Seeing

[ssl:warn] … AH01909: $HOSTNAME:443:0 server certificate does NOT include an ID which matches the server name

in your log? Check for any _default_ VirtualHosts:

<VirtualHost _default_:443>

Is your unreclaimable SLAB usage on CentOS 8 growing when running the Check_MK agent on it? See Werk#10070

We have seen cases in which the parameter “KillMode=process” of the unit file “check_mk@.service” causes a memory leak. […] To fix this, the parameter “KillMode=process” was changed to “Type=forking”.

Also systemd#6567 and debian#940021.

On Windows, and need to generate a certificate chain to a server? This script creates one file per certificate in the chain:

$destination = 'foo'

$webRequest = [Net.WebRequest]::Create(https:// + $destination)
$webRequest.AllowAutoRedirect = $FALSE
$webRequest.Method = 'HEAD'
$webRequest.Timeout = 1000

try {
    "Connecting to $destination... " | Write-Host -NoNewline
    $webRequest.GetResponse().HResult | Write-Host
}
catch [System.Net.WebException] {
    $_.Exception.Status | Write-Host

    if ( $_.Exception.Status -ne 'Timeout' ) {
        throw $_
    }
}

"Building certificate chain..." | Write-Host
$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
$chain.build( $webRequest.ServicePoint.Certificate ) | Out-Null

$contentType = [Security.Cryptography.X509Certificates.X509ContentType]::Cert

"Saving..." | Write-Host
# Skip server certificate
$chain.ChainElements.Certificate | Select-Object -Skip 1 | ForEach-Object {
    set-content `
        -value $( $_.Export( $contentType  ) ) `
        -path "$pwd\$( $_.Thumbprint ).cer" `
        -encoding byte

    $_
} | Format-Table | Out-String | Write-Host

Playing with FreeIPA? Recreating the CA? Firefox complaining about SEC_ERROR_REUSED_ISSUER_AND_SERIAL? Can’t find the certificate via Preferences / Privacy & Security / Certificates?

Try deleting it via CLI:

certutil -L -d <folder/to/cert8.db> | grep -i ipa
certutil -D -d <folder/to/cert8.db> -n <nickname>

Migrating from MySQL to MariaDB on Ubuntu? MariaDB not starting? There may be an old AppArmor Profile in the way. Or mysql.service and mariadb.service may both be enabled.

Trying to talk to AD via ldaps:// and -Y GSSAPI? Getting

sb_sasl_generic_pkt_length: received illegal packet length of 813957120 bytes

According to Microsofts Open Specification: 5.1.1.1.2 SASL Authentication:

While Active Directory permits SASL binds to be performed on an SSL/TLS-protected connection, it does not permit the use of SASL-layer encryption/integrity verification mechanisms on such a connection.

Also passing -O "maxssf=0,minssf=0" to ldapsearch works for me.

See redhat:4661861, lp:#1015819, cyrus-sasl:#419, cyrus-sasl:#603.

Trying to talk to Jenkins while authenticating with Kerberos and getting

GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept

Using requests_gssapi and specifying SPNEGO:

import gssapi
import requests
from requests_gssapi import HTTPSPNEGOAuth

login = 'http://jenkins/login'
job = 'http://jenkins/view/.../job/.../'

# GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept
spnego = gssapi.mechs.Mechanism.from_sasl_name("SPNEGO")

s = requests.Session()

rl = s.get( login, auth=HTTPSPNEGOAuth( mech=spnego ) )
rj = s.get( job )

works for me.

Trying to use -Y GSSAPI when ldapsearching Active Directory and getting:

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success)

Does the host’s IP address you try to connect to not resolve back to it’s name, for example:

ldapsearch -H ldap://gc.local/

gc.local has address 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer foo.local.
foo.local has address 192.168.0.1

Try using the other name: ldapsearch -H ldap://foo.local/

Is Artifactory not starting when you specify Jolokia as a javaagent? Do you see

error opening zip or jar manifest missing

in your log? Unpacking jolokia.jar, copying ./META-INF/MANIFEST.MF to ./ and repacking helped me.

Getting Unable to interpret /usr/bin/free output? Make sure your locale is not set to something weird, e.g. not C.