I have a website that was set up to use https using a certificate from Let's Encrypt. I am trying to add that certificate to a keystore to use https with a dropwizzard API. The problem I am having is that there are multiple certificates.
My question is how can I figure out which of the certificates my website uses so that I could use that for the API as well?
In /etc/ssl/certs this is what shows up:
lrwxrwxrwx 1 root root 49 Nov 20 2017 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-rw-r--r-- 1 root root 885625 Apr 12 00:27 ca-bundle.crt.rpmnew
lrwxrwxrwx 1 root root 55 Nov 20 2017 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- 1 root root 1059673 Apr 12 00:27 ca-bundle.trust.crt.rpmnew
-rw------- 1 root root 1586 Dec 15 2017 localhost.crt
-rwxr-xr-x 1 root root 610 Aug 17 17:16 make-dummy-cert
-rw-r--r-- 1 root root 2516 Aug 17 17:16 Makefile
-rwxr-xr-x 1 root root 829 Aug 17 17:16 renew-dummy-cert
After looking more closely at the config files like Patrick had suggested I found the config file in /etc/httpd/conf.d/ssl.conf that had the path to where the certificate and private key were.
You can have a look at your vhost file to see the path to the physical ssl cert files being used by the website. The vhost is likely going to be at /etc/apache2/sites-available/ .
Related
I am testing python code performance with uvloop. I am getting 'uvloop' has no attribute 'EventLoopPolicy' error.
I am using python 3.7 and
uvloop 0.13.0
pycharm
I tried changing interpreter reinstalling uvloop but none of them did not work.
Can anyone suggest what is the problem?
Rename your own file to something else than uvloop.py, such as test_uvloop.py.
You're confusing Python's import machinery by having your own file the same name as the library you're trying to use.
I see that you're on a Mac, but I just fixed this problem on my CentOS7.x server by properly setting permissions to the uvloop Python package. It's pesky because (at least on CentOS) some pip-installed Python packages go in /usr/local/lib/python3.7/site-packages and some go in /usr/local/lib64/python3.7/site-packages.
Check out what the files in my lib64 directory looked like before I fixed it:
me#myserver /usr/local/lib64/python3.7/site-packages
$ ll
total 16
drwxr-xr-x. 3 root root 4096 Jan 17 15:38 click
drwxr-xr-x. 2 root root 134 Jan 17 15:38 Click-7.0.dist-info
drwxr-x---. 4 root root 74 Jan 17 15:42 httptools
drwxr-x---. 2 root root 141 Jan 17 15:42 httptools-0.0.13-py3.6.egg-info
drwxr-x---. 3 root root 4096 Jan 17 15:43 pydantic
drwxr-x---. 2 root root 111 Jan 17 15:43 pydantic-1.3.dist-info
drwxr-x---. 5 root root 4096 Jan 17 15:43 uvloop
drwxr-x---. 2 root root 141 Jan 17 15:43 uvloop-0.14.0-py3.6.egg-info
drwxr-xr-x. 4 root root 4096 Jan 17 15:38 websockets
drwxr-xr-x. 2 root root 134 Jan 17 15:38 websockets-8.1.dist-info
Unless I was running as a root user the uvloop files are untouchable and that's what caused the error. On your Mac, try to find where your uvloop package is installed and make sure your script can access it.
i setup a kubernetes cluster on azure with the azure-container-service cli (az acs create). The cluster is up and running and it seems to work fine. Now I want to sign client certificates with my kubernetes CA which was created on installation. In my understanding i need the ca certificate (which is hand over to the kubernetes api server with --client-ca-file=) and the private key from this ca file to sign a new client certificate. The Problem is I can't find the private key for my CA file.
Where can i find the private key?
Can i sign client certs for my developer without this private key?
Is the setup process of azure-container-service broken when the private key is lost?
Are these the one that you are looking for??
azureuser#k8s-master-9XXXXX-0:~$ ls -la /etc/kubernetes/certs/
total 28
drwxr-xr-x 2 root root 4096 Mar 14 20:59 .
drwxr-xr-x 5 root root 4096 Mar 14 20:59 ..
-rw-r--r-- 1 root root 1600 Mar 14 20:58 apiserver.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 apiserver.key
-rw-r--r-- 1 root root 1182 Mar 14 20:58 ca.crt
-rw-r--r-- 1 root root 1202 Mar 14 20:58 client.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 client.key
I have installed opendkim to my Ubuntu server 14.04.4 LTS. I have set into the postfix config to be used the opendkim previous created mail.private key.
