apache, certificate and unmatched ID
Seeing
[ssl:warn] … AH01909: $HOSTNAME:443:0 server certificate does NOT include an ID which matches the server name
in your log? Check for any _default_
VirtualHosts:
<VirtualHost _default_:443>
Seeing
[ssl:warn] … AH01909: $HOSTNAME:443:0 server certificate does NOT include an ID which matches the server name
in your log? Check for any _default_
VirtualHosts:
<VirtualHost _default_:443>
Is your unreclaimable SLAB usage on CentOS 8 growing when running the Check_MK agent on it? See Werk#10070
We have seen cases in which the parameter “KillMode=process” of the unit file “check_mk@.service” causes a memory leak. […] To fix this, the parameter “KillMode=process” was changed to “Type=forking”.
Also systemd#6567 and debian#940021.
On Windows, and need to generate a certificate chain to a server? This script creates one file per certificate in the chain:
$destination = 'foo'
$webRequest = [Net.WebRequest]::Create(https:// + $destination)
$webRequest.AllowAutoRedirect = $FALSE
$webRequest.Method = 'HEAD'
$webRequest.Timeout = 1000
try {
"Connecting to $destination... " | Write-Host -NoNewline
$webRequest.GetResponse().HResult | Write-Host
}
catch [System.Net.WebException] {
$_.Exception.Status | Write-Host
if ( $_.Exception.Status -ne 'Timeout' ) {
throw $_
}
}
"Building certificate chain..." | Write-Host
$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
$chain.build( $webRequest.ServicePoint.Certificate ) | Out-Null
$contentType = [Security.Cryptography.X509Certificates.X509ContentType]::Cert
"Saving..." | Write-Host
# Skip server certificate
$chain.ChainElements.Certificate | Select-Object -Skip 1 | ForEach-Object {
set-content `
-value $( $_.Export( $contentType ) ) `
-path "$pwd\$( $_.Thumbprint ).cer" `
-encoding byte
$_
} | Format-Table | Out-String | Write-Host
Playing with FreeIPA? Recreating the CA? Firefox complaining about
SEC_ERROR_REUSED_ISSUER_AND_SERIAL
? Can’t find the certificate via Preferences
/ Privacy & Security / Certificates?
Try deleting it via CLI:
certutil -L -d <folder/to/cert8.db> | grep -i ipa
certutil -D -d <folder/to/cert8.db> -n <nickname>
Migrating from MySQL to MariaDB on Ubuntu? MariaDB not starting? There may be an old AppArmor Profile in the way. Or mysql.service and mariadb.service may both be enabled.
Trying to talk to AD via ldaps://
and -Y GSSAPI
? Getting
sb_sasl_generic_pkt_length: received illegal packet length of 813957120 bytes
According to Microsofts Open Specification: 5.1.1.1.2 SASL Authentication:
While Active Directory permits SASL binds to be performed on an SSL/TLS-protected connection, it does not permit the use of SASL-layer encryption/integrity verification mechanisms on such a connection.
Also passing -O "maxssf=0,minssf=0"
to ldapsearch
works for me.
See redhat:4661861, lp:#1015819, cyrus-sasl:#419, cyrus-sasl:#603.
Trying to talk to Jenkins while authenticating with Kerberos and getting
GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept
Using requests_gssapi and specifying SPNEGO
:
import gssapi
import requests
from requests_gssapi import HTTPSPNEGOAuth
login = 'http://jenkins/login'
job = 'http://jenkins/view/.../job/.../'
# GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept
spnego = gssapi.mechs.Mechanism.from_sasl_name("SPNEGO")
s = requests.Session()
rl = s.get( login, auth=HTTPSPNEGOAuth( mech=spnego ) )
rj = s.get( job )
works for me.
Trying to use -Y GSSAPI
when ldapsearching Active Directory and getting:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success)
Does the host’s IP address you try to connect to not resolve back to it’s name, for example:
ldapsearch -H ldap://gc.local/
gc.local has address 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer foo.local.
foo.local has address 192.168.0.1
Try using the other name: ldapsearch -H ldap://foo.local/
Is Artifactory not starting when you specify Jolokia as a javaagent? Do you see
error opening zip or jar manifest missing
in your log? Unpacking jolokia.jar, copying ./META-INF/MANIFEST.MF
to ./
and
repacking helped me.
Getting Unable to interpret /usr/bin/free output
? Make sure your locale is not
set to something weird, e.g. not C.