SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi guys

I have an EC2 AWS instance running apache. We previously bought SSL certificates and had them installed. They have now expired. We renewed them with Godaddy.

I want to install them on the server, but I can't seem to find the location where they need to go. One of our techies who has left may have played with the http.conf file but I am unable to work this out.

Can someone give advice on how to work on this?

Thank you
Yash
0
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

I am understanding that a DAG is recommended but not required for an ON-prem deployment of exchange 2016. This I presume because if the 1 and only exchange server goes down no email can route.  
When a person puts in there email and password into Outlook program its supposed to automatically get the data needed to setup the email however it fails, because the exchange server has been setup incorrectly.
If we deploy a DAG will that in a step fix this issue/resolve the Auto config settings problem.

Thank you for your help in advance
0
I am trying to develop some software for a company. This company has at IT department with active directory. I would like to talk with IT, about getting Active Directory Certificate services setup so I can be issues with a Internal Cert to sign my app.
What documentation does Microsoft release regarding if they recommend AD CS. Is there any documentation that says if a domain doesn’t have a AD CS its not complete or its not whole?
Im sort of looking for historical document too. I want to be able to demonstrate to management the importance of AD CS for signing encryption and use of TPM on our laptops.
Thank you in advance for your help.
0
What is the best way to create a CA Sign Cert Request with multiple SAN's in Powershell?

I need to request a cert with about 120 SAN's in it. Obviously, I know that can be done in the GUI but I'd rather not go through the pain of that.

I know Powershell has the cmdlet: New-SelfSignedCertificate. I am not creating or attempting to create a selfassigned. I need to create a CA signed request so that I can send to the CA..

Any information on this would be greatly appreciated. If possible, an example with SAN creations would be great.

Thanks!
0
We have provisioned a HTTPS web server using windows server 2012. An valid SSL certificate with valid CN (Common Name) has been installed on the web server.

However, due to DNS issue some Web client use IP Address (e.g. https://10.x.x.x) on the browser to access our HTTPS server and prompt for warning.  The user will proceed with the warning anyway in order to access the Web service. We are going to have an internal auditing session soon and our question is:

When the end user using IP address to visit our HTTPS site instead of host / CN (Common name) that match with the installed SSL certificate name, we understand a warning will be prompted before connected to the https server but will the HTTPS traffic still encrypted over the transmission during the network communication as we need to get back to our audit department ?

Thanks for your prompt advice in advance.

Regards
Patrick
0
I am running Server 2012 datacenter, IIS 8.  SSLabs.com says that I have SSL 3.0 enabled on the server and i do not believe i do. I have used IIS Crypto to disable it. I also followed https://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html and verified registry. I rebooted as well.

Any thoughts?
0
I have a SPA in angular that is hosted at https;//mysite.example.com and it has a *.example.com lets encrypt certificate issued to it.

I have an API in ,net core that services this web app as well as a mobile iOS app and it has a default SSL certificate give to us by out cloud host ( https://myapp.my-cloudhost-service.com/api).

Because these services are operating independently, i do not need to worry about any issues with SSL certificates correct? Like no CORS issues or warnings for XSS stuff in the browser?

Its all working fine on dev but of course i want to make sure i have all my basis covered before we push to production.

Thanks
0
I have a development nginx system that is requiring https to login. Is there a switch or variable that will make admin to default to http instead?

This site isn't propagated so no ssl on site.
0
I have an nginx development site that I can't get into because it keeps auto-populating to https. This is because I the copied files and database from an existing https enabled site.  Is there a way to force a browser to only use http for this site?

This site hasn't been propogated so there is no dns.  Thus, no way to have an ssl cert.

Because it keeps filling in the https I get a message the site can't be reached.  I have tried filling it in manually and deleting the history but it still keeps accessing https.

Thanks
0
Google Chrome Browser: 75.0.3770.142 (Official Build) (32-bit)
Windows OS (10 & 8.1)

BACKGROUND
The speed of loading web pages in my Google Chrome Browser had become slow. While looking through the advanced settings of the Google Chrome Browser, I clicked on the selection titled: "Manage Certificates". I noticed there are a large number of certificates.

QUESTION
(see Title of this post)
When, if ever, does it become (a) necessary or (b) advisable to remove (delete) one or more SSL certificates?
Is there a method that allows you to easily find "expired" certificates?
What would be the expected result if one were to remove ALL certificates? Could this cause problems, or would they simply reinstall themselves as needed, when those sites were visited again?
0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I  am running my site on IIS 6.  Have installed SSL and when I call it on https I get the following error.

ERR_TOO_MANY_REDIRECTS
Tried clearing the cookies on browser but no luck.
Untitled.png
0
I have a site which is sitting on an IIS 6 server.

I have setup SSL on IIS server.

The normal http call brings up the site. e.g. (http://www.example.com)

However, I get "403 - Forbidden: Access is denied." when I try to load the site through https. e.g. (https://www.example.com)

I have searched everywhere and have already tried the following,

Unticked the "Require SSL" and selected the Ignore option as the Client Certificate.
0
Hello Experts,

I'm seeing a strange issue on some of our PCs.  Basically users are certificate related errors when they are browsing to different sites.  When I look at the certificates on their computers via the Certificates MMC, I see the root certificate authorities folder is populated as expected.  However when I look at the intermediate certificate authorities folder, the only intermediate CA in there is our internal intermediate CA.  Does anyone have any ideas on what may have caused this?  I have read that MS maintains a list of root CAs.  Does it maintain a list of intermediate CAs?  If so, how can I use this list to update the intermediate CA folder on the PCs having issues?

As always, thanks for your help.

Nick
0
Hello!
I have this Mixed Content error in some browsers. Like index.php calls for css:style.css file which is over HTTP. I found that my template in a file template.config.php has such a line in a load CSS section:

 
$this['asset']->addFile('css', 'css:style.css');

Open in new window


URL of the site is: apostasia.ru
0
Site certificate says "Not Secure / Invalid" when I have already applied certificate settings matching it.

I'm current using port 443 (default port) and using Starfield certification. Applied the certificates to the local computer and user certificate registry generated from the keystore file. I couldn't seem to grasp what is still missing? Please help.

https site invalid certificate
keystore file with certificates added
0
Remote Outlook clients cannot connect to Exchange 2010 - 2013 in coexisting configuration while performing upgrade.  I believe this may be an Autodiscover issue as the MRCA errors while trying to test & contact the Autodiscover service.

I can reconnect existing external Outlook clients by setting the proxy connections,  however if they disconnect and try to reconnect the proxy settings are removed and need to be reset in order to connect again.
An external Outlook client can not setup a new mailbox in Outlook as they get the "Something went wrong" message while doing so.

Thanks for your assistance!
0
Can somebody please explain on the IIS SSL with the creation of the port 443 with the cert making the https for the web site yet there is on the SSL Settings a "Require SSL" checkbox.

What is the significance of the "Require SSL" when the there is already the port 443 (https)?

Any information on this would be greatly appreciated.

This is under Windows 2016 Server with IIS 10.

Thanks
0
When someone asks for the DN from an SSL certificate is it usually the Subject or the Issuer?
0
Regarding VMware Advisory ID |VMSA-2019-0008
https://www.vmware.com/in/security/advisories/VMSA-2019-0008.html

Did checked the KB article -have few queries in mind to confirm with experts so that Fix can be applied if required
For Sequential and Concurrent Attack- Fix to be applied....

[1] Do We need to First Upgrade VC/VCSA  to Fixed Version -which is yet showing as Pending OR if we simply can make changes @Esxi -Advanced Setting - for Value  known as
VMkernel.Boot.hyperthreadingMitigation
?

[2] What all are precautions /prerequisites  if We need to verify for running applications /certificates/SSL in use @VM on different host under VC?

[3] There are Few Host  showing warning with
esx.problem.hyperthreading.unmitigate
-So Can We simply update the Value to fix the issue or nay more prerequisites  required ?

