Search Results

Search found 53261 results on 2131 pages for 'system state'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 468/2131 | < Previous Page | 464 465 466 467 468 469 470 471 472 473 474 475  | Next Page >

  • How does one check whether the OS X "disabled" flag for launchd services is set?

    - by Charles Duffy
    According to the man page for launchctl (emphasis mine):    -w   Overrides the Disabled key and sets it to false. In previous versions, this option would modify the configuration file. Now the state of the Disabled key is stored elsewhere on-disk. Because the current state of the disabled flag is no longer set in the .plist file itself, checking for the Disabled key is no longer an accurate way to tell if the service will run on next boot. Where is this "elsewhere on-disk"? More to the point (and more importantly), how does one check whether this flag is set? Also, is it possible to set a service to run on next boot without forcing it to start immediately (as with launchctl load -w /Library/LaunchDaemons/my-service.plist)?

    Read the article

  • How to disable Windows File Protection in Windows XP or 7 from Registry?

    - by SEARAS
    How to disable Windows File Protection in Windows 7 and/or XP from Registry? I want to automatically replace a driver with my created driver. I used PendingFileRenameOperations key in HKLM\System\CurrentControlSet\Control\Session Manager but i've found that it can ONLY be used for simple (not-system) files, because Windows File Protection disables it for system files (see this post). Now I need to temporarily disable WFP (and turn it on after changing driver). You can tell me another way to disable it. It can help me too. Thanks in advance! Any ideas?

    Read the article

  • Why did my zpool replace never finish and what should I do now?

    - by Josh
    I have a ZFS zpool with two disks in a mirror configuration, da0 and da1. da1 failed, and so I replaced it with da2 using zpool replace BearCow da1 da2 This ran for a few hours, during which zpool status showed that the array was being resilvered. When that finished, zpool status showed that the resilver was completed, but the array was still degraded... I tried a zpool scrub and a zpool clear, but the array still shows as degraded: [root@chef] ~# zpool status BearCow pool: BearCow state: DEGRADED scrub: scrub completed after 0h20m with 0 errors on Tue Oct 9 16:13:27 2012 config: NAME STATE READ WRITE CKSUM BearCow DEGRADED 0 0 0 mirror DEGRADED 0 0 0 da0 ONLINE 0 0 0 replacing DEGRADED 0 0 0 da1 OFFLINE 0 0 0 da2 ONLINE 0 0 0 errors: No known data errors I can't zpool replace BearCow da1 da2 anymore because da2 is already a member of BearCow... This is FreeBSD (FreeNAS) running ZFS pool version 15. How do I get my array to show as healthy again?

    Read the article

  • where are the "ipmi sel" entries parameter descriptions?

    - by Horatiu
    In order to troubleshoot a possible hardware issue I have installed ipmitools on my server and am doing queries for info related to poweron/poweroffs, hardware added/removed/status. I am trying to find some info on how to interpret sel obtained via ipmi sel list and the output looks like this : 72b4 | 10/31/2013 | 10:42:40 | System Event #0x01 | OEM System boot event | Asserted 72c8 | 10/31/2013 | 10:42:48 | System ACPI Power State #0x82 | S0/G0: working | Asserted I really want to know what "Asserted" means in this context, and also, where can I find a reference with all possible "exit status(es)" ? (Because I think that's what this is, right ?)

