novaBBS - alt.os.linux.mageia - FYI: expired certs and new systemrescuecd

FYI: expired certs and new systemrescuecd

<slrnsvi69o.s0nu.BitTwister@wb.home.test>

https://www.novabbs.com/computers/article-flat.php?id=4456&group=alt.os.linux.mageia#4456

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: FYI: expired certs and new systemrescuecd
Date: Tue, 1 Feb 2022 05:27:45 -0600
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <slrnsvi69o.s0nu.BitTwister@wb.home.test>
Injection-Info: reader02.eternal-september.org; posting-host="04ff70e3ffb6d69059311700b1e5fda6";
logging-data="26335"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19bILJQFpEpfseoulgO03BL7JzT3xeTn9c="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:p4MRxRFaYjetxmd+aMtNgcNGAUA=

by: Bit Twister - Tue, 1 Feb 2022 11:27 UTC

FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download

So, when was the last time you checked for expired security certificates
on your system.

Snippet from my monthly cert check
/etc/cron.monthly/_monthly:
/local/cron/monthly/ch_4_expired_certs:
# /etc/pki/tls/certs/httpd.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/httpd.pem
# /etc/pki/tls/certs/postfix.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/postfix.pem

Quick look at a certs of interest
# openssl x509 -text -in /etc/pki/tls/certs/httpd.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
29:a1:04:62:ab:a0:02:35:e1:35:7e:fd:5c:f5:fd:fb:cf:d1:82:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default httpd cert for localhost, emailAddress = root@localhost
Validity
Not Before: Feb 10 01:46:19 2021 GMT
Not After : Feb 10 01:46:19 2022 GMT
Subject: CN = localhost, OU = default httpd cert for localhost, emailAddress = root@localhost

# openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
16:ec:ef:be:6b:9d:46:81:c7:f1:7b:45:8c:a0:03:b9:68:67:88:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default postfix cert for localhost, emailAddress = root@localhost
Validity
Not Before: Feb 10 01:44:50 2021 GMT
Not After : Feb 10 01:44:50 2022 GMT
Subject: CN = localhost, OU = default postfix cert for localhost, emailAddress = root@localhost

Re: FYI: expired certs and new systemrescuecd

<stc583$gn9$1@dont-email.me>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=4457&group=alt.os.linux.mageia#4457

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: FYI: expired certs and new systemrescuecd
Date: Wed, 2 Feb 2022 07:29:51 +1100
Organization: A noiseless patient Spider
Lines: 41
Message-ID: <stc583$gn9$1@dont-email.me>
References: <slrnsvi69o.s0nu.BitTwister@wb.home.test>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 1 Feb 2022 20:29:55 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="7c6ae1507d41a1ae76560241be1fc211";
logging-data="17129"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+D04nt5WnWeMhESi+bw9A3/qWSEEC63OY="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.5.0
Cancel-Lock: sha1:ypoDyM428I3TdiI/vSAts/lLo8A=
In-Reply-To: <slrnsvi69o.s0nu.BitTwister@wb.home.test>
Content-Language: en-US

by: faeychild - Tue, 1 Feb 2022 20:29 UTC

On 1/2/22 22:27, Bit Twister wrote:
> FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download
>
> So, when was the last time you checked for expired security certificates
> on your system.

I hope I don't need them bits

[faeychild@unimatrix ~]$ openssl x509 -text -in
/etc/pki/tls/certs/httpd.pem | head -11
Can't open /etc/pki/tls/certs/httpd.pem for reading, No such file or
directory
140074800994112:error:02001002:system library:fopen:No such file or
directory:crypto/bio/bss_file.c:69:fopen('/etc/pki/tls/certs/httpd.pem','r')
140074800994112:error:2006D080:BIO routines:BIO_new_file:no such
file:crypto/bio/bss_file.c:76:
unable to load certificate
[faeychild@unimatrix ~]$ openssl x509 -text -in
/etc/pki/tls/certs/postfix.pem | head -11
Can't open /etc/pki/tls/certs/postfix.pem for reading, No such file or
directory
139668808021824:error:02001002:system library:fopen:No such file or
directory:crypto/bio/bss_file.c:69:fopen('/etc/pki/tls/certs/postfix.pem','r')
139668808021824:error:2006D080:BIO routines:BIO_new_file:no such
file:crypto/bio/bss_file.c:76:
unable to load certificate
[faeychild@unimatrix ~]$ /local/bin/gen_certs -s
/etc/pki/tls/certs/httpd.pem
bash: /local/bin/gen_certs: No such file or directory
[faeychild@unimatrix ~]$ /local/bin/gen_certs -s
/etc/pki/tls/certs/postfix.pem
bash: /local/bin/gen_certs: No such file or directory
[faeychild@unimatrix ~]$

