SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi all,

I am in the process of setting up a two-way ssl certificate - I have gotten the initial certificate and am now trying to walk through being able to give the second site access. Does anyone have any good links that may assist in walking through the process?

Many thanks!
0
Get 15 Days FREE Full-Featured Trial
LVL 1
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Hi

We have Exchange 2007 server onsite and now planning to move to office 365 and I would like to go with the Hybrid Environment.

I ran the Exchange Deployment Assistant and on the document it says I need to configure Outlook Anywhere on our on- premises Exchange Server (because the email migration service uses RPC over HTTP)

Currently staff use OWA 2007 from outside through https://mail.myorg.co.uk. For this I procured the SSL from Trustico
The document says that I must use a certificate issued by a trusted certification authority (CA) with your Outlook Anywhere configuration.

So do I need to procure another SSL certificate to setup Outlook Anywhere. Bit confused here.
Please let me know how to go about.

Any help will be great.
Thanks
0
I have a unique situation. The legal department from my employer is requiring that I get a signed "Attestation of Compliance" document from my service provider.  I have a dedicated server in which my host is basically providing me the hardware, but all set up, security, user accounts, etc. are under my control.

The host is saying they won't sign an AOC because the only thing they control is the physical access to the machine (Items 7-10 of requirements). That makes sense to me. Why should they put themselves at risk for compliance when I have most of the control of vulnerabilities on the server.

Does anybody know of a hosting provider that would in fact provide an AOC for a service provider? Or of a work around for this?

Thanks.
0
Hello,

I made an app in Delphi Seattle.
The app sends an email to the user.
For this I deploy libcrypto.so and libssl.so.

Interestingly so far it worked well under Android 5 and 6 too, but now I noticed that it works well only with 5 but not with 6 and 7,

The error message is:

Error!
[EldOSSLCouldNotLoadSSLLibrary]
Could not load SSL library.

I read that starting with Android 6 Marshmallow, Google no longer supports OpenSSL on Android.

The question is what should I do so as the Android 6 and 7 users would get my email.

Thank you very much.
0
I recently upgraded to a new SSL certificate. My old used to include both the www and naked domains (e.g. https://www.chloedog.org and https://chloedog.org).  But the new certificate only includes the naked domain.  

I'm trying to use a .htaccess redirect so that both are accomplished in one pass.  I've tried a few different things and none work.

The most recent was:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://chloedog.org/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window


With the above, the following happens:

http://www.chloedog.org?129  - Works Fine
http://chloedog.org?129 - works fine
https://chloedog.org?129 - works fine
https://www.chloedog.org?129 - I get an "insecure connection" message.

Can you tell me what I'm doing wrong? It is like it looks for the certificate before doing the redirect.
0
This is the first time I'm setting up a domain that doesn't have a .local extension internally. The reason behind it is that I need SSL certificates for several internal applications to communicate to each other and they don't support self-signed certificates. Also I figured I would get with the times and stop using depreciated namespaces...


So here is what I did:

1) Purchased a regular .com TLD
2) Purchased a wildcard certificate from the provider so i can configure as many subdomains as I need
3) Set up the internal domain as subdomain.topleveldomain.com
4) Installed the certificate in IIS on one of the internal servers
5) Exported the certificate and imported it into the DC (https://technet.microsoft.com/en-us/library/dd941846(ws.10).aspx)
 5.1) I tried putting it in the local computer personal store and that didn't work
 5.2) Tried placing the certificate into the NTDS\Personal and that doesn't work

The way I'm testing is simply by launching LDP.EXE and trying to connect using ssl on port 636 just like this:
AD SSL Install

I'm testing on the same local domain controller and tried a fqdn, as well as just the name, and even tried localhost, but I always get this:

ld = ldap_sslinit("servername.topleveldomain.com", 636, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connection(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to servername.topleveldomain.com
0
Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
we are middle of the issue, i have installed Normal ssl certificate in adfs and its proxy servers after the old certificate got expired we cant acces the application..

receiving following error.. did all the basic trouble shooting steps but no luck can any one help

event id 381..
0
Working with a web service and a little out of my depth.  The example that I have been given asks for my cert with my private key as an option in stream_context_set_option.  Could this expose the private key unnecessarily / does this actually submit to the service?
0
Windows 2008 R2
Tomcat 8.0.33

Trying to create SSL and install from a CA:
Step 1.
"%JAVA_HOME%\bin\keytool" -genkey -alias ecwinttomcat -keyalg RSA -keystore c:\ecwint.keystore
NO Password, hit enter.  
Step 2.
 
"%JAVA_HOME%\bin\keytool" -certreg -keyalg RSA -alias ecwinttomcat -file c:\ecwint.csr -keystore c:\ecwint.keystore

Get Error about -certreg illegal operation.
Cannot convert to a csr.
0
Enroll in August's Course of the Month
LVL 9
Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Hi, I'm doing an HOA site for a friend. (home owners association, for a condo).

I'm using wordpress so that they can update the site easily.  He wants a section where owners log in and can see content that others can't see. I have an SSL certificate, but I'm not sure how to go about this.

We don't need the whole site secured, We just want an Owners Only Login that leads to the secure pages. Thanks for your experience!
0
Hello All,

I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.

The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.

Regards
Rukender
0
I am trying to access a website through proxy server.I am using httpclient.

This is the code which is working fine:

import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Properties;

public class Working {
private static  String PROXY_HOST = "proxy.test.org";
private static  int PROXY_PORT = 80;

    public static void main(String[] args) {
    HttpClient client = new HttpClient();
    HttpMethod method = new GetMethod("https://www.example.org");
    HostConfiguration config = client.getHostConfiguration();
    config.setProxy(PROXY_HOST, PROXY_PORT);

    try {
          client.executeMethod(method);
            if (method.getStatusCode() == HttpStatus.SC_OK) {
           String response = method.getResponseBodyAsString();
           System.out.println("Response = " + response);
                        }
    } catch (IOException e) {
        e.printStackTrace();
    } finally {
  …
0
Hi guys,

we were using netcat from our server to make connections to client machines but ever since we have upgraded to HTTPS it doesnt seem to work, any ideas?
0
Hello, we are setting up a certificate for our mail server through goDaddy. We have gone through a name re-branding and I am setting up he new name.  I was wondering If activesync.mycompany.com is necessary. I was also wondering if I should match the old SAN;s with the new or if something was redundant or un-necessary and could be removed. Thanks

Current Certificate.........
mail.mycompany.com
www.mail.mycompany.com
autodiscover.mycompany.com
activesync.mycompany.com

New Certificate............
mail.mycompany.com
www.mail.mycompany.com
autodiscover.mycompany.com
mycompany.com
0
The issue is as follows, I am running an centos 7 server with a  PHP Plesk Panel 12.5 running my subscribers and their sites. I just recently installed the Ipad site builder module and the site builder module to test each for a potential site building solution for my clients. Well after i installed both,  I was forwarded to a third party website where the actual website is created for each client. Well, after the site is created, on their site i have the option to publish it to a domain on my server.  At 50% install i get the following error  fsockopen failed No route to host (113). Now this same thing happens when i use the site builder module as well.  I am running  PROFTPD on the system, so i do have an ftp server running.  What i need to find out is how to resolve this issue. I am sending you a screenshot us running filezilla  as ftp on port 21, i get the following error. I know this is a minor issue , i just need help narrowing down the cause or misconfiguration.

My firewall and router are open for port 21.
ftpd-error-message.PNG
0
i am bit new to PKI certificates , is it  related to X 509 certifcate
0
We have a small java program that connects to an Oracle (11.2.0.4 Windows) DB. There is a jks file that has the certs in it (4096 key size). When we try to connect we get:

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA

If I make changes to entries below in the java.security file in Java:

jdk.certpath.disabledAlgorithms
jdk.tls.disabledAlgorithms

and remove MD5 and MD5withRSA parameters it works. From what I've read this is supposed to be an issue in JRE 7.4 and above but it is only supposed to happen when they key length is 1024 or less. Not sure why it's happening with a 4096 key length cert.
0
All

We have a requirement where we need to build a WCF service which can make outbound calls (as client) to backend services which requires 2-way SSL (mutual-authentication).

We have been trying this with no luck. It works with 1-way SSL (WCF as client), but when we set the backend services to require 2-way SSL, the handshake failed at the point where WCF is supposed to send its certificate to the backend service, but it doesn't.

Any one has experience doing this? Any clues of what the problem could be will be much appreciated.

Best Regards
Charles
0
Get real performance insights from real users
LVL 1
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Hi

My website is setup to run over http or https, I assumed everything was working until recently.

On my mac in Safari and Firefox the following two URL's work fine
http://www.petenetlive.com
or
https://www.petenetlive.com

HOWEVER in IE it does not load the CSS and bleats about mixed content, Now I can view the source and see that the css is being loaded from http URLs so that's probably causing the problem, (why Firefox and Safari works I don't know?)