When I try to send a mail I see the following messages into the /var/log/mai.log file
Jan 29 09:19:47 test postfix/smtpd[2427]: connect from ip6localhost[127.0.0.1]
Jan 29 09:19:47 test postfix/smtpd[2427]: 625E3E0FE7: client=ip6-localhost[127.0.0.1]
Jan 29 09:19:47 test postfix/cleanup[2431]: 625E3E0FE7: message-id=<890ba29cd6ef289c50581335723ccdb9[edited domain]>
Jan 29 09:19:47 test opendkim[1370]: can't load key from /etc/opendkim/keys/mail.private: Permission denied
Jan 29 09:19:47 test opendkim[1370]: 625E3E0FE7: error loading key 'mail._[edited domain]'
The key was stored into the folder /etc/opendkim/keys
root#test:/home/crewlog.com# ls -l /etc/opendkim
total 16
drw------- 2 opendkim opendkim 4096 Jan 29 07:49 keys
-rw-r----- 1 opendkim opendkim 891 Jan 29 07:48 mail.private
-rw------- 1 opendkim opendkim 67 Jan 29 08:01 KeyTable
-rw------- 1 opendkim opendkim 32 Jan 29 07:47 SigningTable
-rw------- 1 opendkim opendkim 81 Jan 29 07:19 TrustedHosts
I used the opendkim:opendkim user. Here is my /etc/opendkim.config file
AutoRestart Yes
AutoRestartRate 10/1h
Syslog yes
UMask 002
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
UserID opendkim:opendkim
Mode sv
OversignHeaders From
Domain [edited domain]
KeyFile /etc/opendkim/keys/mail.private
Selector mail
SOCKET inet:8891#127.0.0.1
Any help will be welcomed as I don't know what I am doing wrong
You have the mail.private in the wrong directory, it's looking in the keys directory for mail.private.
Move mail.private into the keys directory and make sure opendkim has permission to read the file.
Server: SLES v11 sp3
Kernel: 3.0.101-0.47.71-default
Arch: x86_64
So I am trying to build a src package and when I run the "./configure" script it's throwing some errors that required packages are missing. Since it's x86_64 I thought adding "--libdir=/usr/lib64" or "--libdir=/lib64" would help it find the packages it's looking for but I get the same error either way.
The configure Script is failing with this error:
..........
...SNIP...
..........
checking for xgettext... (cached) /usr/bin/xgettext
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for GEDIT... configure: error: Package requirements (
glib-2.0 >= 2.13.0
gio-2.0 >= 2.16.0
gtk+-2.0 >= 2.13.0
gconf-2.0 >= 1.1.11
gtksourceview-2.0 >= 2.5.1
gedit-2.20 >= 2.25.4
) were not met:
No package 'glib-2.0' found
No package 'gio-2.0' found
No package 'gtk+-2.0' found
No package 'gconf-2.0' found
No package 'gtksourceview-2.0' found
No package 'gedit-2.20' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables GEDIT_CFLAGS
and GEDIT_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
I checked to make sure I actually have these packages and it seems as though I do. So I'm not sure if it's just not finding them or what... And it also seems as though I have versions of those packages >= what they are asking for, so I'm kinda stumped...
My Installed packages are:
# rpm -qa | grep -i glib-2
libglib-2_0-0-2.22.5-0.8.14.1
# rpm -qa | grep -i 'gtk2'
gtk2-32bit-2.18.9-0.35.1
gtk2-2.18.9-0.35.1
gtk2-engines-2.16.1-4.26
gtk2-branding-SLES-for-VMware-11.1-0.5.99
gtk2-engines-32bit-2.16.1-4.26
gtk2-themes-0.1-737.22
gtk2-lang-2.18.9-0.35.1
gtk2-theme-SLES-for-VMware-11.1-0.7.95
# rpm -qa | grep -i 'gio'
libgio-2_0-0-32bit-2.22.5-0.8.14.1
libgio-2_0-0-2.22.5-0.8.14.1
# rpm -qa | grep -i 'gconf2'
gconf2-2.28.0-1.8.1
gconf2-lang-2.28.0-1.8.1
# rpm -qa | grep -i 'gtksource'
gtksourceview-lang-2.8.2-0.1.195
libgtksourceview-2_0-0-2.8.2-0.1.195
python-gtksourceview-2.4.0-1.32
# rpm -qa | grep -i 'gedit'
gedit-2.28.3-0.8.1
gedit-lang-2.28.3-0.8.1
Anyone have any ideas what the issue could be here? I'm not sure what else to try..?
