Solution is to limit the ports used by PASV, edit the /etc/vsftpd/nf and append the below 2 lines.If you change it to "No", Bluecoat connections will fail.On the Log Collector, the /etc/vsftpd/nf file, the default option "pasv_enable=Yes". Second: Configure PASV FTP on the Log Collector nf file Make sure to download the ca.pem locally to your machine, to add it to the Bluecoat trusted root certificate store later on.SSH to the SA server, and create the CSR for the vsftpd, then sign it using the local CA, then copy the vsftpd and the CA certificates to the log ~]# cd ~]# openssl req -nodes -new -sha256 -keyout -out -days ~]# openssl x509 -req -out -in -CA /var/lib/puppet/ssl/ca/ca_crt.pem -CAkey /var/lib/puppet/ssl/ca/ca_key.pem -CAcreateserial -days ~]# scp vsftpd.*.pem ~]# scp /var/lib/puppet/ssl/certs/ca.pem :/etc/netwitness/ng/truststore/puppet-ca.pem.Secondly, you need to either open all ports between bluecoat and log collector, or define the port ranges allowed for PASV FTP in the nf file.Īfterwards, with the above two changes, you can continue normally with the sadocs guide for Bluecoat SGOS.įirst: Sign the CSR using the SA puppetmaster.local To resolve the two issues, you need first to sign the CSR "Certificate Sign Request" by no machine other than the Local CA "certificate authority", which is the puppetmaster.local, ie. General Security Advisories and Statements.Outseer ® Fraud Manager On-Premise 14.x.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |