SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

In an internal PKI environment which there is just a Offline root and an issuing CA, is the Issuing CA acting as a root?

Meaning in a certificate chain, having the ISSUING CA is like the root and there is NO intermediate CA?
0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Attempted to enable HTTPS connections in SCCM. Now I have lost client connectivity though I believe every step is accurate. I cannot figure out what is causing the issue.

CCMMessaging log (constant error, Hood is server name)
Successfully queued event on HTTP/HTTPS failure for server 'HOOD'.
Post to http://HOOD/ccm_system/request failed with 0x87d00231.

[CCMHTTP] ERROR: URL=http://HOOD/ccm_system/request, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=Forbidden      CcmMessaging      3/7/2019 11:05:15 AM      8308 (0x2074)
0
Going to be migrating to Exchange 2016 (from EX2010) and need some advice on External URL's and SSL Certs.  On my Exchange 2010 I was using the host name of both my Internal & External URL's for Virtual Directories (ActiveSync, OWA, AOB, ..etc).  I was told that it is recommended to not use the host name on these external url's.  I should use ex.: mail.mydomain.com (use just general mail name instead of my host name).  So should i just use this on my External URL's or both Internal and External?

When creating my new SSL Cert for EX2016 would I still need to put my host name on this Cert?  My current SSL Cert (EX2010) has the following: hostname.mydomain.com; autodiscover.mydomain.com, legacy,mydomain.com; mydomain.com.

I would like to use as minimal amount of SAN names as possible.
0
Please explain the workflow of a Certificate Signing Request

How does this request originate? What does it consist of? What kind of signing authority responds to this request?

And how does it relate to SSL?

And what about the latest update to the.NET Framework? 4.7.2?

Thanks.
1
I use below codes to determine ssl is existed or not. For some reason, it is always "off" and we use CloudFlare free SSL. I just hope to know is there any difference.
This is our first time to use CloudFlare.

Response.write(GethttpType(Request.ServerVariables["HTTPS"],"").
0
i use cloudflare free ssl for my website. and the steps are successful. and i can see valid ssl on my website in the browser.
my next task is to ensure all image, a href and etc. using https. so I use the following codes, and it always return "off"
meaning the ssl is not there. so I now do not know what's wrong. In addition, cloudflare free ssl is not necessary to be installed into my IIS server. I just want to ensure i am correct.

Response.write(GethttpType(Request.ServerVariables["HTTPS"],"").

 
public static string GethttpType(string httpType,string httpHost)
        {
            string strReturn = "http://"+httpHost;
            if(httpType=="on")
            {
                strReturn = "https://"+httpHost;
            }
            return strReturn;
        }

Open in new window

0
How do I install TLS version 1.3 on server 2012 R2?
What steps do I need to follow
0
Hi ,
Advance thanks!
Am using .net framework 4.6.1 and class library project using c#. This project doesn't have config, startup.cs or global.ascx where i enforce string transport security (hsts ) on endpoints.
How to add the header  to configure Strict Transport Security (HSTS). I think i should do something like below in the application but not sure how to do that. Please help....
Response.AddHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");

Kind regards,
Pooja
Response.Headers.PNG
0
Hi,
Am using .net framework 4.6.1 and the class library project using C#. Need to enforce HTTP Strict Transport Security (HSTS) in all public facing http endpoints.I did configuration settings but it doesn't help me. Please help me about how to enforce HSTS on project and how to verify the site has hsts settings.
Have attached Properties window of the project, web.config, startup.cs .Please help...


Kind regards,
Pooja
Properties.PNG
Startup.cs
Web.config
0
Is certificate compromised if someone downloads the p7b file of the certificate? For example if they login to your godaddy or digicert and get the p7b file downloaded, does that jeopardize all the websites that the SSL certificate within was installed on?
0
Exploring SQL Server 2016: Fundamentals
LVL 13
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Hello Friends, I need your help, We have our main website www.pleugerindustries.com, this website already installed SSL certificate. We also have registered other domain like pleuger.com, pleuger.us, pleuger.info and pleuger.org. Now all these domain are just registered, nothing is there, there is no SSL certificate as well. When I redirected these website to our main website www.pleugerindustries.com it successfully redirected but its need SSL certificate. Although the main website already have SSL certificated installed. Do I need SSL for all other domain? If I leave it like this it will insecure for my main website?? kindly though some light on it. Many thanks in advance.
0
We are having an issue with an app that allows users to work on their timesheet in the accounting software remotely from their phones.

 It used to work fine until there were OS updates to the phones.

I was told by the accounting program's support that I had to do the following for the phone app to work.

Customer will need to do the following for the SSL certificate on their server:
Disable SSL2, SSL3, TLS1
Enable TLS 1.1 and 1.2:



What I do not understand is where to make these changes.  I tried using a program called Crypto which allows you to enable and disable protocols on the server from a GUI but when I made the suggested changes we could not login to the accounting software from our desktops, and the app still did not work.

My question: Is there a difference with disabling the listed protocols in Server 2012 vs. doing it in the SSL certificate that is installed for the app?

If so, where do I go to make the protocol changes in the SSL certificate?

The server running the accounting program and the SSL certificate is a 2012 R2 server.

Any help is appreciated.
0
Experts,
 We are planning to Implement SSL on our Sharepoint 2013 environment. Since i don't have deep knowledge about it , I would like to have your help to identify the advantage , Dis advantage and challenges for SSL Bridging , SSL Offloading and   SSL Passthrough.

Can you please help me to compare?
0
I got rate limited by letsencrypt and i had to change a domain from olddomain.ca to newdomain.com.

I now have everything working on newdomain.com and im trying to redirect traffic from newdomain.ca to newdomain.com so on cloudflare i created a page rule to redirect all traffic to olddomain.ca to newdomain.com but when users go to olddomain.ca they get a certificate warning for privacy error.

I have this redirect setup on the DNS, how is it even showing this error if i want to bypass it completely and just redirect to the new site?

I get this error in my browser:

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: newdomain.com

Issuer: Let's Encrypt Authority X3


EDIT -- so i guess the issue is certificate handshake happens BEFORE redirect, sh*t how can i get rid of this message if i got rate limited by LetsEncrypt??? Should i purchase a valid SSL and apply it to this domain?

EDIT AGAIN -- can i just add the old domains to the new certificate?
0
apache rewrite rules to redirect http(s) olddomian.com to newdomain.com
i made a custom  VirtualHost .conf file for apache for my old domian to redirect every request to httpS new domain but it isn't working...?
i get either the old host or some an invalid URL... both FireFox and Chome show errors like this:
The owner of OldDomian.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. The certificate is only valid for NewDomain.com.

a copy of the apache.conf VirtualHost config:
<VirtualHost 129.125.125.128:80>
ServerName  OldSiteHost.com
ServerAlias www.OldSiteHost.com
ServerAlias OldSiteHost.com

RewriteEngine on
RewriteCond %{SERVER_NAME} =OldSiteHost.com [OR]
RewriteCond %{SERVER_NAME} =www.newcorp.OldSiteHost.com [OR]
RewriteCond %{SERVER_NAME} =newcorp.OldSiteHost.com [OR]
RewriteCond %{SERVER_NAME} =www.OldSiteHost.com
RewriteRule ^ https://NewSiteHost.com/ [END,NE,R=permanent]

</VirtualHost>

Open in new window

0
How to  enable https only for a web API instead of entire application hosted on IIS ? I dont want to enable for entire web application which is in ASP.NET .
0
Computer is Windows 7 Pro attached to a Server 2012 R2 AD domain.

After adding a new domain user, I logged into the computer she'd be using to setup the profile. After configuring the profile the same way I've done countless times, I opened both IE and Chrome to setup the home page in each.

Going to any https website yielded "Your connection is not private" in Chrome, and "There is a problem with this website’s security certificate." in IE.

Googling the issue showed that many others have experienced these errors as well...but with no resolution that I found.

I tried or checked the following:
The date and time were correct
Reset IE's settings to default
Uninstallined ESET End Point Antivirus
Deleted browser cache and cookies
Windows updates were current
Multiple malware scans
Tried Chrome's incognito window
Deleted the new profile plus others that were no longer used
The computer otherwise ran normally

?????

Thanks
Mark
0
A vendor offers a mobile app for tracking vehicles & this app links back to their server in Azure cloud.
We install this app on our corporate mobile devices.  We have
a) iPhone 5 on IOS 10.x
b) certain iPad models on IOS 9.x
c) Android phones on Android 4.4

Q1:
Vendor told us they can't enforce TLS1.2 on their app as they have other customer (also in transport
related industry) with mobile devices still using Android 4.x, thus they'll to still permit TLS1.0 & 1.1.
Is this enforcement of TLS version something that's done at the server end (in the cloud) or at the
mobile app side?

The vendor currently supports only 1 version of the mobile app, thus they can't customize this app
specifically for us just to enforce certain TLS version as advised by them.
Q2:
What's the highest version of TLS (1.2, 1.1 or 1.0) that  IOS 9.x and Android 4.4 could support?

Q3:
Anyone know if mobile apps can be made to go for TLS 1.2 first, failing which, it'll fall back to
1.1 & if this fails, then 1.0 ?  If it can be done, is this at server or client end?

Q4:
Suppose there's a load balancer (eg: F5 or A10) at the server end, does the cert installed at
the loadbalancer matters where TLS version support is concerned?
0
Hi

How to load SSL certificates - dummies guide

Regards
0
HTML5 and CSS3 Fundamentals
LVL 13
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Experts,
 We have 2013 sharepoint farm. We are planning to implement SSL (http to https) to our web application. We have 4 front end servers , 6 Application servers. We would like to know what is the advantage and  dis advantage to implement SSL on back end server or Load balance? Also we are planning to migrate our Sharepoint 2013 to Office 365 so what is the common practice to implement (server or load balance)?
0
I am currently trying to get LDAPS to work to enable me to link my AD to a 3rd party company. I am however having some issues with the certificate side of things.

The DC's FQDN is "mydc.internal.mycompany.com"
Our public domain is "mycompany.com"
I purchased the certificate with the CN = mydc.mycompany.com and created an internal DNS A record to point mydc.mycompany.com to the IP address of the DC.  Therefore, if I ping both mydc.mycompany.com OR mydc.internal.thewinesociety.com BOTH resolve to the same location.

However, if I use LDP.exe to test the connection from my pc to the DC (using the server address mydc.mycompany.com), the LDAPS is failing to connect.

The instruction guide I followed said that I could use the public domain name in the certificate as long as I used a DNS A record to then resolve this.  However, I have since read contradictory information to this, so I am not sure if I certificate is ever going to work doing this.

Is someone able to help advise me on this please?
0
hello,

I have downloaded all available root certificates.
Now I have an sst file.
How to install this sst file via certutil in CMD ?
I have to install all certificates to the local computer account to the root certificates.

Can you help me with the command ?
0
I need to add DoD Root CA 5 to all the machines is Domain.  We're operating in a closed loop environment, so InstallRoot tool is not an option.  Looking for a way to download the certificate for offline deployment, then push to all clients.
0
HTTPAPI_debug.txtWS HTTP API(library LIBHTTP).
IBM-i Client Connection to Webserver: handshake problem.  
Immediatelly after clientHello, the  server resets  connection.

ibm-i Joblog messages .
   Message . . . . :   (GSKit) An operation which is not valid for the current
     SSL session state was attempted.                                          
   Cause . . . . . :   No additional online help information is available.    
 40   18/01/19  15:36:49.874491  HTTPAPIR4    LIBHTTP     *STMT    RSUCISLO2  
   From module . . . . . . . . :   HTTPUTILR4                                  
   From procedure  . . . . . . :   HTTP_CRASH                                  Handshakke-problem-from-7_3-LPAR.docx
   Statement . . . . . . . . . :   4068                                        
   Message . . . . :   SSL Handshake: (GSKit) I/O: A connection with a remote  
     socket was reset by that

TLS-Version.PNG
0
Hi Experts,

I have a very strange problem with https sites.
In one department we have 10 persons. They connect all over the same firewall policy to the internet.
But two of them cannot connect to some sites like -> www.orf.at
Other https sites work.
On the policy I have disabled all UTM features, no webfilter is active.

The users geht this error in each browser : DLG_FLAGS_INVALID_CA

Please can you help me out ?
So far this problem is just on WIN10 machines.
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.