I've tried various Wordpress plugins that claim to fix SSL problems - none of them worked. I've set the site in Wordpress to use the https URL, I've also set this in the wp-config file.

HOW DO I FIX THIS?

Note: In running NGINX and don't have a .htaccess file

Pete
0
I have a 2012 R2 IIS 8.5 Server that is running a web site for the application Kaseya.  I am trying to lock it down so depreciated ciphers are disabled and I would like to reorder them in a more secure fasion.  I have attempted to make the changes to the schannel key in the registry (didnt Work).  I have used Narcos IISCrypto and I have ran Powershell scripts to try and recreate all my keys.  I also used group policy to decide the cipher order.  Nothing has worked.  No matter if I have every cipher disabled or even protocol, they still show that they are in use.  I am scanning the server using Qulays ssl scan.  Has anyone ever ran in to this issue?  I have had no problem doing this on other application web servers in my organization, but this one seems as if the protocol and ciphers settings are hard coded somewhere other than the registry.  Any ideas would be greatly appreciated.  I'm wondering if the web application is forcing it somehow and my registry settings have no effect.  I just have never seen this happen, nor can I find any reference on the internet.    Just so everyone is aware, I have restarted after making the reg changes.  Unfortunately, the same protocols and ciphers are always enabled.
0
I'm trying to configure SSL(https) for tomcat 8 and have done below steps but still its not working

1) Create the keystore file using

keytool -genkey -alias myservername -keyalg RSA

Open in new window


2) Generated CSR as below

keytool -certreq -alias myservername -file C:\tomcat_ssl\local_machine\test.csr -keystore C:\tomcat_ssl\local_machine\test.keystore

Open in new window


3) Then we had Generated the Certificate and then imported the chain certificate and certificate as below

keytool -import -alias root -keystore C:\tomcat_ssl\local_machine\test.keystore -trustcacerts -file C:\tomcat_ssl\local_machine\srv_chain.cer

Open in new window


keytool -import -alias myservername -keystore C:\tomcat_ssl\local_machine\test.keystore -file C:\tomcat_ssl\local_machine\srv_main.cer

Open in new window


4) Finally Did the changes in tomcat server.xml as below

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\tomcat_ssl\local_machine\test.keystore" keystorePass="123" keystoreAlias="myservername"/>

Open in new window


Restarted the tomcat and its not working and showing below screen

Tomcat Error Screen for SSL
In tomcat logs it's not showing any errors and also i have tried other options like keeping cipher tag in connection, Enabled TLS 1,2,3 , changing https port etc no avail.

Also i have tested the https port 443 and it's showing as listening when i netstat. Any idea why this is not working
0
2
Hello,

I had tomcat configured to redirect any requests to HTTP to redirect to HTTPS. This was functioning well until we had to do a DR restore of the DEV application. Now, HTTP does not redirect, but HTTPS works fine. I have compared the web.xml and server.xml configurations between our DEV and PROD installations, and found no differences. Below are the sanitized versions of the config:

Server.XML
<Connector port="80"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   bindOnInit="false"/>


<Connector port="443"
				   maxHttpHeaderSize="8192"
				   maxThreads="150"
				   minSpareThreads="25"
				   maxSpareThreads="75"
				   enableLookups="false"
				   disableUploadTimeout="true"
				   acceptCount="100"
				   scheme="https"
				   secure="true"
				   SSLEnabled="true"
				   clientAuth="false"
				   sslProtocol="TLS"
				   keyAlias="DEV_ALIAS"
				   keystoreFile="L:\ocation\to\keystore.jks"
				   keystorePass="supersecretkey"/>

Open in new window



Web.XML (this code is entered after all of the servlet-mapping, and before filter-mapping)
security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Open in new window



Any idea why this might be failing?
0
This issue only happens on Android phones.
We have an internal website which uses self-signed user certificates for authentication.
When a user connects to the website for the first time, chrome prompts them which certificate they want to use. Even though there is only one certificate to choose from.
Usually, just choosing once is enough until the user either turns off the phone or ends the chrome process. But some users say they still get prompted multiple times.

Is there a way that Chrome can be set to automatically use the user certificate installed on the phone so the user does not see this prompt?

We have an MDM solution that automatically installs the certificate on the phones - that part is not a problems. I asked them if they had a solution but their only response was to use their MDM browser instead of Chrome.
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.