I had also tried installing the RPM based package but get similar errors for missing packages. See RPM Installation error below...
warning: gedit-plugins-2.28.0-2.el6.x86_64.rpm: Header V3 RSA/SHA256 signature: NOKEY, key ID c105b9de
error: Failed dependencies:
GConf2 is needed by gedit-plugins-2.28.0-2.el6.x86_64
pygobject2 is needed by gedit-plugins-2.28.0-2.el6.x86_64
pygtk2 is needed by gedit-plugins-2.28.0-2.el6.x86_64
pygtksourceview is needed by gedit-plugins-2.28.0-2.el6.x86_64
rpmlib(FileDigests) <= 4.6.0-1 is needed by gedit-plugins-2.28.0-2.el6.x86_64
If anyone has ANY thoughts or suggestions please feel free to reply, it would be much very appreciated!
Thanks in Advance,
Matt
Well I was unable to resolve those errors directly with compiling... However, we have another server with the same OS and everything that already had that package installed (which added more to my confusion why it wasn't working) so to just give it a try I copied that server's directory "/usr/lib64/gedit-2/plugins" to the one I was working on and now everything seems to be working just fine. All the plugins were able to be activated and they seem to work.!
The contents of the directory that I copied over were:
/usr/lib64/gedit-2/plugins # ll
total 700
drwxr-xr-x 4 root root 4096 Apr 28 2015 advancedfind
-rwxr-xr-x 1 root root 216 Apr 28 2015 advancedfind.gedit-plugin
-rw-r--r-- 1 root root 9856 Nov 13 2012 changecase.gedit-plugin
-rw-r--r-- 1 root root 6970 Apr 17 2014 codecomment.gedit-plugin
-rw-r--r-- 1 root root 9563 Mar 18 2014 codecomment.py
-rw-r--r-- 1 root root 8850 Apr 16 2014 codecomment.pyc
-rw-r--r-- 1 root root 8745 Mar 18 2014 codecomment.pyo
-rw-r--r-- 1 root root 18084 Nov 13 2012 docinfo.gedit-plugin
drwxr-xr-x 2 root root 4096 Jul 2 2013 externaltools
-rw-r--r-- 1 root root 9243 Nov 13 2012 externaltools.gedit-plugin
-rw-r--r-- 1 root root 8579 Nov 13 2012 filebrowser.gedit-plugin
-rw-r--r-- 1 root root 179 Apr 17 2014 gpdefs.py
-rw-r--r-- 1 root root 317 Apr 17 2014 gpdefs.pyc
-rw-r--r-- 1 root root 315 Apr 17 2014 gpdefs.pyo
-rw-r--r-- 1 root root 9654 Nov 13 2012 indent.gedit-plugin
-rwxr-xr-x 1 root root 18936 Nov 13 2012 libchangecase.so
-rwxr-xr-x 1 root root 19032 Nov 13 2012 libdocinfo.so
-rwxr-xr-x 1 root root 170256 Nov 13 2012 libfilebrowser.so
-rwxr-xr-x 1 root root 14816 Nov 13 2012 libindent.so
-rwxr-xr-x 1 root root 27320 Nov 13 2012 libmodelines.so
-rwxr-xr-x 1 root root 23248 Nov 13 2012 libsort.so
-rwxr-xr-x 1 root root 82168 Nov 13 2012 libspell.so
-rwxr-xr-x 1 root root 36104 Nov 13 2012 libtaglist.so
-rwxr-xr-x 1 root root 35840 Nov 13 2012 libtime.so
-rw-r--r-- 1 root root 9177 Nov 13 2012 modelines.gedit-plugin
drwxr-xr-x 2 root root 4096 Jul 2 2013 pythonconsole
-rw-r--r-- 1 root root 8602 Nov 13 2012 pythonconsole.gedit-plugin
drwxr-xr-x 2 root root 4096 Jul 2 2013 quickopen
-rw-r--r-- 1 root root 5719 Nov 13 2012 quickopen.gedit-plugin
drwxr-xr-x 2 root root 4096 Mar 20 2015 sessionsaver
-rw-r--r-- 1 root root 6035 Mar 20 2015 sessionsaver.gedit-plugin
drwxr-xr-x 2 root root 4096 Jul 2 2013 snippets
-rw-r--r-- 1 root root 8805 Nov 13 2012 snippets.gedit-plugin
-rw-r--r-- 1 root root 9235 Nov 13 2012 sort.gedit-plugin
-rw-r--r-- 1 root root 9416 Nov 13 2012 spell.gedit-plugin
-rw-r--r-- 1 root root 16794 Nov 13 2012 taglist.gedit-plugin
-rw-r--r-- 1 root root 11861 Nov 13 2012 time.gedit-plugin
And since all these plugins seem to be working without any issuse I guess the configure script was wrong about the missing requirements as I had thought...
