Search Results

Search found 2183 results on 88 pages for 'dbconsole certificate expiry'.

Page 69/88 | < Previous Page | 65 66 67 68 69 70 71 72 73 74 75 76  | Next Page >

• disable "SSL 2.0+ upgrade support" in nginx

  - by Bhargava

  I evaluated the SSL credentials of my server with qualsys ssl page ( https://www.ssllabs.com/ssldb/index.html ) and found the entry "SSL 2.0+ upgrade support" being marked as yes. I want to disable this sslv2 handshake too. I searched around and found http://forum.nginx.org/read.php?2,104032m, which points to creating a openssl.cnf file. Have a naive question here. After creating the file, does one need to re-key his certificate for this to work ? Are there any other steps to follow ? I use nginx 1.0.11 and openssl "OpenSSL 1.0.0e-fips 6 Sep 2011". I have set ssl_ciphers in nginx to SSLv3 TLSv1;

  Read the article

• DNS name not on cert

  - by blsub6

  I've got an interesting one... My users have always typed in 'mail' to get to their mail. There was an internal DNS A record that resolved that to the IP of the mail server. I'm putting in an Exchange server to replace that. In order for people to get their mail, I try putting in an A record that does the same thing as the previous one. When I try to get to OWA, it tells me that the certificate on the server is not trusted. I only have the names: mail.mydomain.com autodiscover.mydomain.com autodiscover.mydomain.internal mydomain.internal mailserver.mydomain.internal so when the browser sees that this cert is trying to cover https://mail/owa it says the cert's not trusted. What amy I supposed to do about that?

  Read the article

• OpenLDAP server logs filled with "TLS negotiation failure"

  - by WildVelociraptor

  I recently migrated an old OpenLDAP setup to a newer server, with a more robust certificate setup. Currently, most hosts are required to verify the cert matches the host: tls_checkpeer yes TLS_REQCERT always In the server logs, there are multiple occurences of: Nov 6 10:45:08 <servername> slapd[1773]: conn=2785646 fd=35 closed (TLS negotiation failure) These errors appear from multiple hosts, but there don't seem to be any issues actually logging into those servers with an LDAP account. Does anyone know what would cause these errors? The server is running Ubuntu 12.04.2, and OpenLDAP version 2.4.28. The cert was generated using GnuTLS.

  Read the article

• How to setup external mail addresses without external autodiscover tries?

  - by Tarnschaf

  We have a little Exchange/Outlook installation here that fetches the mails from our provider with POP3. Now to be able to send emails outside our organisation, I added another SMTP address to the Exchange User: [email protected] (Default / Reply Address) [email protected] Sending email works using the default address. But now there is an error message each time we start Outlook. Outlook tries to autodiscover using autodiscover.ourcompany.com which doesn't exist. Our autodiscover files are placed on our local server. I think all the servers are discovers, because everything works as expected. Everything except the error message on each Outlook start. (The error message is actually because of an invalid certificate but I don't see why Outlook should contact an external host at all!) So how can I solve this? Forcing Autodiscover on every Outlook client to use the local hosts? Or ist there an even better way?

  Read the article

• Adding HTTPS capability to WAMPSERVER 2

  - by abel

  I have WampServer 2 installed on my WinXP Pro SP3 box, Apache 2.2.11 with ssl module enabled, which runs the comnpanies intranet website. http://www.akadia.com/services/ssh_test_certificate.html gives some pointers of generating a self signed certificate. But I encounter a error while running through the example openssl genrsa -des3 -out server.key 1024 where openssl.exe is located under C:\wamp\bin\apache\Apache2.2.11\bin The error code that gets generated is 4828:error:02001015:system library:fopen:Is a directory:.\crypto\bio\bss_file.c: 126:fopen('d:/test/openssl098kvc6/openssl.cnf','rb') 4828:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c :131: 4828:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\con f\conf_def.c:199: Where am I going wrong?

