with SMTP id c46csp289656eem; Wed, 23 Oct 2013 01:11:00 -0700 (PDT) X-Received: by 10.14.102.66 with SMTP id c42mr306186eeg.47.1382515860386; Wed, 23 Oct 2013 01:11:00 -0700 (PDT) Return-Path: <[email protected]> Received: from bigjaws.de (static.158.XXX.XXX.XXX.clients.your-server.de. [XXX.XXX.XXX.158]) by mx.google.com with ESMTPS id l4si19438578eew.161.2013.10.23.01.10.59 for <[email protected]> (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 23 Oct 2013 01:10:59 -0700 (PDT) Received-SPF: neutral (google.com: XXX.XXX.XXX.158 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=XXX.XXX.XXX.158; Authentication-Results: mx.google.com; spf=neutral (google.com: XXX.XXX.XXX.158 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bigjaws.com; b=WwRAS0WKjp9lO17iMluYPXOHzqRcOueiQT4rPdvy3WFf0QzoXiy6rLfxU/Ra53jL1vlPbwlLNa5gjoJBi7ZwKfUcvs3s02hJI7b3ozl0fEgJtTPKoCfnwl4bLPbtXNFu; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; Received: (qmail 22722 invoked from network); 23 Oct 2013 10:10:59 +0200 Received: from hostname.static.ISP.com (HELO ?192.168.1.60?) (YYY.YYY.ISP.IP) by static.158.XXX.XXX.XXX.clients.your-server.de. with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 23 Oct 2013 10:10:59 +0200 Message-ID: <[email protected]> Date: Wed, 23 Oct 2013 11:11:00 +0300 From: BigJaws Employee <[email protected]> User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: [email protected] Subject: test SPF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit test SPF Any ideas why SPF is not working correctly? Also, are there any DNS settings that are not needed anymore and create a problem?

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >