General

If it doesn’t belong anywhere, it belongs here.

pkg upgrade: Certificate verification failed for /C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 2 IV Server CA

I noticed this on one FreeBSD server today: $ pkg -vv | grep url url: “pkg+http://services.unixathome.org/packages/103amd64-default-master-list/”, I decided: let’s use https, not http, there. After making the change (in my case, it was in /usr/local/etc/pkg/repos/local.conf, I tried upgraded packages, and it barfed: $ sudo pkg upgrade Updating local repository catalogue… Certificate verification failed for /C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 2 IV Server CA 34401225432:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1191: Certificate verification failed for /C=IL/O=StartCom Ltd./OU=StartCom […]

pkg upgrade: Certificate verification failed for /C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 2 IV Server CA Read More »

pfsense 2.3, now on FreeBSD 10.3 with pkg

I upgraded my pfSense box to 2.3 last night. Here is what I got: # uname -a FreeBSD bast.int.unixathome.org 10.3-RELEASE FreeBSD 10.3-RELEASE #4 05adf0a(RELENG_2_3_0): Mon Apr 11 19:09:19 CDT 2016 root@factory23-amd64-builder:/builder/factory-230/tmp/obj/builder/factory-230/tmp/FreeBSD-src/sys/pfSense amd64 These are the package repos they are using (as taken from pkg -vv): Repositories: pfSense-core: { url : “pkg+http://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core”, enabled : yes, priority : 0, mirror_type : “SRV”, signature_type : “FINGERPRINTS”, fingerprints : “/usr/local/share/pfSense/keys/pkg” } pfSense: { url : “pkg+http://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-pfSense_factory-v2_3_0”, enabled

pfsense 2.3, now on FreeBSD 10.3 with pkg Read More »

Oh! There’s my missing tape drive!

Yesterday and today, none of my Bacula copy-to-tape jobs completed because my tape drive was missing. Today, I reseated all the cables, and power cycled the tape library. In my ssh session, I did this: $ sudo camcontrol devlist <ATA TOSHIBA DT01ACA3 ABB0> at scbus0 target 2 lun 0 (da0,pass0) <ATA TOSHIBA DT01ACA3 ABB0> at scbus0 target 10 lun 0 (da1,pass1) <ATA TOSHIBA DT01ACA3 ABB0> at scbus0 target 11 lun 0 (da2,pass2) <ATA

Oh! There’s my missing tape drive! Read More »

My HDD are full. Time for a new server.

My disks are full. [dan@knew:~] $ zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT system 27T 21.4T 5.57T 79% 1.00x ONLINE – [dan@knew:~] $ zpool status pool: system state: ONLINE scan: scrub in progress since Tue Jun 9 03:26:26 2015 12.9T scanned out of 21.5T at 98.1M/s, 25h32m to go 0 repaired, 59.92% done config: NAME STATE READ WRITE CKSUM system ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 gpt/disk0

My HDD are full. Time for a new server. Read More »

Putting FreeBSD 11 onto a Raspberry Pi 2

I have 5 Raspberry Pi 2 here. I’m going to install FreeBSD 11.x on them. I’ve already done one. The second is started, and now I’m going to write it down so I know what to do the next time. The wiki entry will contain the latest status. The binaries Rasperberry Pi 2 only runs FreeBSD 11.x (10.x will run on the B but not the 2). If you have Rasperberry Pi B,

Putting FreeBSD 11 onto a Raspberry Pi 2 Read More »

su: _secure_path: /nonexistent/.login_conf is not owned by uid 65534

This morning, on a FreeBSD 9.2-RELEASE #0 r255898 system, I saw this in /var/log/messages: There was nothing around that entry to clue me in. I suspected a cronjob, based upon the time of day. I searched with Google and found only questions. This next command confirms my cronjob suspicion: OK, it’s got to be a cronjob. For the record, uid 65534 is the predefined user nobody

su: _secure_path: /nonexistent/.login_conf is not owned by uid 65534 Read More »

How Designers Destroyed the World

I recently watched a great video about design decisions. It features Mike Monteiro speaking at Webstock 13. I particularly liked these quotes: 28:15 – And remember every single time that you, as a designer, make it easier and more pleasant for anyone to find and use information and tools that help people live their lives, you have contributed something important to the world. 40:10 – Every time you let somebody else tell you

How Designers Destroyed the World Read More »

Unable to load config info from /etc/ssl/openssl.cnf

There I was, just minding my own business, creating a new certificate request, when bang! I got hit with this: # openssl sl genrsa -des3 -out imaps.unixathome.org.key 2048 Generating RSA private key, 2048 bit long modulus ………………………………………………+++ ……………………………………………………………………………..+++ e is 65537 (0x10001) Enter pass phrase for imaps.unixathome.org.key: Verifying – Enter pass phrase for imaps.unixathome.org.key: # openssl req -new -key imaps.unixathome.org.key Unable to load config info from /etc/ssl/openssl.cnf What? Are you in a jail?

Unable to load config info from /etc/ssl/openssl.cnf Read More »

Scroll to Top