[4] There are Host in VCHost showing Options to enable/ disable fix where we are not able to locate the value to be updated ? while there are host where we can locate n update the value ?
Is It limited to specific version/Patch @VC /Esxi ? Host Not showing Options to enable/ disable fix
Please help if we can plan for fix if it is required  ?
0
Python 3 Fundamentals
LVL 13
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

We have an Exagrid server (de-duplicating storage device which is running some flavor of linux) on our internal network.

Its IP address is 10.1.1.40

It issued its own self-signed certificate:  Certificate Path = "Exagrid Local Root CA \ Exagrid Local Site CA \ dev1.ourdomain.com"

When I browse to:  httpS://10.1.1.40  (or to httpS://exagrid.mydomain.com),  I get the error: "Certificate cannot be verified up to trusted certification authority"

Question: what's the best practice so that any client on our internal network can talk httpS to this internal exagrid linux server?

Should the exagrid folks provide me a certificate that I'm supposed to distribute to all the clients on our internal windows network?

Or, am I supposed to get a public certificate for exagrid.mydomain.com which would resolve to an internal 10.1.1.40 address?

Exagrid provided me a file names: cacert.pem ;  I'm not sure what to do with this.

Thanks and sorry if this is a really dumb question.

Mike
0
We have a group who needs to install\import a Root Certificate chain into the IBM WebSphere.  I sent them a .p7b file containing the Root Certificate as well as the Issuing CA certificate.
They are saying that:

I have tried to load the certificate (attached) that was provided for the xxxx domain.
Websphere does not like the format I have tried renaming to a .cer but it does like that file either.
This is the error that I get and that error points to the format of the cert.
Unable to initialize, java.io.IOException: Short read of DER length

Would someone be able to tell me what type of certificate format is used to import certificates into websphere ?
And how to convert a .p7b file into other formats, eg. DER ? or PEM ?

Thanks, Mona
0
Hello,

Clients in the company send me CSRs to generate certificates from.  I use the Entrust CSR Viewer to look at the look contents before approving them.  

Under Properties I sometimes see Signature Type as sha1WithRSAEncryption and sometimes as sha256WithRSAEncryption.   Why is that ?  Is it because the users are submitting the CSRs from different Windows Server OSs ? or are the users selecting sha1WithRSAEncryption by mistake ?  Are the ones that are sha1WithRSAEncryption going to cause issues down the road ?

Please see the attachments.

Thanks,  Mona.
0
I am using RDWeb for password resets and the SSL Certificate recently expired. This was originally setup by a third party so now I am trying to replace the certificate with my new one. I am inside IIS Manger and installed the certificate  into Certificat Manager as well as in to the Local Computer- Personal cert but when I go to remove the old cert the site crashes. It looks like I am missing something and I have not been able to figure it out. Any help would be greatly appreciated
2019-06-04-08_47_34-This-site-isn-t-.png
2019-06-04-08_48_27-dhcp---Remote-De.png
2019-06-04-08_50_10-hcp---Remote-Des.png
0
I have a multi tenant web app

Users can create trials, and I assign they url like so
123.mydomain.com
124.mydomain.com
125.mydimain.com

123 = db Id of that trial.

This all works great
However its not on https

I use certify the web for iis https certificates
I would like to have a wildcard cert
*. Mydomain.Com

So that all these trials are on https
Ideally I don't want to pay for certificate or have to enter the bindings for every site for the trials

What options do I have? Is this possible
Entering bindings is a bigger head ache than buying a wildcard
But ideally let's encrypt /certify the web would do it all

I use 123-reg to manage domain dns
0
One of our users has a personal Macintosh computer that can't access any regular external Web sites when on our corporate network.

In Safari, she gets the message:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Other browsers produce a similar result.
 
Ping and DNS resolution work when the computer is connected to the corporate network.

The computer works can access Web sites normally when on a non-corporate network.

All other Macs on the network function corectly. We don't use a proxy server.

Panda antimalware turned off.

Any thoughts?

Tom
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.