  Read the article

• racoon-tool doesn't generate full racoon.conf file in /var/lib/racoon/racoon.conf

  - by robthewolf

  I am using ipsec-tools/racoon to create my VPN. I am using racoon-tool to configure racoon.conf but when I run racoon-tool reload it only generates the first section - Global items. When I run racoon-tool I get: # racoon-tool reload Loading SAD and SPD... SAD and SPD loaded. Configuring racoon...done. This is the entire file /var/lib/racoon/racoon.conf # # Racoon configuration for Samuel # Generated on Wed Jan 5 21:31:49 2011 by racoon-tool # # # Global items # path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug; I cannot find anywhere a solution as to why this is happening. Please help

  Read the article

• Nginx. How do I reject request to unlisted ssl virtual server?

  - by Osw

  I have a wildcard SSL certificate and several subdomains on the same ip. Now I want my nginx to handle only mentioned server names and drop connection for others so that it'd look like nginx is not running for unlisted server names (not responding, rejecting, dead, not a single byte in response). I do the following ssl_certificate tls/domain.crt; ssl_certificate_key tls/domain.key; server { listen 1.2.3.4:443 ssl; server_name validname.domain.com; // } server { listen 1.2.3.4:443 ssl; server_name _; // deny all; // return 444; // return 404; //location { // deny all; //} } I've tried almost everything in the last server block, but no success. I get either valid response from known virtual server or error code. Please help.

  Read the article

• Multiple SSL domains on the same IP address and same port?

  - by johnlai2004

  I set up an ubuntu 9.10 - apache2 - php5 server. I was under the impression that each valid SSL certificate (no domain wild cards) required it's own unique IP address and port number combination. But the answer to a previous question I posted is at odds with this claim: http://serverfault.com/questions/109766/ssl-site-not-using-the-correct-ip-in-apache-and-ubuntu Using the accepted answer, I was able to get multiple domains, each with it's own valid SSL to work on the same IP address and on port 443. I am very confused as to why the above answer works, especially after hearing from others that each SSL domain website on the same server requires its own IP+port combination. I am suspicious that I did something wrong. Can someone clear up the confusion? Websites currently using different SSL but on the same IP and Port are: https://www.yummyskin.com/ https://staging.bossystem.org/

  Read the article

• How to handle user accounts for many sites running on same server

  - by Simon Courtenage

  Background to this question: I want to host multiple e-commerce sites on the same server, each with their own separate customer login application. Each site's login application needs to be secured by SSL. I'm unsure how best to handle this. For example, do I need to acquire a separate SSL certificate for each site (in which case, how do I do this dynamically, as the sites are created), or do I handle this using ONE login gateway-style application, which handles it on behalf of all the sites via a kind of transparent redirect? I'd be grateful for any pointers or advice. Thanks.

  Read the article

• Linux - How to manage the password of root?

  - by Jonathan Rioux

  We have just deployed a couple of Linux server. Each sysadmin will have his own account on the server (i.e.: jsmith), and will connect using SSH with a certificate which will be put into the "authorized_keys" file in their home directory. Once connected on the server, if they want to issue an elevated command, they will do like: sudo ifconfig They will then enter the root password. What I would like to know now are the best practices in managing that root password. Should I change it periodicaly? And how do I share that new password with the sysadmins? **Of course I will disable the root logon in SSH.

  Read the article

• Connecting to a LDAPS server

  - by Pavanred

  I am working on a development machine and I am trying to connect to my LDAP server. This is what I do - telnet ldaps- 686 then the response is - Could not open connection to the host on port 686 : connect failed But, the strange part is when I connect to my server - telnet ldap- 389 then the connection is successful. My question is, why does this happen? Do I have to install SSL certificate on the client machine where I make the call from? I do not know much about this. I know for a fact that the LDAP server is working fine because other applications are successfully using it currently.

  Read the article

• Why do I get "Permission denied (publickey)" when trying to SSH from local Ubuntu to a Amazon EC2 se

  - by Vorleak Chy

  I have an instance of an application running in the cloud on Amazon EC2 instance, and I need to connect it from my local Ubuntu. It works fine on one of local ubuntu and also laptop. I got message "Permission denied (publickey)" when trying to access SSH to EC2 on another local Ubuntu. It's so strange to me. I'm thinking some sort of problems with security settings on the Amazon EC2 which has limited IPs access to one instance or certificate may need to regenerate. Does anyone know a solution?

