We have a Sonicwall Firewall NSA 2600 and it is configured to not allow access to sites with SSL certificate issues, such as self signed, expired, untrusted, and so forth/

Beginning Monday morning, any attempt to access a Microsoft website is being blocked. First SSL block that occurs is untrusted root CA. I have triple checked and then triple checked the triple check and the Sonicwall does have the Baltimore Cyber Trust Root CA certificate installed and the serial number matches but it keeps saying Untrusted Root CA.

To get past that temporarily I disabled checking for untrusted Root CA and now it is giving an SSL block saying Certificate Chain Not Complete. I was able to find the correct intermediate certificate "Microsoft IT TLS CA 5" and imported it into the firewall certificate store. The serial number matches and the issued by is correct. However, the problem continues.

Is anyone else having any problems with Microsoft secure websites or have an idea of what to look at? I am very knowledgeable about SSL certs and certificate chains and such but this has me stumped.

This is affecting all Microsoft websites including Live.com, Bing, MSN, TechNet and MSDN any site that requires a secure connection.

I have a net 2.0 compact framework client that pulls data via an asp.net web service (also 2.0) . This is working fine until we try to connect to the web service on an encrypted link
https: Now I'm getting a web exception in the client, it does work if I change it back to http:

Is there something I need to put in the local.config file to support https? Something with the certificate I need to change or something else
Thanks

Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.

I'm getting this error in windows server 2008 R2 STD, while connecting through RP

The Certificate is not from a trusted certifying authority


Steps i did

1. Generated a Cert from ibmca
using openssl https://knowledge.digicert.com/solution/SO27347.html

2. Imported the cert in the mmc > Local computer, under personal and remote connections

3. Still Im getting this error,while connecting the RDP

4. Imported the cert in the Trusted folders as weil

5. under RDP-Tcp connection  selected the default cert(auto generated), but im unable to see the cert, which was imported, even i cant see in the select list
but
under remote app manager, the digital signature setting is right and RDP port is 3389

6. I deleted the cert, which is default in the remote desktop in certificates which is being auto generated

again it generates automatically, with the certificate

Exchange 2013 Default SMTP Cert got overwritten
Was installing a ssl cert had to use exchange management shell as cert would not import correctly.
Was going through the steps with the ssl support team an my default exchange smtp cert got overwritten.
Since this happened i cannot open my exchange administration  e-centre or my exchange management shell
i can open it if replace the localhost name with the url that the ssl cert was installed for mail.testdomain.com/ecp but it dosent recognise the server correctly but can logon
the ssl cert has seemed to install ok.
This is my second exchange server i am running another excahnge server.
i was going to import everything from the old server to the new server
Both servers running exchange 2013 the old server still the main server and that still is ok
Had transfered some test mailboxes across to the new server and they can no longer connect to the new exchange server
Clients dont see the new exchange box
This was working o.k. until the ssl cert was installed and default one got overwritten
 
is it a case of uninstall and reinstall
Any help you can give would be great ?
Thank you

I believe my service reference is using Triple DES encryption to communicate with one of our vendor's web services. The server we initiate the call from cannot have the 3DES cipher enabled due to PCI constraints.
How can I set my service reference in C# to use RSA instead?

VMware vCenter 5.5 web login  coming Empty inventory Error reflecting is : "Could not connect to one or more vCenter Server systems: https://xxx.xxx.xxx.xxx:443/sdk"

VC 5.5 is running on windows 2008 and database is Sql2008  running on other server [both are vm running on esxi same host]
Telnet is Fine
DB Test is Fine
Services are fine
But Noting visible under vc inventory.
Did Server reboot and issue got fixed but repeated again after 4 days.

Pls help to locate if issue is with Network/DB/SSL or VC itself


Not able to locate much detail to apply appropriate fix
-2618423BBF69F68A.jpg
-351E50B996600DC9.jpg
-218B3348C6B2659B.jpg
-7057366E756B0F4D.jpg

I recently updated to Apache Flex 4.16.1 AIR30 I can no longer do HTTP requests.

Error Message:
(mx.messaging.messages::ErrorMessage)#0
  body = ""
  clientId = "DirectHTTPChannel0"
  correlationId = "83285769-41EE-7618-7833-CD43BB74BE6B"
  destination = ""
  extendedData = (null)
  faultCode = "Server.Error.Request"
  faultDetail = "Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B" errorID=2032]. URL: http://192.168.200.74/Webessentials/webessentials/api/version"
  faultString = "HTTP request error"
  headers = (Object)#1
    DSStatusCode = 0
  messageId = "DF5A526F-6F62-6D11-F9BD-CD43BC442000"
  rootCause = (flash.events::IOErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = ""
      dataFormat = "text"
    errorID = 2032
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B"
    type = "ioError"
  timestamp = 0
  timeToLive = 0

Hello Certificate Experts,

We have a test intranet website that is an exact replica of our production intranet site.  The marching order came down to secure the test intranet site in preparation for securing the production site.  I generated the CSR for the test intranet site in IIS Manager.  I then took the certificate request and generated the SSL certificate for the site via our enterprise CA.  I imported the certificate onto the web server and then configured the test site to use the certificate.  I verified I could hit the secure test intranet site via IE with no problems.  I tried hitting the test intranet site with Chrome and I get a warning, but I can click through the warning and hit the site.  In looking at the warning, Chrome sees the certificate generated by our enterprise CA as being invalid.  While research into why Chrome sees this certificate as invalid, I ran into several different articles/posts indicating that for Chrome to recognize our internally generated certificate as valid it had to have the subject alternate name field.  I opened certmgr.msc on the web server and generated a new CSR with a SAN attribute.  I used the new CSR to generate a new certificate from the enterprise CA.  I imported the new certificate onto the web server via certmgr.msc.  I viewed the properties of this certificate and verified it did in fact have a subject alternate name attribute.  I then went into IIS Manager and removed the first certificate from the binding of the test…

SSL Certificates

Can you explain the process for buying SSL certificates?
The challenges around security?
Where to buy from?

Who should have access?

Any other info would be great

I am trying to install mod_security on an Amazon Linux 2 running Apache 2.4

This is the guide I am following -

https://resources.infosecinstitute.com/configuring-modsecurity-firewall-owasp-rules/

Select all Open in new window

It fails on this command -

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Select all Open in new window

I get this output when I try to run it from root -

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Cloning into 'owasp-modsecurity-crs'...
fatal: unable to access 'https://github.com/SpiderLabs/owasp-modsecurity-crs.git/': error setting certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none

Select all Open in new window

Please help me to get Mod_Security installed and running

Thanks,