SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi:

I am a web developer, not a server administrator. Due to unfortunate circumstances at my office, we no longer have staff that manages our servers, and I have been asked to get our server PCI compliant. Good times. The server is running Windows 2008 R2 64 Bit. There were 9 issues and I have resolved 7 of them. I am having a hard time with the last two. I have been reading for the last two days and I am still unclear how to resolve the issues. Hopefully someone here has the missing pieces I am looking for.

The two issues are:

1. SSL/TLS Weak Encryption Algorithms
2. Reflected Cross-Site Scripting Vulnerability

I don't want to over simplify the solution, but if there's anyone out there who can help me resolve these two items I'd appreciate it. I've included a screenshot of IIS Crypto 2.0 below.

http://awesomescreenshot.com/0046ess867

Thanks for any guidance.
0
What Security Threats Are We Predicting for 2018?
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

can someone help me to install vsftp Server on Debian with SSL certification?

I followed many guiedes but no success.

my Server can connect locally but after certification install no 21 port from externally.

thanks
0
I have installed ssl certificates on WebServers using IIS since 6.0 and I need to install one on a server now before going live and although users type a URL into a browser to access the webpage and sign in to perform several types of financial transactions,  The first thing I looked for was the inet pub folder and there was none.  Needless to say there was no IIS of any version and no CSR to submit and no self installation application to install the cert for me.
Now I'm not sure whether or not the ssl certs I use for our web servers are used for this type of application server and I have no clue as how to go about installing an SSL cert without IIS.  Testing is starting and so far I find that  I can't connect with the reason returned being there is no Cert installed in the Root CA Authority store. Can anyone shed some light on this subject for me or at least point me in the right direction so I can get this server secure before going live with it.      Any tips on what the dfferences are between this type of app server and a web server and how to install them on servers without IIS.  Thanks.
0
Hello Experts,

Our organization has two separate Active Directory domains (separate forests):
1.      company.local
2.      youthed.local

We have recently implemented a PKI infrastructure using AD CS.  The infrastructure consists of an offline CA (named Company-RootCA).  This CA is not part of any domain or forest.  We have an intermediate CA in the company.local domain that is issuing certificates as expected in that domain.  We would like to implement a PKI solution in the youthed.local domain.  Can my offline CA be the root CA for both the company.local intermediate CA and a youthed.local intermediate CA?

Thanks,
Nick
0
Dear experts, we are building a domain environment for 1 Head quarter and several branch offices. We are in HQ, have Firewall Sophos XG which can create both IPSec and SSL VPN connection. But which one is better in terms of security, deployment, maintenance for active directory environment? Could you please suggest?

Note: the main aims of VPN are joining domain in HQ and access Shared file server
0
I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

The strange thing is I have no problems connecting via regular FTP on the same server.  

I'm using IIS for Windows Server 2016 FTP site.

On the client side I'm using WinSCP.

I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
0
I have a virtual Debian web server running apache 2.2.22 with an ssl enabled vhost.  I am trying to disable SSLv3 and no matter what I do there seems to be no change when I rescan the website with Comodo or SSL labs.  I have tried editing:

/etc/apache2/mods-available/ssl.conf
/etc/apache2/sites-available/default-ssl

... by either adding or changing the existing parameters for:

SSLCipherSuite
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2

And after every change I run service apache2 restart

I also grep'd the /etc/apache2 directory for those ssl variables thinking they were coming from somewhere else but they are not.

Ultimately I am trying to switch the site over to TLS and dump SSLv3 but I just can't make an impact...
0
I would like to deploy certificates to my internal servers that bear Extended Validation. Through domain policy, I am able to push my own root certificates to the Trusted Root Certification Authority store in the PCs that I manage.  In doing so, the certificates signed by my private key appear to be valid and trusted to my internal users when viewing my internal servers.

Obviously, my root certificate is not going to be included in standard browser installations, so your average web user is not going to trust my certificates.  They don't have access to my internal network, so they have no reason to anyway.

Still, what I'm wondering.. with my root certificate imported into the browsers TRCA store, is it possible for me to sign certificates bearing the necessary attributes to make them appear to the user as an Extended Validation Certificate?  I typically use the OpenSSL commands to generate my keys, CSRs and certificates.  How might I go about this?
0
Hi, If we go to https://   techgardensdotcom,  we see the lock. A test of the ssl cert shows it's installed correctly. But I can still get to http://   techgardensdotcom.

Am I missing something, maybe an entry in the htacess file? Thanks.
0
Hi All

I am in the process having exchange 2003 and  and exchange 2010 in co existence. All configurations have been done. After testing connections i found the error below
Your connection is not private ERR_CERT_AUTHORITY_INVALID
What do i have to do tpo get it to work

We will use the following
outlook anywhere
exchange web services
active sync
outlook web app
ecp
owa directory

Do i have to buy a certificate? If so which one. We will be adding a new domain to our exchange server as well

Appreciate a feedback
0
[Webinar] Cloud and Mobile-First Strategy
LVL 11
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Hello,

I would like to know how to implement ssl-cert-check from ssl-cert-check

I do have a windows box at work. Can i create it through Cygwin ?

Or what Linux flavor can i use ? Thoughts ?

Thanks for your help.
0
What is the best way to convert my site to https?  The site in question is www.gopherstateevents.com

Thank you!
0
I am have a 2012 server running IIS.  I created a CSR, dropped it into Godaddy's tool and was issued a certificate and an intermediary certificate.  I put those on the local server, went into MMC and added the certficate snap in.  I imported the certificate to the personal and the Trusted Root Certification Authorities areas.  

I then went to IIS manager and tried to edit the binding for the server on port 443.  When selecting the certificate, nothing is there to select.

A support person from Microsoft said that it was because there wasn't a private key.  I tried the "certutil -repairstore my "s/n (or thumbprint) of cert here)" but I am then prompted to insert a smart card.  We don't use these.  

This IIS server is using owncloud and is connected to the LDAP.  Does that have anything to do with it?  

Hoping someone that is better at SSL certs then I can help.

Thanks in advance.  IIS server is down until I get a certificate back on.
0
I had this question after viewing Questions on SSL certificate.

Once the SSL Certificate expires, can you upgrade your SSL Certificate?
0
When I generate a CSR and send it to a certificate authority they send me back the cert and I finish the process. My question is where is the private key, is this the CSR
0
Hi All Expert,

Good Day.

I am tasked to help outside vendor on SonicWall NetExtender VPN setup and don't have much knowledge on this SonicWall NetExtender, I went to the official website and was shock that it does not have the download for windows. The firewall is Sonicwall and I was given the IP address and domain though, windows 10 I know can download the SonicWall Mobile Connect, but I need windows 7 as well. Appreciate if any expert here have SonicWall VPN experience can assist me on.

Thanks!
0
Hello Experts,

One of my customers is facing a challenge with their security team who is pushing them to patch all PKI servers in a monthly basis.

The IT department is looking for some sort of documentation on best practices to patch PKI servers[Root Offline, Enteprise sub CAs, NDES, OCSP, and web servers holding the CDP locations].

The idea is to push back their requirements, and come with an agreement to patch each PKI server role only when is really required or a few times a year without compromising the integrity of the infrastructure and security.

What are best practices to patch PKI servers per role?

What is the impact if one of the servers becomes available after patching?  Please, elaborate your answer

Is there a business case or doc that can be used a justification to push back this requirement?

Please, provide as much information as you can per server role and service impact

thanks
0
I have a setup with 2 Checkpoint gateways (appliances) in a cluster and a virtual management. I have tried the below both with R77.30 and after upgrading to R80.10 with the same result.

I want to enable the https inspection blad. I have licenses and everything. My computers trusts an internal PKI root CA certificate and I have issued an issuing certificate to the gateways without any issues.

When I activate the https blade everything around https on the clients start to behave strange. It is very confusing. The moment I turn the blade off again everything works as a charm.

I am fully aware that https inspection takes a lot of fine tuning but I haven´t come to that stage yet. Right now, even when I have created a https decryption policy that bypasses *everything* the clients have issues.

In an earlier stage I created a decryption policy only to decrypt traffic from one test-client but the users started to scream instantly. And now I am at a stage where the configuration looks like no https should ever be touched but enabling the blade still breaks user traffic.

As I said above, this is tried both on R77.30 and R80.10.

One thing I have noticed is that the trusted root cert list seems a bit old. The newest trusted root cert is issued 2010! However, the dialogue below the cert list where an automatic update of certs should take place is empty. There never shows up any new trusted root certificates.

At one place in the gui there is a dialoge with three …
0
I have a exchange 2013 server running on server 2012.  The SSL certificate from Comodo expired two days ago.  We purchased a 3 year multi site certificate from Godaddy.  I went through the process of creating the CSR, putting that into Godaddy's CSR request entry form and have received my certificate.  I installed the intermediary certificate and see Godaddy certificate there.

I then go to EAC and complete the CSR and import the certificate.  I then assigned the services IIS, SMTP, POP, IMAP to the certificate.  
I have also looked at IIS manager to verify that IIS is using the correct certificate.  The bindings.

However, when I go to the web site for our OWA, the old expired certificate is still there.  I have been fighting with this for 12 hours now and would appreciate any help I can get.  

Scott
0
How to Use the Help Bell
LVL 11
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Hi,

I have enabled SSL for tomcat 8 and my website is working fine in Internet Explorer,but in chrome it is giving me certificate error.

I am running on updated chrome version,may i know if am missing anything.

Thanks,
Vikram
0
I have a load balancer with a public VIP. The partner can only get the site if they ignore that they perceive the site as unsafe.
I’m fairly the certain my very is valid because other VIPs use it. What are some reasons a client might not trust the cert? Brain storming question.
0
Hi Guys,

Trying to install external ssl certificate on Cyber Roam device but having trouble, not able to do so....its asking for .pem file format but my certificate format is .crt

Please advise...what needs to be done to install a comodo instant ssl premium ov certificate on Cyberoam...

Rgds
0
Hi All,

I have a web server that needs to host 2 SSL certs that will use 1 public IP address

I have added the certs to the server and added a new entry to the ssl.conf file

<VirtualHost *:443>
 #ServerName www.XXXXXXXX.com
 #DocumentRoot /var/www/site2
 SSLEngine on
 SSLCertificateFile /etc/httpd/conf/ssl.crt/XXXXXXXXX.crt
 SSLCertificateKeyFile /etc/httpd/conf/ssl.key/XXXXXXXXkey
 SSLCACertificateFile /etc/httpd/conf/ssl.crt/XXXXXXXX.crt
</VirtualHost>  

When I restart httpd.conf I get the following message.

Starting httpd: [Wed Nov 15 09:25:05 2017] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Obviously, it is looking at both certs and as both use Port 443 it goes with the first cert it sees and not the second. What am I missing?

CentOS 6.9
Apache with mod_ssl installed
0
Hello All,

I have an Website with many sub applications... 1 of which is now grabbing bank info and passing it to the banks for payment options/etc... My website on all other apps I dont feel need the https... How do i go about installing it on just the application? This app is in .net so we do require a login on this application so i figure I would SSL it from that point. Anyone have any step by steps on how to do this without interupting anything else on my IIS server? IIS 7 on Win 2008 r2.
0
Hi, I have a weblogic server running with different port numbers for HTTP and HTTPS. In our workstation we setup HTTP pointing to same port in the ISSPROXY.INI file. We could access from the local IIS URL to connect to the weblogic server; but when try to connect to secured server from IIS gets 2 different errors in the event viewer Event ID 1000 and Event ID 1001. below are the errors captured

EVENT ID 1000:

Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96
Faulting module name: iisproxy.dll, version: 0.0.0.0, time stamp: 0x59966438
Exception code: 0xc0000005
Fault offset: 0x0000000000030410
Faulting process id: 0x2514
Faulting application start time: 0x01d35a3fff6328df
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: \\?\C:\xxxxxx\XXXXXXXXX\lib\iisproxy.dll
Report Id: 3dddc54c-c633-11e7-812e-005056886b10
Faulting package full name:
Faulting package-relative application ID:


EVENT ID: 1001
----------------------

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: w3wp.exe
P2: 8.5.9600.16384
P3: 5215df96
P4: iisproxy.dll
P5: 0.0.0.0
P6: 59966438
P7: c0000005
P8: 0000000000030410
P9:
P10:

Attached files:

These files may be available here:



Our iisproxy.ini has the below information:
--------------------------------------------------------------

ISSPROXY.INI

WebLogicHost=ssl-server-name
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.