--
faeychild
Running plasmashell 5.20.4 on 5.15.16-desktop-1.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Re: FYI: expired certs and new systemrescuecd

<slrnsvjbqa.101b.BitTwister@wb.home.test>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=4458&group=alt.os.linux.mageia#4458

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: BitTwis...@mouse-potato.com (Bit Twister)
Newsgroups: alt.os.linux.mageia
Subject: Re: FYI: expired certs and new systemrescuecd
Date: Tue, 1 Feb 2022 16:08:10 -0600
Organization: A noiseless patient Spider
Lines: 33
Message-ID: <slrnsvjbqa.101b.BitTwister@wb.home.test>
References: <slrnsvi69o.s0nu.BitTwister@wb.home.test>
<stc583$gn9$1@dont-email.me>
Injection-Info: reader02.eternal-september.org; posting-host="04ff70e3ffb6d69059311700b1e5fda6";
logging-data="21891"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+GyDNQ3Y9xfozCGLTvDDWXmHGP1MkX2iw="
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:xpBufHU6e7fAraItr+phGliHLwQ=

by: Bit Twister - Tue, 1 Feb 2022 22:08 UTC

On Wed, 2 Feb 2022 07:29:51 +1100, faeychild wrote:
> On 1/2/22 22:27, Bit Twister wrote:
>> FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download
>>
>> So, when was the last time you checked for expired security certificates
>> on your system.
>
> I hope I don't need them bits
>
> [faeychild@unimatrix ~]$ openssl x509 -text -in
> /etc/pki/tls/certs/httpd.pem | head -11
> Can't open /etc/pki/tls/certs/httpd.pem for reading, No such file or
> directory
>
> [faeychild@unimatrix ~]$ openssl x509 -text -in
> /etc/pki/tls/certs/postfix.pem | head -11
> Can't open /etc/pki/tls/certs/postfix.pem for reading, No such file or
> directory

Guessing you do not have httpd or postfix installed.

# locate /etc/pki/tls/certs/
should show some of what .pem certs are installed.

> [faeychild@unimatrix ~]$ /local/bin/gen_certs -s
> /etc/pki/tls/certs/httpd.pem
> bash: /local/bin/gen_certs: No such file or directory

Sounds about right since /local is my custom directory and whatnot
which I share across installs.

Re: FYI: expired certs and new systemrescuecd

<steq2l$ljs$1@dont-email.me>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=4460&group=alt.os.linux.mageia#4460

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: faeych...@nomail.afraid.org (faeychild)
Newsgroups: alt.os.linux.mageia
Subject: Re: FYI: expired certs and new systemrescuecd
Date: Thu, 3 Feb 2022 07:37:41 +1100
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <steq2l$ljs$1@dont-email.me>
References: <slrnsvi69o.s0nu.BitTwister@wb.home.test>
<stc583$gn9$1@dont-email.me> <slrnsvjbqa.101b.BitTwister@wb.home.test>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 2 Feb 2022 20:37:41 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c84188c60a9f17bf476da1a6bc48b809";
logging-data="22140"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18xDolASPyJEbocENlcr3O0ysjD6pDDIwM="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.5.0
Cancel-Lock: sha1:xAReoxz5k+8XyvLJtKsS7jgey0o=
In-Reply-To: <slrnsvjbqa.101b.BitTwister@wb.home.test>
Content-Language: en-US

by: faeychild - Wed, 2 Feb 2022 20:37 UTC

On 2/2/22 09:08, Bit Twister wrote:

> Guessing you do not have httpd or postfix installed.
>
> # locate /etc/pki/tls/certs/
> should show some of what .pem certs are installed.
>

[faeychild@unimatrix ~]$ locate /etc/pki/tls/certs/
/etc/pki/tls/certs/Makefile
/etc/pki/tls/certs/ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.trust.crt
[faeychild@unimatrix ~]$

For a brief moment I was hoping to be not certifiable :-)

regards
--
faeychild
Running plasmashell 5.20.4 on 5.15.18-desktop-2.mga8 kernel.
Mageia release 8 (Official) for x86_64 installed via Mageia-8-x86_64-DVD.iso

Anything cut to length will be too short.

computers / alt.os.linux.mageia / FYI: expired certs and new systemrescuecd

Subject	Author
FYI: expired certs and new systemrescuecd	Bit Twister
Re: FYI: expired certs and new systemrescuecd	faeychild
Re: FYI: expired certs and new systemrescuecd	Bit Twister
Re: FYI: expired certs and new systemrescuecd	faeychild