SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

On  a netscaler 16500 - suppose I want to traffic to https://yaya.foo.com/whatdoyouknow to redirect to https://www.sharktown.com/whatdoyouknow. But the same mechanism would deliver https://yaya.foo.com/somwhere to redirect to https://www.sharktown.com/somewhere. What would I need to cofigure? thank you
0
INTRODUCING: WatchGuard's New MFA Solution
LVL 1
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

How to Renew SSL Certificate for Exchange 2013 Server Step by Step
1
We have a Sonicwall Firewall NSA 2600 and it is configured to not allow access to sites with SSL certificate issues, such as self signed, expired, untrusted, and so forth/

Beginning Monday morning, any attempt to access a Microsoft website is being blocked. First SSL block that occurs is untrusted root CA. I have triple checked and then triple checked the triple check and the Sonicwall does have the Baltimore Cyber Trust Root CA certificate installed and the serial number matches but it keeps saying Untrusted Root CA.

To get past that temporarily I disabled checking for untrusted Root CA and now it is giving an SSL block saying Certificate Chain Not Complete. I was able to find the correct intermediate certificate "Microsoft IT TLS CA 5" and imported it into the firewall certificate store. The serial number matches and the issued by is correct. However, the problem continues.

Is anyone else having any problems with Microsoft secure websites or have an idea of what to look at? I am very knowledgeable about SSL certs and certificate chains and such but this has me stumped.

This is affecting all Microsoft websites including Live.com, Bing, MSN, TechNet and MSDN any site that requires a secure connection.
0
Hi,

Will someone help me understand how to export a PKCS #10 certificate from a Windows 2008 server? I see an option for PKCS #12 but that is it. Is this even possible? I am using a wildcard certificate issued by Thawte and I need to get one installed on may VPN device. Any advice or guidance?

Thank you.
0
I have a net 2.0 compact framework client that pulls data via an asp.net web service (also 2.0) . This is working fine until we try to connect to the web service on an encrypted link
https: Now I'm getting a web exception in the client, it does work if I change it back to http:

Is there something I need to put in the local.config file to support https? Something with the certificate I need to change or something else
Thanks
0
Is the Instagram iOS app on my iPhone using an HTTPS SSL to encrypt all session activity from being viewed by my ISP? How do you know? Is there any evidence which proves all app activity on Instagram is encrypted or not encrypted?
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
Hi
I had purchased SAN certificate for our Exchange server 2013, through SSL provider and they have been sent the SSL and INTERMEDIATE certificate in text format.
For SSL I copy the text to the notepad and change the file extensions .crt

For intermediate certificate,
Do I copy the text to the notepad and rename the file extension as. pfx
Any help would be great.
0
I'm getting this error in windows server 2008 R2 STD, while connecting through RP

The Certificate is not from a trusted certifying authority


Steps i did

1. Generated a Cert from ibmca
using openssl https://knowledge.digicert.com/solution/SO27347.html

2. Imported the cert in the mmc > Local computer, under personal and remote connections

3. Still Im getting this error,while connecting the RDP

4. Imported the cert in the Trusted folders as weil

5. under RDP-Tcp connection  selected the default cert(auto generated), but im unable to see the cert, which was imported, even i cant see in the select list
but
under remote app manager, the digital signature setting is right and RDP port is 3389

6. I deleted the cert, which is default in the remote desktop in certificates which is being auto generated

again it generates automatically, with the certificate
0
Hi

I have exchange 2013 and my predecessors has installed a SAN certificate on this server SSL® + UCC
Now I wanted to add another domain and i requested the SSL provider to add a new domain to the SAN certificate and I have been told by the SSL providers that the new domain has been added to the SAN and new certificates were issued on the portal.
On the SSL company website portal- Under my account I can see each of the following text on a separated windows.
I can see CSR text ,  SSL text, INTERMEDIATE text

So first do I need to copy the INTERMEDIATE txt on a notepad and rename as .crt and import into Intermediate Certification Authorities in the certificate mmc console of the Exchange server.
Secondly I copy only the SSL text to notepad and rename as .crt and Log in to Exchange Admin Center and import.
Thirdly Do I need to leave the CSR as it is ?

Please suggest if I am wrong or if I missed any steps?
Also do I need to remove the previous SAN certificate on the Exchange 2013, before I install an updated one.

Any help much appreciated. Thanks in advance
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Hello

I have problem with SSL Certificate. I would like to have domain with https (https://mydomain.com), but I don't know how to do it. I bought and download SSL Certificate (SHA-2, CSR,CA) from my hosting that I took my domain. I used Server Certificate Admin (certsrv.nsf) and i get dialog box "The certificate has been merged into your key ring. You are now ready to enable SSL on server...". I go to server document Ports->Internet Ports change to enable "Accept SSL site Certificate", but no results. Maybe the problem is with path to keyfile (My path on server "D:/Domino/Data/keyfile.kyr").
0
Exchange 2013 Default SMTP Cert got overwritten
Was installing a ssl cert had to use exchange management shell as cert would not import correctly.
Was going through the steps with the ssl support team an my default exchange smtp cert got overwritten.
Since this happened i cannot open my exchange administration  e-centre or my exchange management shell
i can open it if replace the localhost name with the url that the ssl cert was installed for mail.testdomain.com/ecp but it dosent recognise the server correctly but can logon
the ssl cert has seemed to install ok.
This is my second exchange server i am running another excahnge server.
i was going to import everything from the old server to the new server
Both servers running exchange 2013 the old server still the main server and that still is ok
Had transfered some test mailboxes across to the new server and they can no longer connect to the new exchange server
Clients dont see the new exchange box
This was working o.k. until the ssl cert was installed and default one got overwritten
 
is it a case of uninstall and reinstall
Any help you can give would be great ?
Thank you
0
Using IIS 7 I've created a self signed certificate. I followed the article here:  https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html

I'm trying to suppress the browser certificate mismatch warning that is displayed on the https://myDevSrv site.  The warning doesn't appear if I use the "real name" of the site https://sp02.contoso.com.  If I use the host header name myDevSrv it doesn't suppress the warning.  

When I generate the self signed certificate I don't seem to have control of who the certificate is issued to.  Just a friendly name.

Is there a way I can fix the self signed certificate to be issued to the host header name of myDevSrv?

Thanks.
0
I believe my service reference is using Triple DES encryption to communicate with one of our vendor's web services. The server we initiate the call from cannot have the 3DES cipher enabled due to PCI constraints.
How can I set my service reference in C# to use RSA instead?
0
I want to import a SSL certificate into my exchange server, I have two with the names "ungorokaIMMssl.p7b and unigorokassl.p7b". I was confused which one to use and tried the this one "unigorokassl.p7b" but it did not work.

I have to do it in exchange server and AD DS to access from OWA, POP3, SMTP etc...


Please assist me on how to go about achieving this.


Thanks alot
0
VMware vCenter 5.5 web login  coming Empty inventory Error reflecting is : "Could not connect to one or more vCenter Server systems: https://xxx.xxx.xxx.xxx:443/sdk"

VC 5.5 is running on windows 2008 and database is Sql2008  running on other server [both are vm running on esxi same host]
Telnet is Fine
DB Test is Fine
Services are fine
But Noting visible under vc inventory.
Did Server reboot and issue got fixed but repeated again after 4 days.

Pls help to locate if issue is with Network/DB/SSL or VC itself


Not able to locate much detail to apply appropriate fix
-2618423BBF69F68A.jpg
-351E50B996600DC9.jpg
-218B3348C6B2659B.jpg
-7057366E756B0F4D.jpg
0
Secure HTTPS
HTTPS is an essential technology and the Chrome browser developed by Google now shows “Secure” in the address bar when you visit a page with the HTTPS protocol such as https://www.experts-exchange.com but what does this mean? Is the website secure from malware? Is our identity secure?
0
I recently updated to Apache Flex 4.16.1 AIR30 I can no longer do HTTP requests.

Error Message:
(mx.messaging.messages::ErrorMessage)#0
  body = ""
  clientId = "DirectHTTPChannel0"
  correlationId = "83285769-41EE-7618-7833-CD43BB74BE6B"
  destination = ""
  extendedData = (null)
  faultCode = "Server.Error.Request"
  faultDetail = "Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B" errorID=2032]. URL: http://192.168.200.74/Webessentials/webessentials/api/version"
  faultString = "HTTP request error"
  headers = (Object)#1
    DSStatusCode = 0
  messageId = "DF5A526F-6F62-6D11-F9BD-CD43BC442000"
  rootCause = (flash.events::IOErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = ""
      dataFormat = "text"
    errorID = 2032
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B"
    type = "ioError"
  timestamp = 0
  timeToLive = 0
0
Dear expert, we have a sharepoint site problem:

=================================================================================================
Date and time : 2018-07-24 12:00:42
Err message : ID4257: X.509 certificate 'CN=ADFS Signing - url.com validation failed by the token handler.
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=ADFS Signing - url.com is not in the trusted people store. The X.509 certificate CN=ADFS Signing - url.com chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
at System.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
Program : ADFS-LoginTest
Version : 1.0.0.0

Anyone know what is means and how to fix this?
0
Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Having an Exchange 2016 issue. Apparently one of our techs accidently deleted the exchange default SSL and replaced it with a new one. We can no longer access the Exchange power shell or exchange admin via the web. Not sure what to do from here. Some of the events we are getting:

An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

Cmdlet failed. Cmdlet Enable-ExchangeCertificate, parameters -Services "SMTP" -Identity "Server.JRLDC.local\BCCC5D2160204691A864EBEAD60678610D4F5BED".

Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
 
 Certificate name: Server.JRLDC.local


any one have any thoughts?
0
Hello Certificate Experts,

We have a test intranet website that is an exact replica of our production intranet site.  The marching order came down to secure the test intranet site in preparation for securing the production site.  I generated the CSR for the test intranet site in IIS Manager.  I then took the certificate request and generated the SSL certificate for the site via our enterprise CA.  I imported the certificate onto the web server and then configured the test site to use the certificate.  I verified I could hit the secure test intranet site via IE with no problems.  I tried hitting the test intranet site with Chrome and I get a warning, but I can click through the warning and hit the site.  In looking at the warning, Chrome sees the certificate generated by our enterprise CA as being invalid.  While research into why Chrome sees this certificate as invalid, I ran into several different articles/posts indicating that for Chrome to recognize our internally generated certificate as valid it had to have the subject alternate name field.  I opened certmgr.msc on the web server and generated a new CSR with a SAN attribute.  I used the new CSR to generate a new certificate from the enterprise CA.  I imported the new certificate onto the web server via certmgr.msc.  I viewed the properties of this certificate and verified it did in fact have a subject alternate name attribute.  I then went into IIS Manager and removed the first certificate from the binding of the test…
0
Index-page-source.rtf
We have a Yahoo Store and are trying to activate their "secure server" feature which will run our website ona secure server and display our URL as https://

I've spends hours getting rid of any content (images, scripts, etc.) coming from an unsecured server by moving this content to Yahoo's server. Finally I was able to get rid of any "blocked content" warnings when testing the pages in the secured mode.

Unfortunately, after making the new setup live, some browsers, like Firefox and Safari, are showing the site as Secure while Chrome and Opera are still showing it as unsecured. Chrome did change it warning from "this site is not secure" to "this site is not fully secure." (underline mine).

Yahoo techs tried to tell me I must get rid of any external links to unsecure (http://) .  My questions:
(1) Are external links to unsecured websites (<a href="http://example.com">) allowed?
(2) Has anyone come across this problem with Chrome where they're being overly strict on what constitutes a fully secured website and, if so, what code are they calling unsecured when other browsers consider it secure?
0
SSL Certificates

Can you explain the process for buying SSL certificates?
The challenges around security?
Where to buy from?

Who should have access?

Any other info would be great
0
hello
is there any way to cash youtube videos without mitm senario ?
0
I am trying to install mod_security on an Amazon Linux 2 running Apache 2.4

This is the guide I am following -
https://resources.infosecinstitute.com/configuring-modsecurity-firewall-owasp-rules/

Open in new window


It fails on this command -
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Open in new window


I get this output when I try to run it from root -
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Cloning into 'owasp-modsecurity-crs'...
fatal: unable to access 'https://github.com/SpiderLabs/owasp-modsecurity-crs.git/': error setting certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none

Open in new window


Please help me to get Mod_Security installed and running

Thanks,
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.