  Read the article

• Puppet claims to be unable to resolve domains even if domain properly resolves

  - by gparent

  I have a fairly simple puppet setup, one master and one node, both running Debian Squeeze 6.0.4. I have DNS entries for the two machines, client and master respectively. Both client and master's DNS entries resolve correctly on both machines to the right IPs. On my client, I have this configuration: [main] server = master.example.org logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true templatedir=/var/lib/puppet/templates Key exchange seems to fail, according to this messages in /var/log/syslog: localhost puppet-agent[11364]: Could not request certificate: getaddrinfo: Name or service not known Why is resolution not working only for puppet?

  Read the article

• Recommendation for a non-standard SSL port

  - by onurs

  Hey guys, On our server I have a single IP, and need to host 2 different SSL sites. Sites have different owners so have different SSL certificates, and can't share the same certificate with SAN. So as a last resort I have modified the web application to give the ability to use a specified port for secure pages. For its simple look I used port 200. However I'm worried about some visitors may be unable to see the site because of their firewalls / proxies blocking the port for ssl connections. I heard some people were unable to see the website, a home user and someone from an enterprise company, don't know if this was the reason. So, any recommendations for a non-standard SSL port number (443 is used by the other site) which may work for visitors better than port 200 ? Like 8080 or 8443 perhaps? Thanks!

  Read the article

• Long string insertion with sed

  - by Luis Varca

  I am trying to use this expression to insert the contents of one text file into another after a give string. This is a simple bash script: TEXT=`cat file1.txt` sed -i "/teststring/a \ $TEXT" file2.txt This returns an error, "sed: -e expression #1, char 37: unknown command: `M'" The issue is in the fact that the contents of file1.txt are actually a private certificate so it's a large amount of text and unusual characters which seems to be causing an issue. If I replace $TEXT with a simple ASCII value it works but when it reads the large content of file1.txt it fails with that error. Is there some way to carry out this action? Is my syntax off with sed or my quote placement wrong?

  Read the article

• Remote Desktop Connection over VPN on mac

  - by Diego Faria

  I'm trying to connect to a Windows computer on over a VPN connection using Remote Desktop connection. I opened Network on mac and created a new connection. Interface: VPN. VPN Type: PPTP. I filled the inputs for server address, account name, password and applied. I connect the VPN and it connects. I open Remote Desktop Connection and put the IP of the machina i want to connect but it dont connect, a problem occurs saying that the machina may be turned off and etc. But in a windows machine I can connect there and the machine is up and running. On my mac I ping to the ip address that a want to connect and it has no response. I think that the vpn have a problem, is there a way for me to certificate that i am on the vpn network ? Whats going on?

  Read the article

• PHP does not allow https connections

  - by FunkyChicken

  Hey guys im running PHP 5.4.0 and I cannot cURL nor files_get_content() https connections. Using curl in a PHP script shows: [root@ns1]# /opt/php/bin/php -q test.php * About to connect() to www.google.com port 443 * Trying 74.125.225.210... * connected * Connected to www.google.com (74.125.225.210) port 443 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Segmentation fault Using file_get_contents() shows: Warning: file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in /test.php OpenSSL and OpenSSL-devel are installed, and PHP is also configured with cURL support for SSL connections. See: http://i.imgur.com/ExAIf.png Any idea what might be going wrong? Further info: CentOS 5.8(64) with Nginx 1.2.4

  Read the article

• proftpd - TLS connection hangs authenticating

  - by greydet

  I setup a proftpd server that uses TLS/SSL certificate for authentication. Everything works well when I connect through lftp or Filezilla (with explicit connection). But once I attempt connecting with simple ftp connection from Filezilla, the USER command ends with the 550 response (SSL/TLS required). After that any further connection through lftp or Filezilla (with explicit connection) will hang authenticating. Anyone knows how to workaround this issue? Is there a way to ask Filezilla to automatically use TLS/SSL if required? I am using Ubuntu server 10.04 with proftpd 1.3.2c. There is no error message in the log files.

