LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-30-2003, 04:35 PM   #31
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30

Quote:
Originally posted by markstevens
well let's see.


My big question here is .... which Certificate is it talking about? The server certificate or the CA?

Its refferring to the certificate that is provided to the client which is in fact the Certificate that would be held by the third party CA for distribution.
 
Old 07-30-2003, 04:42 PM   #32
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Rep: Reputation: 15
well it is the end of the day for me... I will perhaps give this one more shot tomorrow.

I guess after everything I have read I still do not understand what is trying to happen here. This after 7 different how to's and several different read me files.

So what you are saying is that the CA is what is not matching?

OK... let me throw this out there.

I created a Certificate of Authority. Then I created a certificate/key (.pem) to be used with sendmail... I then created a certificate from that which was signed by my CA.

So I have: CAcert.pem mycert.pem and mykey.pem

Sendmail is configured to look for the CA as CAcert.pem, the server and client Certificate as mycert.pem and the server and client key as mykey.pem.

Does any of that help?
 
Old 07-30-2003, 04:44 PM   #33
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
mycertificate.pems CN is not matching DNS of server
 
Old 07-30-2003, 05:25 PM   #34
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
I never install anything through RPM so I can't help you with the compile options. Most apps leave a log file so that you can re-configure quickly.

Good luck.

BTW - our company dropped sendmail some time ago for security reasons. Our qmail system has passed all security audits...not suggesting you change course at this point, just a response to your comment about security and the net.

No MS servers are allowed in our building, aside from our testing labs as our apps are platform independent - those don't have internet access...
 
Old 07-31-2003, 08:44 AM   #35
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Rep: Reputation: 15
Well the good news and the bad... The bad news first... I was just informed that the president of the company has, against my continued objection, dictated that the company will use full version outlook and exchange mail server so that he can have the calendar feature and so that he can pay some company to send out spam on our behalf to past, current, and future clients...

What a wonderful world we live in...

The good news... I am going to keep going on this until I get it to work. I have actually thought about switching to qmail but now that we are going the WRONG way with e-mail I will pass.

Oh well day 5 of STARTTLS...
 
Old 07-31-2003, 10:39 AM   #36
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
Why do people who have no comprehension of systems etc. end up having the final say on technical issues?????

He could quite easily still use Outlook with a Sendmail server.

Thats a tough break. I know I wouldnt be too happy. But hope you get the TLS stuff sorted.

Dai
 
Old 07-31-2003, 10:55 AM   #37
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
Quote:
Why do people who have no comprehension of systems etc. end up having the final say on technical issues?????
$$$

The only reason we were relieved of our M$ burden was the cost associated with nimda and a few other nasties. We happen to have a lot of in-house systems expertise, so the fear of deploying opensource was much less.

I think you lose some of the collaboration/workflow capabilities (shared calendars, etc) if you only use sendmail, without exchange on the backend, but I could be wrong.
 
Old 07-31-2003, 11:00 AM   #38
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Rep: Reputation: 15
Quote:
Originally posted by cyberskye
$$$

The only reason we were relieved of our M$ burden was the cost associated with nimda and a few other nasties. We happen to have a lot of in-house systems expertise, so the fear of deploying opensource was much less.

I think you lose some of the collaboration/workflow capabilities (shared calendars, etc) if you only use sendmail, without exchange on the backend, but I could be wrong.
My final statement to the president was... "This company will not survive a NIMBDA attack. We will go under should we become the victims of such an attack. "

You are correct about the collaboration which is 40% of the reason he wants it.

His reason
40% collaboration
25% my friends all use it
35% Every other company in the world is using it.

Hmmm so he has talked to every other company in the world? yeah right...

Anyway... so far no luck... I have having trouble identifying what my mail client must think is the name of the destination domain... so I am trying a lot of variations... too much typing...
 
Old 07-31-2003, 11:24 AM   #39
markstevens
Member
 
Registered: Jun 2003
Posts: 86

Rep: Reputation: 15
ok some of the how tos have 4 lines that are supposed to be added... here is the snippet...

--------------------------------------------------------------------------------
Add the following lines (modifying the paths as appropriate). If your OpenSSL install is someplace searched by your compiler by default, then the confINCDIRS and confLIBDIRS lines are not necessary.

dnl Stuff for TLS
APPENDDEF(`confINCDIRS', `-I/usr/local/include')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')

--------------------------------------------------------------------------------

Ok so I don't know if my OpenSSl is installed in someplace searched by my compliler by default.

But the question I have is... Do these four lines go in the sendmail.mc file or the openssl.cnf file?

Thanks..

I did notice that I do not have a .randnum file where openssl.cnf is looking for it...
 
Old 01-02-2004, 09:42 AM   #40
Cenobyte
LQ Newbie
 
Registered: Jan 2004
Posts: 3

Rep: Reputation: 0
Re: Quick OpenSSL how to

==============================================
1. Creating RSA Private Key using random bit pattern (-des3 adds a tripled des encrypted password of your choice to protect private key).

#openssl genrsa –des3 -rand /dev/urandom -out private.key

I'm running slack 8.1 and trying with no luck to get ssl working.
I entered this command and it just hung there. How long does it take to generate
the key. I'm on a 1.7 GHz machine with plenty of RAM. Should it only take a few seconds, or should I wait like 15 minutes?
 
Old 01-02-2004, 03:43 PM   #41
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Original Poster
Rep: Reputation: 30
That looks like you dont have a functioning urandom "device" try pointing the path to a Kernel image file that should suffice in providing a random bit pattern.

Hope that helps
 
Old 02-10-2005, 10:21 AM   #42
eech55
LQ Newbie
 
Registered: Aug 2004
Posts: 23

Rep: Reputation: 15
simple how-to.. but really nice .. although i am registered here before.. but i found this link from a google search .. hehe.

i liked it.. simple and useful..



but one thing i want to know.. your encryption is 512 bit strong.. and i am sure there are better.. i cant remember the number.. do you know other bits? and how to do them? and where to use them?


thanks in advance
 
Old 12-23-2005, 01:31 PM   #43
Manjunath
LQ Newbie
 
Registered: Dec 2005
Posts: 1

Rep: Reputation: 0
please help me to configure telnet in redhat linux9.

regards
Manju
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL and its wonder Swakoo Linux - Newbie 9 03-22-2006 07:41 AM
Openssl velan Programming 1 05-16-2005 12:28 AM
OpenSSL Chiel Linux - Newbie 1 09-03-2004 04:52 PM
openssl abdullahgee Linux - Security 2 06-04-2004 01:36 PM
OpenSSL 0.9.6k kojiroh Solaris / OpenSolaris 2 10-09-2003 10:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration