1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • FYI: expired certs and new systemrescuecd

    From Bit Twister@2:250/1 to All on Tue Feb 1 11:27:45 2022
    FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download

    So, when was the last time you checked for expired security certificates
    on your system.

    Snippet from my monthly cert check
    /etc/cron.monthly/_monthly:
    /local/cron/monthly/ch_4_expired_certs:
    # /etc/pki/tls/certs/httpd.pem expires 20220210 Warning. run /local/bin/gen_certs -s /etc/pki/tls/certs/httpd.pem
    # /etc/pki/tls/certs/postfix.pem expires 20220210 Warning. run /local/bin/gen_certs -s /etc/pki/tls/certs/postfix.pem

    Quick look at a certs of interest
    # openssl x509 -text -in /etc/pki/tls/certs/httpd.pem | head -11
    Certificate:
    Data:
    Version: 1 (0x0)
    Serial Number:
    29:a1:04:62:ab:a0:02:35:e1:35:7e:fd:5c:f5:fd:fb:cf:d1:82:e8
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: CN = localhost, OU = default httpd cert for localhost, emailAddress = root@localhost
    Validity
    Not Before: Feb 10 01:46:19 2021 GMT
    Not After : Feb 10 01:46:19 2022 GMT
    Subject: CN = localhost, OU = default httpd cert for localhost, emailAddress = root@localhost


    # openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11 Certificate:
    Data:
    Version: 1 (0x0)
    Serial Number:
    16:ec:ef:be:6b:9d:46:81:c7:f1:7b:45:8c:a0:03:b9:68:67:88:b5
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: CN = localhost, OU = default postfix cert for localhost, emailAddress = root@localhost
    Validity
    Not Before: Feb 10 01:44:50 2021 GMT
    Not After : Feb 10 01:44:50 2022 GMT
    Subject: CN = localhost, OU = default postfix cert for localhost, emailAddress = root@localhost

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From faeychild@2:250/1 to All on Tue Feb 1 20:29:51 2022
    On 1/2/22 22:27, Bit Twister wrote:
    FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download

    So, when was the last time you checked for expired security certificates
    on your system.

    I hope I don't need them bits

    [faeychild@unimatrix ~]$ openssl x509 -text -in
    /etc/pki/tls/certs/httpd.pem | head -11
    Can't open /etc/pki/tls/certs/httpd.pem for reading, No such file or
    directory
    140074800994112:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/pki/tls/certs/httpd.pem','r') 140074800994112:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
    unable to load certificate
    [faeychild@unimatrix ~]$ openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11
    Can't open /etc/pki/tls/certs/postfix.pem for reading, No such file or directory
    139668808021824:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/pki/tls/certs/postfix.pem','r') 139668808021824:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
    unable to load certificate
    [faeychild@unimatrix ~]$ /local/bin/gen_certs -s
    /etc/pki/tls/certs/httpd.pem
    bash: /local/bin/gen_certs: No such file or directory
    [faeychild@unimatrix ~]$ /local/bin/gen_certs -s /etc/pki/tls/certs/postfix.pem
    bash: /local/bin/gen_certs: No such file or directory
    [faeychild@unimatrix ~]$



    --
    faeychild
    Running plasmashell 5.20.4 on 5.15.16-desktop-1.mga8 kernel.
    Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Bit Twister@2:250/1 to All on Tue Feb 1 22:08:10 2022
    On Wed, 2 Feb 2022 07:29:51 +1100, faeychild wrote:
    On 1/2/22 22:27, Bit Twister wrote:
    FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download >>
    So, when was the last time you checked for expired security certificates
    on your system.

    I hope I don't need them bits

    [faeychild@unimatrix ~]$ openssl x509 -text -in
    /etc/pki/tls/certs/httpd.pem | head -11
    Can't open /etc/pki/tls/certs/httpd.pem for reading, No such file or directory

    [faeychild@unimatrix ~]$ openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11
    Can't open /etc/pki/tls/certs/postfix.pem for reading, No such file or directory


    Guessing you do not have httpd or postfix installed.

    # locate /etc/pki/tls/certs/
    should show some of what .pem certs are installed.


    [faeychild@unimatrix ~]$ /local/bin/gen_certs -s
    /etc/pki/tls/certs/httpd.pem
    bash: /local/bin/gen_certs: No such file or directory

    Sounds about right since /local is my custom directory and whatnot
    which I share across installs.


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From faeychild@2:250/1 to All on Wed Feb 2 20:37:41 2022
    On 2/2/22 09:08, Bit Twister wrote:

    Guessing you do not have httpd or postfix installed.

    # locate /etc/pki/tls/certs/
    should show some of what .pem certs are installed.



    [faeychild@unimatrix ~]$ locate /etc/pki/tls/certs/ /etc/pki/tls/certs/Makefile
    /etc/pki/tls/certs/ca-bundle.crt
    /etc/pki/tls/certs/ca-bundle.trust.crt
    [faeychild@unimatrix ~]$


    For a brief moment I was hoping to be not certifiable :-)

    regards
    --
    faeychild
    Running plasmashell 5.20.4 on 5.15.18-desktop-2.mga8 kernel.
    Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)