    Read the article

  • Linksys WiFi usb dongle and linux woes

    - by MrStatic
    I have a Linksys WUSB54GC usb dongle and I have exhausted every thing I know about making this thing work in linux. I am using Fedora 13. Since it is not ready I can not view any networks. Any ideas would be great. tail of the system log Jun 2 20:14:35 localhost kernel: usb 1-7: new high speed USB device using ehci_hcd and address 8 Jun 2 20:14:35 localhost kernel: usb 1-7: New USB device found, idVendor=1737, idProduct=0077 Jun 2 20:14:35 localhost kernel: usb 1-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Jun 2 20:14:35 localhost kernel: usb 1-7: Product: 802.11 g WLAN Jun 2 20:14:35 localhost kernel: usb 1-7: Manufacturer: Ralink Jun 2 20:14:35 localhost kernel: usb 1-7: SerialNumber: 1.0 Jun 2 20:14:35 localhost kernel: Registered led device: rt2800usb-phy3::radio Jun 2 20:14:35 localhost kernel: Registered led device: rt2800usb-phy3::assoc Jun 2 20:14:35 localhost kernel: Registered led device: rt2800usb-phy3::quality Jun 2 20:14:35 localhost NetworkManager[1367]: <info> found WiFi radio killswitch rfkill3 (at /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-7/1-7:1.0/ieee80211/phy3/rfkill3) (driver <unknown>) Jun 2 20:14:35 localhost kernel: rt2800usb 1-7:1.0: firmware: requesting rt2870.bin Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): driver supports SSID scans (scan_capa 0x01). Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): new 802.11 WiFi device (driver: 'rt2800usb' ifindex: 6) Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): exported as /org/freedesktop/NetworkManager/Devices/4 Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): now managed Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): device state change: 1 -> 2 (reason 2) Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): bringing up device. Jun 2 20:14:35 localhost kernel: ADDRCONF(NETDEV_UP): wlan0: link is not ready Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): preparing device. Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): deactivating device (reason: 2). Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): supplicant interface state: starting -> ready Jun 2 20:14:35 localhost NetworkManager[1367]: <info> (wlan0): device state change: 2 -> 3 (reason 42) [root@localhost log]# iwconfig lo no wireless extensions. eth0 no wireless extensions. wlan0 IEEE 802.11bg Mode:Managed Access Point: Not-Associated Tx-Power=8 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on

    Read the article

  • Linux only recognizes 800Mhz from 2Ghz

    - by Leo
    I tried with Suse 11 (KDE), Xubuntu 11.10 and Lubuntu 11.10 and these systems only recognizes 800Mhz from my processor of 2Ghz! The utilities I used are: linuxinfo, sysinfo, "system profiler and benchmark". And all of this only shows 800Mhz My system specs are: AMD Turion 64 Mobile MK36 512 RAM nVidia Geforce Go 6150 (I also tried with nVidia restricted drivers) 120GB Hard drive The weirdest thing is that Windows XP and 7 recognize the 2Ghz of my processor, What can I do? p.s. (It is not just the value of 800Mhz, I also feel my system very slow with linux)

    Read the article

  • Concurrent modification during backup: rsync vs dump vs tar vs ?

    - by pehrs
    I have a Linux log server where multiple applications write data. Data is written in bursts, and in a lot of different files. I need to make a backup of this mess, preferably preserving as much coherence between the file versions as possible and avoiding getting truncated files. Total amount of data on the server is about 100Gb. What I really would want (but can't) is to shut-down, backup the system cold and then start it up again. What kind of guarantees against concurrent modification does the various backup tools give? When do they "freeze" the file versions? I am looking at rsync, dump and tar at the moment, but I am open for other (open source) alternatives. Changing the application or blocking writing for backups is sadly not an option. System is not running LVM (yet), but I have considered that for rebuilding the system and then snapshots.

