Search Results

Search found 2183 results on 88 pages for 'dbconsole certificate expiry'.

Page 69/88 | < Previous Page | 65 66 67 68 69 70 71 72 73 74 75 76  | Next Page >

• OpenLDAP server logs filled with "TLS negotiation failure"

  - by WildVelociraptor

  I recently migrated an old OpenLDAP setup to a newer server, with a more robust certificate setup. Currently, most hosts are required to verify the cert matches the host: tls_checkpeer yes TLS_REQCERT always In the server logs, there are multiple occurences of: Nov 6 10:45:08 <servername> slapd[1773]: conn=2785646 fd=35 closed (TLS negotiation failure) These errors appear from multiple hosts, but there don't seem to be any issues actually logging into those servers with an LDAP account. Does anyone know what would cause these errors? The server is running Ubuntu 12.04.2, and OpenLDAP version 2.4.28. The cert was generated using GnuTLS.

  Read the article

• CA and VPN setup

  - by Raj

  We are a small comany about 20 employees. We have some off site some i houser servers. Where should I install CA? On a domain controller or VM? can I obtain my own certificate for MS VPN? Where should I install MS vpn server? can I install on VM CA server? Do I need to open any ports on Firewall? Please send me or direct me to a web site where I can get setip by step installation instructions. Thanks.

  Read the article

• DNS name not on cert

  - by blsub6

  I've got an interesting one... My users have always typed in 'mail' to get to their mail. There was an internal DNS A record that resolved that to the IP of the mail server. I'm putting in an Exchange server to replace that. In order for people to get their mail, I try putting in an A record that does the same thing as the previous one. When I try to get to OWA, it tells me that the certificate on the server is not trusted. I only have the names: mail.mydomain.com autodiscover.mydomain.com autodiscover.mydomain.internal mydomain.internal mailserver.mydomain.internal so when the browser sees that this cert is trying to cover https://mail/owa it says the cert's not trusted. What amy I supposed to do about that?

  Read the article

• racoon-tool doesn't generate full racoon.conf file in /var/lib/racoon/racoon.conf

  - by robthewolf

  I am using ipsec-tools/racoon to create my VPN. I am using racoon-tool to configure racoon.conf but when I run racoon-tool reload it only generates the first section - Global items. When I run racoon-tool I get: # racoon-tool reload Loading SAD and SPD... SAD and SPD loaded. Configuring racoon...done. This is the entire file /var/lib/racoon/racoon.conf # # Racoon configuration for Samuel # Generated on Wed Jan 5 21:31:49 2011 by racoon-tool # # # Global items # path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; log debug; I cannot find anywhere a solution as to why this is happening. Please help

  Read the article

• How to setup external mail addresses without external autodiscover tries?

  - by Tarnschaf

  We have a little Exchange/Outlook installation here that fetches the mails from our provider with POP3. Now to be able to send emails outside our organisation, I added another SMTP address to the Exchange User: [email protected] (Default / Reply Address) [email protected] Sending email works using the default address. But now there is an error message each time we start Outlook. Outlook tries to autodiscover using autodiscover.ourcompany.com which doesn't exist. Our autodiscover files are placed on our local server. I think all the servers are discovers, because everything works as expected. Everything except the error message on each Outlook start. (The error message is actually because of an invalid certificate but I don't see why Outlook should contact an external host at all!) So how can I solve this? Forcing Autodiscover on every Outlook client to use the local hosts? Or ist there an even better way?

  Read the article

• Nginx. How do I reject request to unlisted ssl virtual server?

  - by Osw

  I have a wildcard SSL certificate and several subdomains on the same ip. Now I want my nginx to handle only mentioned server names and drop connection for others so that it'd look like nginx is not running for unlisted server names (not responding, rejecting, dead, not a single byte in response). I do the following ssl_certificate tls/domain.crt; ssl_certificate_key tls/domain.key; server { listen 1.2.3.4:443 ssl; server_name validname.domain.com; // } server { listen 1.2.3.4:443 ssl; server_name _; // deny all; // return 444; // return 404; //location { // deny all; //} } I've tried almost everything in the last server block, but no success. I get either valid response from known virtual server or error code. Please help.

  Read the article

• Adding HTTPS capability to WAMPSERVER 2

  - by abel

  I have WampServer 2 installed on my WinXP Pro SP3 box, Apache 2.2.11 with ssl module enabled, which runs the comnpanies intranet website. http://www.akadia.com/services/ssh_test_certificate.html gives some pointers of generating a self signed certificate. But I encounter a error while running through the example openssl genrsa -des3 -out server.key 1024 where openssl.exe is located under C:\wamp\bin\apache\Apache2.2.11\bin The error code that gets generated is 4828:error:02001015:system library:fopen:Is a directory:.\crypto\bio\bss_file.c: 126:fopen('d:/test/openssl098kvc6/openssl.cnf','rb') 4828:error:2006D002:BIO routines:BIO_new_file:system lib:.\crypto\bio\bss_file.c :131: 4828:error:0E078002:configuration file routines:DEF_LOAD:system lib:.\crypto\con f\conf_def.c:199: Where am I going wrong?

  Read the article

• How to handle user accounts for many sites running on same server

  - by Simon Courtenage

  Background to this question: I want to host multiple e-commerce sites on the same server, each with their own separate customer login application. Each site's login application needs to be secured by SSL. I'm unsure how best to handle this. For example, do I need to acquire a separate SSL certificate for each site (in which case, how do I do this dynamically, as the sites are created), or do I handle this using ONE login gateway-style application, which handles it on behalf of all the sites via a kind of transparent redirect? I'd be grateful for any pointers or advice. Thanks.

  Read the article

• Multiple SSL domains on the same IP address and same port?

  - by johnlai2004

  I set up an ubuntu 9.10 - apache2 - php5 server. I was under the impression that each valid SSL certificate (no domain wild cards) required it's own unique IP address and port number combination. But the answer to a previous question I posted is at odds with this claim: http://serverfault.com/questions/109766/ssl-site-not-using-the-correct-ip-in-apache-and-ubuntu Using the accepted answer, I was able to get multiple domains, each with it's own valid SSL to work on the same IP address and on port 443. I am very confused as to why the above answer works, especially after hearing from others that each SSL domain website on the same server requires its own IP+port combination. I am suspicious that I did something wrong. Can someone clear up the confusion? Websites currently using different SSL but on the same IP and Port are: https://www.yummyskin.com/ https://staging.bossystem.org/

  Read the article

• Linux - How to manage the password of root?

  - by Jonathan Rioux

  We have just deployed a couple of Linux server. Each sysadmin will have his own account on the server (i.e.: jsmith), and will connect using SSH with a certificate which will be put into the "authorized_keys" file in their home directory. Once connected on the server, if they want to issue an elevated command, they will do like: sudo ifconfig They will then enter the root password. What I would like to know now are the best practices in managing that root password. Should I change it periodicaly? And how do I share that new password with the sysadmins? **Of course I will disable the root logon in SSH.

  Read the article

• Connecting to a LDAPS server

  - by Pavanred

  I am working on a development machine and I am trying to connect to my LDAP server. This is what I do - telnet ldaps- 686 then the response is - Could not open connection to the host on port 686 : connect failed But, the strange part is when I connect to my server - telnet ldap- 389 then the connection is successful. My question is, why does this happen? Do I have to install SSL certificate on the client machine where I make the call from? I do not know much about this. I know for a fact that the LDAP server is working fine because other applications are successfully using it currently.

  Read the article

• Puppet claims to be unable to resolve domains even if domain properly resolves

  - by gparent

  I have a fairly simple puppet setup, one master and one node, both running Debian Squeeze 6.0.4. I have DNS entries for the two machines, client and master respectively. Both client and master's DNS entries resolve correctly on both machines to the right IPs. On my client, I have this configuration: [main] server = master.example.org logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true templatedir=/var/lib/puppet/templates Key exchange seems to fail, according to this messages in /var/log/syslog: localhost puppet-agent[11364]: Could not request certificate: getaddrinfo: Name or service not known Why is resolution not working only for puppet?

  Read the article

• Why do I get "Permission denied (publickey)" when trying to SSH from local Ubuntu to a Amazon EC2 se

  - by Vorleak Chy

  I have an instance of an application running in the cloud on Amazon EC2 instance, and I need to connect it from my local Ubuntu. It works fine on one of local ubuntu and also laptop. I got message "Permission denied (publickey)" when trying to access SSH to EC2 on another local Ubuntu. It's so strange to me. I'm thinking some sort of problems with security settings on the Amazon EC2 which has limited IPs access to one instance or certificate may need to regenerate. Does anyone know a solution?

  Read the article

• Recommendation for a non-standard SSL port

  - by onurs

  Hey guys, On our server I have a single IP, and need to host 2 different SSL sites. Sites have different owners so have different SSL certificates, and can't share the same certificate with SAN. So as a last resort I have modified the web application to give the ability to use a specified port for secure pages. For its simple look I used port 200. However I'm worried about some visitors may be unable to see the site because of their firewalls / proxies blocking the port for ssl connections. I heard some people were unable to see the website, a home user and someone from an enterprise company, don't know if this was the reason. So, any recommendations for a non-standard SSL port number (443 is used by the other site) which may work for visitors better than port 200 ? Like 8080 or 8443 perhaps? Thanks!

  Read the article

• Long string insertion with sed

  - by Luis Varca

  I am trying to use this expression to insert the contents of one text file into another after a give string. This is a simple bash script: TEXT=`cat file1.txt` sed -i "/teststring/a \ $TEXT" file2.txt This returns an error, "sed: -e expression #1, char 37: unknown command: `M'" The issue is in the fact that the contents of file1.txt are actually a private certificate so it's a large amount of text and unusual characters which seems to be causing an issue. If I replace $TEXT with a simple ASCII value it works but when it reads the large content of file1.txt it fails with that error. Is there some way to carry out this action? Is my syntax off with sed or my quote placement wrong?

  Read the article

• PHP does not allow https connections

  - by FunkyChicken

  Hey guys im running PHP 5.4.0 and I cannot cURL nor files_get_content() https connections. Using curl in a PHP script shows: [root@ns1]# /opt/php/bin/php -q test.php * About to connect() to www.google.com port 443 * Trying 74.125.225.210... * connected * Connected to www.google.com (74.125.225.210) port 443 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Segmentation fault Using file_get_contents() shows: Warning: file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in /test.php OpenSSL and OpenSSL-devel are installed, and PHP is also configured with cURL support for SSL connections. See: http://i.imgur.com/ExAIf.png Any idea what might be going wrong? Further info: CentOS 5.8(64) with Nginx 1.2.4

  Read the article

• Remote Desktop Connection over VPN on mac

  - by Diego Faria

  I'm trying to connect to a Windows computer on over a VPN connection using Remote Desktop connection. I opened Network on mac and created a new connection. Interface: VPN. VPN Type: PPTP. I filled the inputs for server address, account name, password and applied. I connect the VPN and it connects. I open Remote Desktop Connection and put the IP of the machina i want to connect but it dont connect, a problem occurs saying that the machina may be turned off and etc. But in a windows machine I can connect there and the machine is up and running. On my mac I ping to the ip address that a want to connect and it has no response. I think that the vpn have a problem, is there a way for me to certificate that i am on the vpn network ? Whats going on?

  Read the article

• Apache + plesk vhost problem: .htaccess ignored!

  - by DaNieL

  Hi guys, i have a problem with a simple apache configuration. When the user ask for https://mydomain.com i have to redirect it to https://www.mydomain.com, becose my https certificate is valid just for the domain with www. I create the vhost.conf into my /var/www/vhosts/mydomain.com/conf/ directory, with inside: <Directory /var/www/vhosts/mydomain.com/httpsdocs> AllowOverride All </Directory> And my .htaccess file into the /var/www/vhosts/mydomain.com/httpsdocs/ is: RewriteEngine on RewriteCond %{HTTPS_HOST} ^mydomain\.com RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] But seem like the .htaccess is completely ignored. Any idea?

  Read the article

• SSL client auth in nginx with multiple server section

  - by Bastien974

  I want to implement ssl_verify_client in nginx. This works perfectly when I only have one server section, which listen to 443. In my case I have multiple, all listening on 443 but to different server_name. For one particular server (proxy.mydomain.com), I'm adding the SSL client verify, but when I test the connectivity with openssl s_client -connect proxy.mydomain.com:443 -cert xxx.crt -key xxx.key and then do a GET / HTTP/1.1 host: proxy.mydomain.com It's not working, 400 No required SSL certificate was sent I think nginx is not receiving the proper server_name and is directing it to the first server listening to 443. So I tried to listen on another port and it worked right away. What's the issue and how can I fix it ?

  Read the article

• Is it secure to store the cert/key on a private AMI?

  - by Phillip Oldham

  Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

  Read the article

• proftpd - TLS connection hangs authenticating

  - by greydet

  I setup a proftpd server that uses TLS/SSL certificate for authentication. Everything works well when I connect through lftp or Filezilla (with explicit connection). But once I attempt connecting with simple ftp connection from Filezilla, the USER command ends with the 550 response (SSL/TLS required). After that any further connection through lftp or Filezilla (with explicit connection) will hang authenticating. Anyone knows how to workaround this issue? Is there a way to ask Filezilla to automatically use TLS/SSL if required? I am using Ubuntu server 10.04 with proftpd 1.3.2c. There is no error message in the log files.

  Read the article

• Aventail VPN connection doesn't work

  - by Warlax

  I installed the Aventail VPN client on both the Mac and a Windows 7 machine, both on my home network. When I try to connect one or the other (I make sure one is disconnected before connecting through the other machine), I get a connection and view the correct certificate - accept it and Aventail tells me that I am connected. However, accessing any page inside my company's network is only possible on Windows. On the Mac I get this page: It looks like my ISP doesn't know how to redirect me? Maybe something about my DNS being set incorrectly on the Mac? Our helpdesk has been completely useless.

  Read the article

• Why won't IE let users login to a website unless in In Private mode?

  - by Richard Fawcett

  I'm not entirely sure this belongs on SuperUser.com. I also considered ServerFault.com and StackOverflow.com, but on balance, I think it should belong here? We host a website which has the same code responding to multiple domain names. On 28th December (without any changes deployed to the website) a percentage of users suddenly could not login, and the blank login page was just rendered again even when the correct credentials were entered. The issue is still ongoing. After remote controlling an affected user's PC, we've found the following: The issue affects Internet Explorer 9. The user can login from the same machine on Chrome. The user can login from an In Private browser session using IE9. The user can login if the website is added to the Trusted Sites security zone. The user can NOT login from an IE session in safe mode (started with iexplore -extoff). Only one hostname that the website responds to prevents login, the same user account on the other hostname works fine (note that this is identical code and database running server side), even though that site is not in trusted sites zone. Series of HTTP requests in the failure case: GET request to protected page, returns a 302 FOUND response to login page. GET request to login page. POST to login page, containing credentials, returns redirect to protected page. GET request to protected page... for some reason auth fails and browser is redirected to login page, as in step 1. Other information: Operating system is Windows 7 Ultimate Edition. AV system is AVG Internet Security 2012. I can think of lots of things that could be going wrong, but in every case, one of the findings above is incompatible with the theory. Any ideas what is causing login to fail? Update 06-Jan-2012 Enhanced logging has shown that the .ASPXAUTH cookie is being set in step 3. Its expiry date is 28 days in the future, its path is /, the domain is mysite.com, and its value is an encrypted forms ticket, as expected. However, the cookie is not being received by the web server during step 4. Other cookies are being presented to the server during step 4, it's just this one that is missing. I've seen that cookies are usually set with a domain starting with a period, but mine isn't. Should it be .mysite.com instead of mysite.com? However, if this was wrong, it would presumably affect all users?

  Read the article

• ASP.NET directories blocked from VisualSVN Server behind reverse proxy in IIS 6

  - by user143344

  I’ve got VisualSVN Server running behind a reverse proxy in IIS 6, Windows Server 2003. This isn’t ideal, but for the main web app on the server I’ve only got one IP address and SSL certificate available. Everything works except for when trying to commit to or browse the default ASP.NET directories (App_Browsers, App_Code, App_Data). SVN commits fail for these directories – which I believe is because IIS will never serve them by default. The reverse proxy uses a virtual directory in IIS – is there a change I can make in the web.config for this virtual directory to get around the issue?

  Read the article

• Apache: Assign SSL server / client certs to directories

  - by Daniel Amaya

  I have multiple directories on my system, e.g., /var/www/dir1 /var/www/dir2 /var/www/dir3 And what I'd like to do is to generate a server/client SSL certificate for each directory, and then set up each directory such that the client cert must match the server cert in order to access said directory. Now, if someone has the client cert for /var/www/dir2 and they try to access /var/www/dir1, they will be unable to do so since those directories use different certs. Each of these directories is hosted on the same domain (i.e., domain.com/dir1, domain.com/dir2). Now, the problem I am having is that I am not exactly sure how to accomplish this in Apache. (Also, I don't really care for domain.com to require SSL, but I do want the directories to require it.)

  Read the article

< Previous Page | 65 66 67 68 69 70 71 72 73 74 75 76  | Next Page >