Thanks anyways....!
Hello I am trying to setup Joomla. When I try to change some settings through the Global Settings Manager, and then save, I keep getting and error saying I can't write to that file.
I have tried playing around with the settings and file permissions even changing them to 755, and it still won't let me write to the file.
I have the owner set to 'root.root' and am running Fedora 18.
I have it installed on localhost, and not through FTP.
Why can't I write to these files (like configuration.php), is there something I am missing?
Joomla does not tell me what file I am trying to write to, but I assume if I'm editing Global Settings it attempts to write to configuration.php.
here is the output of ls -l /var/www/html/joomla
total 116
-rw-r--r--. 1 apache apache 17816 Nov 6 15:18 LICENSE.txt
-rw-r--r--. 1 apache apache 4300 Nov 6 15:18 README.txt
drwxr-xr-x. 10 apache apache 4096 Nov 6 15:18 administrator
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 bin
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 cache
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 cli
drwxr-xr-x. 17 apache apache 4096 Nov 6 15:18 components
-rw-r--r--. 1 apache apache 2018 Dec 6 05:56 configuration.php
-rw-r--r--. 1 apache apache 3118 Nov 6 15:18 htaccess.txt
drwxr-xr-x. 5 apache apache 4096 Nov 6 15:18 images
drwxr-xr-x. 2 apache apache 4096 Nov 6 15:18 includes
-rw-r--r--. 1 apache apache 1011 Nov 6 15:18 index.php
-rw-r--r--. 1 apache apache 1909 Nov 6 15:20 joomla.xml
drwxr-xr-x. 4 apache apache 4096 Nov 6 15:18 language
drwxr-xr-x. 4 apache apache 4096 Nov 6 15:18 layouts
drwxr-xr-x. 12 apache apache 4096 Nov 6 15:18 libraries
drwxr-xr-x. 2 apache apache 4096 Dec 6 04:51 logs
drwxr-xr-x. 18 apache apache 4096 Nov 6 15:18 media
drwxr-xr-x. 28 apache apache 4096 Nov 6 15:18 modules
drwxr-xr-x. 14 apache apache 4096 Nov 6 15:18 plugins
-rw-r--r--. 1 apache apache 901 Nov 6 15:18 robots.txt.dist
drwxr-xr-x. 5 apache apache 4096 Dec 6 04:39 templates
drwsr-xr-x. 2 apache apache 4096 Dec 6 04:44 tmp
-rw-r--r--. 1 apache apache 1715 Nov 6 15:18 web.config.txt
And output of ls -ld joomla/
drwxr-xr-x. 18 apache apache 4096 Dec 6 05:57 joomla/
Also, running the command tail -f /var/log/httpd/error_log I get this
PHP Warning: file_put_contents(/var/www/html/joomla/configuration.php): failed to open stream: Permission denied in /var/www/html/joomla/libraries/joomla/filesystem/file.php on line 422, referer: http://localhost/administrator/index.php?option=com_config
After digging a bit deeper into the problem. I discovered that SELinux was blocking r/w access to httpd. This could be seen when running
ls -aLZ joomla
By running the command you would see that all files would show up to be
httpd_sys_content_t
When they really should be
httpd_sys_rw_content_t
Running a simple
chcon -R -t httpd_sys_content_rw_t /var/www/html/joomla/
AND VOILA! Problem Solved.
Thank you everyone for the help, and I hope someone else can benefit from this in the near future.
Try restarting the webserver?
As the permission must get reflected.