  Read the article

• Apache + plesk vhost problem: .htaccess ignored!

  - by DaNieL

  Hi guys, i have a problem with a simple apache configuration. When the user ask for https://mydomain.com i have to redirect it to https://www.mydomain.com, becose my https certificate is valid just for the domain with www. I create the vhost.conf into my /var/www/vhosts/mydomain.com/conf/ directory, with inside: <Directory /var/www/vhosts/mydomain.com/httpsdocs> AllowOverride All </Directory> And my .htaccess file into the /var/www/vhosts/mydomain.com/httpsdocs/ is: RewriteEngine on RewriteCond %{HTTPS_HOST} ^mydomain\.com RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] But seem like the .htaccess is completely ignored. Any idea?

  Read the article

• SSL client auth in nginx with multiple server section

  - by Bastien974

  I want to implement ssl_verify_client in nginx. This works perfectly when I only have one server section, which listen to 443. In my case I have multiple, all listening on 443 but to different server_name. For one particular server (proxy.mydomain.com), I'm adding the SSL client verify, but when I test the connectivity with openssl s_client -connect proxy.mydomain.com:443 -cert xxx.crt -key xxx.key and then do a GET / HTTP/1.1 host: proxy.mydomain.com It's not working, 400 No required SSL certificate was sent I think nginx is not receiving the proper server_name and is directing it to the first server listening to 443. So I tried to listen on another port and it worked right away. What's the issue and how can I fix it ?

  Read the article

• Aventail VPN connection doesn't work

  - by Warlax

  I installed the Aventail VPN client on both the Mac and a Windows 7 machine, both on my home network. When I try to connect one or the other (I make sure one is disconnected before connecting through the other machine), I get a connection and view the correct certificate - accept it and Aventail tells me that I am connected. However, accessing any page inside my company's network is only possible on Windows. On the Mac I get this page: It looks like my ISP doesn't know how to redirect me? Maybe something about my DNS being set incorrectly on the Mac? Our helpdesk has been completely useless.

  Read the article

• Apache: Assign SSL server / client certs to directories

  - by Daniel Amaya

  I have multiple directories on my system, e.g., /var/www/dir1 /var/www/dir2 /var/www/dir3 And what I'd like to do is to generate a server/client SSL certificate for each directory, and then set up each directory such that the client cert must match the server cert in order to access said directory. Now, if someone has the client cert for /var/www/dir2 and they try to access /var/www/dir1, they will be unable to do so since those directories use different certs. Each of these directories is hosted on the same domain (i.e., domain.com/dir1, domain.com/dir2). Now, the problem I am having is that I am not exactly sure how to accomplish this in Apache. (Also, I don't really care for domain.com to require SSL, but I do want the directories to require it.)

  Read the article

• ASP.NET directories blocked from VisualSVN Server behind reverse proxy in IIS 6

  - by user143344

  I’ve got VisualSVN Server running behind a reverse proxy in IIS 6, Windows Server 2003. This isn’t ideal, but for the main web app on the server I’ve only got one IP address and SSL certificate available. Everything works except for when trying to commit to or browse the default ASP.NET directories (App_Browsers, App_Code, App_Data). SVN commits fail for these directories – which I believe is because IIS will never serve them by default. The reverse proxy uses a virtual directory in IIS – is there a change I can make in the web.config for this virtual directory to get around the issue?

  Read the article

• Two SSL certs for a domain in DirectAdmin

  - by Bart van Heukelom

  If I were to get 2 SSL certificates, one for example.com and one for www.example.com, is there a way to install them both on the site example.com in DirectAdmin? The default interface only allows installing one for both versions. If not, can I separate the 2 domains into 2 sites? One of them would only be a redirection, so there wouldn't be any duplication of site files. (Please don't answer with "one certificate should work for both". It doesn't always. This is a DirectAdmin question)

  Read the article

• Is it secure to store the cert/key on a private AMI?

  - by Phillip Oldham

  Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

  Read the article

< Previous Page | 65 66 67 68 69 70 71 72 73 74 75 76  | Next Page >