    Read the article

  • Unable to locate Windows Server Error log files

    - by Sam007
    I am getting an error in my application on 500 Internal Server Error. The firebug gives me, NetworkError: 500 Internal Server Error - http://webgis.arizona.edu/ArcGIS/rest/services/webGIS/Shock_Models/GPServer/Income_Log/jobs/jc09c501156564f71abc5d98393581267/results/final_shp?dpi=96&transparent=true&format=png8&imageSR=102100&f=image&bbox=%7B%22xmin%22%3A-14519891.438356264%2C%22ymin%22%3A637618.0139790997%2C%22xmax%22%3A-6692739.741956295%2C%22ymax%22%3A6507981.786279075%2C%22spatialReference%22%3A%7B%22wkid%22%3A102100%7D%7D&bboxSR=102100&size=800%2C600 And when I goto that particular link, I get this error, Server Error - Object reference not set to an instance of an object. Any idea how I can correct it? UPDATE I was told to use fiddler and see the error details that is occurring over the network and this is the output that I got, SESSION STATE: Done. Response Entity Size: 849 bytes. == FLAGS ================== BitFlags: [ClientPipeReused, ServerPipeReused] 0x18 X-CLIENTPORT: 2010 X-RESPONSEBODYTRANSFERLENGTH: 849 X-EGRESSPORT: 2023 X-HOSTIP: 128.196.53.161 X-PROCESSINFO: firefox:2248 X-CLIENTIP: 127.0.0.1 X-SERVERSOCKET: REUSE ServerPipe#2 == TIMING INFO ============ ClientConnected: 15:53:51.383 ClientBeginRequest: 15:53:51.494 GotRequestHeaders: 15:53:51.494 ClientDoneRequest: 15:53:51.494 Determine Gateway: 0ms DNS Lookup: 0ms TCP/IP Connect: 0ms HTTPS Handshake: 0ms ServerConnected: 15:52:45.077 FiddlerBeginRequest: 15:53:51.495 ServerGotRequest: 15:53:51.495 ServerBeginResponse: 15:53:51.679 GotResponseHeaders: 15:53:51.679 ServerDoneResponse: 15:53:51.679 ClientBeginResponse: 15:53:51.679 ClientDoneResponse: 15:53:51.679 Overall Elapsed: 00:00:00.1850106 The response was buffered before delivery to the client. == WININET CACHE INFO ============ This URL is not present in the WinINET cache. [Code: 2] * Note: Data above shows WinINET's current cache state, not the state at the time of the request. * Note: Data above shows WinINET's Medium Integrity (non-Protected Mode) cache only. But I am still confused as to what the error is? This is the application. I am not sure if the error is due to the ArcGIS-Server or the Windows Server 2008. I am new on working with the Windows Server and wanted to know where can I look for the error lof files? This is the link which gives the details and the log info of the job executed. This is the output.

    Read the article

  • CPU?: Not responding

    - by James
    I'm attempting to build a system for co-location. I've been running into issues while trying to install CentOS 6.3 System Specs: Motherboard: ASUS m5a99x Process: AMD FX-8120 (8-core Bulldozer) Memory: 2x 4gb G-Skill 2133 running at 1600 I keeps giving me an error message: CPU1: Not Responding. CPU2: Not Responding. CPU3: Not Responding. CPU4: Not Responding. CPU5: Not Responding. CPU6: Not Responding. Then it instantly restarts. I have tried installing it from USB, Multiple DVDs, Multiple Distros. I have also in the bios attempted to disable cores. I was able to disable 2/3 4/5 6/7. I have also ensured that there is zero overclocking. The system works fine in a windows environment. I'm out of ideas.

    Read the article

  • windows server secondary plex or windows server default

    - by shiva
    I am new to handling issues on server. when my system tried to reboot I could see two installables to boot from. windows server 2012- current os windows server secondary plex. So when ever there is a system restart the system it stops at this screen. And since I am connecting to this server using RDP I have to wait for the hetzner console to click on of the os to boot. Even though the current os is set as default and time given is 30 sec, it still waits for a user input. So I want to know which of the two should I be using to boot and I just want one os.

    Read the article

  • Limit ftp users to only certain directories in Ubuntu

    - by George
    There are several questions around limiting ftp users to certain directories. However, most of them refer to vsftpd, which I don't think I have installed on my system. I'm running Ubuntu 9.04. How can I tell what ftp service I have installed, and then limit certain users to only the /home/ftpuser directory instead of having full access to the file system? I think I can add them to a separate group and give that group access to the proper directories, but then do I have to remove that groups permissions from all other directories? It seems like there should be an easy way like setting the chroot_local_user value in the /etc/vsftpd/vsftpd.conf file, but that doesn't exist on my system.

    Read the article

  • IBM x3620 Server takes a long time to boot past UEFI to OS

    - by Joel Coel
    I have a pair of IBM System x3620 servers. These servers do fine once they finally reach the point where the operating system takes over, but it takes them forever to get past the new-fangled UEFI boot system... a good five minutes or so; maybe longer. I haven't timed it, but it's the kind of thing where you go get a cup of coffee while you wait and it's still going when you come back. Normally the only time I shut these down is for a monthly maintenance cycle (usually just windows updates), and so it's not a big deal. But in the case where I might have an outage I'd sure like to get that 5 minutes back. Is there anything I can do to tell them to just go ahead and boot already?

    Read the article

  • Completely clean previous Radeon drivers on Windows 7 64bit

    - by tomo
    Recently I replaced my old Radeon HD 2600XT to Radeon HD 6770 from MSI. I had strange problem that after installing the newest Radeon drivers they exist only until first reboot. After reboot my new card is recognized as an old 2600. I tried to unintall ATI/AMD software completetely from Programs/Features, then reboot, then untinstall driver from device manager, then reboot, then system showed that display driver is regular VGA (and oldschool 640x480 resolutions). Then to be double sure I executed DriverCleaner3 and Driver sweeper. After the restart I installed the newest drivers from amd site but after restarting the system recognizes card as 2600. I'm completely lost. Perhaps Win7 64bit caches somewhere drivers? Are there any issues regarding drivers-shadowing or 32/64 mirroring? Reinstalling the system is not an option.

    Read the article

  • What part of SMF is likely broken by a hard power down?

    - by David Mackintosh
    At one of my customer sites, the local guy shut down their local Solaris 10 x86 server, pulled the power inputs, moved it, and now it won’t start properly. It boots and then presents a prompt which lets you log in. This appears to be single user milestone (or equivalent). Digging into it, I think that SMF isn’t permitting the system to go multi-user. SMF was generating a ton of errors on autofs, after some fooling with it I got it to generate errors on inetd and nfs/client instead. This all tells me that the problem is in some SMF state file or database that needs to be fixed/deleted/recreated or something, but I don’t know what the actual issue is. By “generate errors”, I mean that every second I get a message on the console saying “Method or service exit timed out. Killing contract <#.” This makes interacting with the computer difficult. Running svcs –xv shows the service as “enabled”, in state “disabled”, reason “Start method is running”. Fooling with svcadm on the service does nothing, except confirm that the service is not in a Maintenance state. Logs in /lib/svc/log/$SERVICE just tell you that this loop has been happening once per second. Logs in /etc/svc/volatile/$SERVICE confirm that at boot the service is attempted to start, and immediately stopped, no further entries. Note that system-log isn’t starting because system-log depends on autofs so I have no syslog or dmesg. Googling all these terms ends up telling me how to debug/fix either autofs or nfs/client or inetd or rpc/gss (which was the dependency that SMF was using as an excuse to prevent nfs/client from “starting”, it was claiming that rpc/gss was “undefined” which is incorrect since this all used to work. I re-enabled it with inetadm, but inetd still won’t start properly). But I think that the problem is SMF in general, not the individual services. Doing a restore_repository to the “manifest_import” does nothing to improve, or even detectibly change, the situation. I didn’t use a boot backup because the last boot(s) were not useful. I have told the customer that since the valuable data directories are on a separate file system (which fsck’s as clean so it is intact) we could just re-install solaris 10 on the / partition. But that seems like an awfully windows-like solution to inflict on this problem. So. Any ideas what piece is broken and how I might fix it?

    Read the article

  • Is there analog of aticonfig --set-powerstate for open source radeon driver?

    - by vava
    I'm running Ubuntu 9.04 on relatively old laptop with ATI Mobility x600 inside. On the last version of Ubuntu, when I was able to run proprietary fglrx driver, I was able to slow down graphic card by aticonfig --set-powerstate 1 and save some battery charge. Now I forced to run open source driver as ATI decided to drop support for old cards. But I can't find a way to control power states now except relying on DynamicClocks option in xorg.conf. But I really know better when and what powerstate I want, so is there a tool that let me change power state manually or at least let me somehow change the behavior of automatic power state selection?

    Read the article

  • How can I keep gnu screen from becoming unresponsive after losing my SSH connection?

    - by Mikey
    I use a VPN tunnel to connect to my work network and then SSH to connect to my work PC running cygwin. Once logged in I can attach to a screen session and everything works great. Now, after a while, I walk away from my computer and sooner or later, the VPN tunnel times out. The SSH connection on each end eventually times out and then I eventually come back to my computer to do some work. Theoretically, this should be a simple matter of just restarting the VPN, reconnecting via SSH, and then running "screen -r -d". However apparently when the sshd daemon times out on the cygwin PC, it leaves the screen session in some kind of hung state. I can reproduce a similar hung state by clicking the close box on a cygwin bash shell window while it's running a screen session. Is there any way to get the screen session to recover once this has happened, so that I don't lose anything?

    Read the article

  • iptables question

    - by RubyFreak
    i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ). I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done) I want to enable MASQ on this ip from traffic that comes from my LAN (done) I want from my LAN as well to access my http server at DMZ. (partially) Question: in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem? network interfaces: eth0 (WAN) eth1 (DMZ) eth2 (LAN) /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2 /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

    Read the article

  • Incident Management-Monitoring Ideas

    - by sprsr
    Hello all, What we are tring to do at our company (banking industry) is to apply some ITIL (Information Technology Infrastructure Library) principles and I need some ideas to develop our incident management system of our company. For those who have experienced with incident management, what are the things that helps you most ? What are the things that you can't live without while managing the incidents. Do you have some good screenshots of such a monitoring software ? Since we choosed to develop our own system instead of buying a big system, there are lots of things we may miss, and we are brainstorming here. I need some key points that most crucial in incident management and monitoring. Thanks.

    Read the article

  • Performance improvements of VBulletin by integrating the plugins

    - by reggie
    I have amassed quite a lot of plugins and code that is being hooked into VBulletin's plugin system. There are good uses for this system. But since I am now locked in with the VB 3 branch and it is no longer updated, I wonder what kind of performance improvements I would see if I integrated all the plugins into the vbulletin files and turned the plugin system completely off. My site has about 1.5 mio posts, about 100,000 threads, 100,000 members (of which 10,000 are "active"). I estimate I have about 200 plugins from different products in the plugin manager. Has anybody ever tried this move and could share the experiences?

    Read the article

  • After Upgrading Ubuntu to 9.10 my hard drive now has a warning.

    - by Sean
    it is a 500gb hard drive format as ext3 path /dev/sdc1 The disk utility does not even see this. This Warning is from gparted: e2label: No such device or address while trying to open /dev/sdc1 Couldn't find valid filesystem superblock. Couldn't find valid filesystem superblock. dump2fs 1.41.9 (22-Aug-2009) dumpe2fs: No such device or address while trying to open /dev/sdc1 Unable to read contents of this file system? Because of this some operations may be unavailable. END OF ERROR MESSAGE Did I lose something during the upgrade of the system? Was it the hard drive or the Ubuntu system that went bad?

    Read the article

  • Minix3 on Vmware

    Hi, I install minix3 on vmware using installation CD i make using .iso image which is available @minix3 I make 2GB Harddisk, 512MB RAM on VMware, and installed step-by-step. It got installed and working fine. But i wana install 'packman' which is X window system. I'm not able to install it. It asks for installation CD, its still there and its detected also, but i couldn't proceed. Actually i install minix to learn Operating system design and Implementation :) Have any1 tried installing 'packman' i.e X window system on minix3. Please guide me. :)

    Read the article

  • Sharepoint 2007 Event ID 6482

    - by Dave M
    Our two server SharePoint 2007 SP2 farm has an issue. Event ID 6482 appears in the Application log of the Web front end many times a day. Often many time a minute. The full error is from Office SharePoint Server Event Type: Error Event Source: Office SharePoint Server Event Category: Office Server Shared Services Event ID: 6482 Date: 11/12/2009 Time: 3:05:22 PM User: N/A Computer: XXXXXX Description: Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (36a9b7ef-59aa-4f94-8887-8bf7b56f2f91). Reason: Error during encryption or decryption. System error code 0. Techinal Support Details: System.ArgumentException: Error during encryption or decryption. System error code 0. at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications) at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize() at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The SharePoint site appears to be functioning normally and Search returns expected results. Any suggestions would be appreciated

    Read the article

  • Unable to install Android for Windows 7 because JDK is not found

    - by user1294663
    I have JDK SE7u4 installed in windows 7. I tried to install Android on Windows 7 using the installer_r18-windows.exe but no avail. The setup window showed the message saying that the Java SE JDK not found and ERROR: Failed to find Java version for C:\Windows\System32\java.exe The system cannot found the file specified. If you believe you have a JDK installed and it was not properly recognized, simply set an environment variable JAVA_HOME to point to it I right clicked on Computer Properties Advanced System Settings Environment variables. I created a NEW system variable called JAVA_HOME and set the value as C:\Program Files\Java\jdk1.7.0_04\bin or C:\Windows\System32\java.exe. I ran the installer again — the same error message still appeared.

    Read the article

  • Windows Login Failure

    - by Chris Bateson
    I'm getting an error in the Event Viewer, which is also generating a lot of Logon Failure messages on our syslog server. Pretty much stuck on how to resolve. EventID: 536 Logon Type: 3 Reason: The NetLogon component is not active This is for a Windows Server 2003 system. I have checked here We're using Shavlik Protect 9 to scan and deploy patches. Shavlik stores the credentials for the systems and uses those stored credentials to deploy patches. This system is able to scan and deploy to other systems on the network using those credentials and no errors are generated. When installing to the local system that Shavlik is physically on then this error is generated. Whats interesting is that it doesn't generate during a scan, and the patches install fine. We've contacted Shavlik to get the response that they are unable to help since it's a Microsoft error. Has anyone seen this?

    Read the article

  • curl can't verify cert using capath, but can with cacert option

    - by phylae
    I am trying to use curl to connect to a site using HTTPS. But curl is failing to verify the SSL cert. $ curl --verbose --capath ./certs/ --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: ./certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I know about the -k option. But I do actually want to verify the cert. The certs directory has been properly hashed with c_rehash . and it contains: A Verisign intermediate cert Two self-signed certs The above site should be verified with the Verisign intermediate cert. When I use the --cacert option instead (and point directly to the Verisign cert) curl is able to verify the SSL cert. $ curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: ./certs/verisign-intermediate-ca.crt CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=State; L=City; O=Company; OU=ou1; CN=example.com * start date: 2011-04-17 00:00:00 GMT * expire date: 2012-04-15 23:59:59 GMT * common name: example.com (matched) * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1267 Content-Length: 1267 < Server: Jetty(7.2.2.v20101205) Server: Jetty(7.2.2.v20101205) < * Connection #0 to host example.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): In addition, if I try hitting one of the sites using a self signed cert and the --capath option, it also works. (Let me know if I should post an example of that.) This implies that curl is finding the cert directory, and it is properly hash. Finally, I am able to verify the SSL cert with openssl, using its -CApath option. $ openssl s_client -CApath ./certs/ -connect example.com:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 /C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com verify return:1 --- Certificate chain 0 s:/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- <cert removed> -----END CERTIFICATE----- subject=/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1563 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: D65C4C6D52E183BF1E7543DA6D6A74EDD7D6E98EB7BD4D48450885188B127717 Session-ID-ctx: Master-Key: 253D4A3477FDED5FD1353D16C1F65CFCBFD78276B6DA1A078F19A51E9F79F7DAB4C7C98E5B8F308FC89C777519C887E2 Key-Arg : None Start Time: 1303258052 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE How can I get curl to verify this cert using the --capath option?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 464 465 466 467 468 469 470 471 472 473 474 475  | Next Page >