SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,

The vendor who does our security audit express concern about SSL certificate we are using on our websites.  They mention version 3 and TLS v1 are not secured.  

I check the version of the cert we purchase is SHA-2.  

I usually purchase the latest version cert and apply it to my IIS website.  Are there additional things I need to do?

Please advise.  

Thanks.
0
The Ultimate Checklist to Optimize Your Website
LVL 1
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Hi all,

We have recently upgraded our internal CA to SHA256. We have a number of internal webservers that have sha1 certificates that are still valid. We are looking to upgrade each other certificates through controlled process. My question is, if we are to renew the certificates on the servers with the new SHA256 if there any issues are we able to recreate a new cert using a SHA1 cert?
0
When my site are in development I have always gotten the IP address from AWS, then accessed them from my browser. But here's an article I would read if there is a secret exposure...

https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want

I do not take lightly to changing my Hosts file because I do not want to put myself into an unstable condition, if I missed something in the directions.

Is there risk to using an IP address to directly access my PC? I assume the biggest benefit is that the site can be kept private from public view, but is there any way in the world that someone cold guess that address?

Are the scrapers out there pinging billions of IP addresses?

As far as keeping it private, it is mainly that I can use my real domain name and keep that private? That's nt important to me since I can buy the SSL cert and do that before launch. AT the moment, I just need to look at the sire and test it, so by adding my IP into the browser, does that expose my IP to scrapers?

Thanks.
0
Hi.
Have a SBS 2011 , with Exchange 2010.
Setting up new pc's with Office 2016 that only support autodiscover set-up.
Have a certificate mail.domainname.com.
Made a DNS cname record ; autodiscover.domainname.com -> mail.domainname.com

Autodiscover setup i Outlook now works but gives waring on every startup (of Outlook).
Stating that there is a missmatch between the certificate (mail.domainname.com) and the server it connects to (autodiscover.domainname.com) Which I understand. There is a missmatch..


So, was hoping to get around this without buying a new multi-sub-domain certificate.

Found a workaround:

#
HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

4.      Click the Edit menu, point to New, and then click String Value.
5.      Type the name of the HTTPS server to which AutoDiscover can be connect without warning for the user, and then press ENTER. For example, to allow a connection to https://contoso.com, the first String Value (REG_SZ) name would be as follows:

contoso.com
#

here I added autodiscover.domainname.com (and mail.domainname.com + domainname.com, when it didn't work) without any luck.

Outlook works (send and recive mail) even if I let the warning stay open, but would like to get rid of it.

- Only 3 pc's connected to domain.
0
Hi all,
I have just installed a Thawte SSL certificate on my server for one of my websites. Its seems et up correctly, however, now the site does not work correctly. It is not a Joomla or WordPress site but does make use of some external assets such as fonts etc. Is this causing the issue?
http://www.jonbysoft.com/   << None secure

https://www.jonbysoft.com/  << Secure SSL

New to this. Any help of advice appreciated.

Kind regards
Abiel M de Groot Sanders
0
i have used

openssl pkcs7 -inform der -in YourFile.p7b -out YourFile.pem  

and i have ,pem file, i tried using openssl pkcs7 -in Yourfile.p7b -text -out Yourfile.pem -print_certs

it is giving error.

i opened the ,pem file and i saw

----BEGIN PKCS7-----
MIIPnAYJKoZIhvcNAQcCoIIPjTCCD4kCAQExADALBXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX0SOBLcJPK6QFYY/5KggxAA==
-----END PKCS7-----

what more should i do.

thanks
0
I have used 3 set of codes(where I used Indy10.6.2 component), which doesn't show any errors, but i can't able to send SMS through the code. Please help me to send me the Sms through Delphi code

The code which I used is...

const
  URL = 'https://api.bulksmsgateway.in/send/?username=****&hash=****&sender=TXTLCL&numbers=9198........&message=HISUNDAR';
  //URL = 'https://api.textlocal.in/send/?username=*****&hash=******&sender=TXTLCL&numbers=9198...&message=HISUNDAR';
  ResponseSize = 1024;
var
  hSession, hURL: HInternet;
  Request: String;
  ResponseLength: Cardinal;
begin
  hSession := InternetOpen('TEST', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
  try
    Request := Format(URL,[Username,Password,Sender,Numbers,HttpEncode(Message1)]);
    hURL := InternetOpenURL(hSession, PChar(Request), nil, 0,0,0);
    try
      SetLength(Result, ResponseSize);
      InternetReadFile(hURL, PChar(Result), ResponseSize, ResponseLength);
      SetLength(Result, ResponseLength);
    finally
      InternetCloseHandle(hURL)
    end;
    showmessage(result);
  finally
    InternetCloseHandle(hSession)
  end





var
http : TIdHTTP;
IdSSL : TIdSSLIOHandlerSocketOpenSSL;
begin
 http := TIdHTTP.Create(nil);
 IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
 try
  Http.ReadTimeout := 30000;
  Http.IOHandler := IdSSL;
  IdSSL.SSLOptions.Method := sslvTLSv1;
  Http.Request.BasicAuthentication := True;
 // IdSSL.SSLOptions.Method := sslvTLSv1;
  …
0
Performing an Exchange 2003 o 2010 migration.  I have switch mail flow from EX2003 to EX2010 in coexistence.  Mail seems to be working correctly, but I am getting the following error now on the EX2010 server:

The following fatal alert was received: 46.
Event ID: 36887

I have only moved a few mailboxes over to EX2010.  I am getting certificates errors on Outlook Web Access, but can still log on and get mail.  The error searches I have found so far says it an issue with SSL.  I have a SSL certifcate installed on EX2010 and exported it on to EX2003.  I purchase this new certificate from the request I created on EX2010.  Anyone have any solution ?
0
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
0
Hey guys,
Please note Im not too savvy when it comes to exchange and ssl certs.
Having issues with a computer popping a security alert when opening outlook 2013. OS is windows 10.
It is an exchange 2010 mailbox that is linked with ad and the mail config automatically pulls.  Accounts and everything work great.  However on this computer i am getting a security alert that states the .local servername at the top and a red x next to "the name on the security certificate is invalid or does not match the name of the site."

this is a godaddy cert and the sans on the cert state the name for the owa website and autodiscover urls, and wont allow putting the .local server name.  This cert should be for external use if i understand correctly.

There is a self signed cert on this same server that does have the .local san listed.

but its like for some reason outlook is still pulling the godaddy cert.

Can anyone lend a hand with this issue?  
Im even down for just suppressing the popup if thats possible.
0
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

We have a root CA that we keep turned off.  We have an intermediate CA where we issue certs for internal use.

All certs I'm issuing refuse to issue out past Dec 20, 2017 at 2:20PM.  

I'm sure this is due to me intermediate CA needing to update it's cert from the root CA, but I'm unsure how to do that.

Can someone point me in the right direction?  <-------(isn't that the name of a boy band?)

Thanks

Cliff

PS:  Windows 2012 R2 servers here.
0
Hi all,

We have a internal CA and I im trying to sign a certificate using the the CA. I have used open ssl to create the CSR file, i would like to know now how I create the cert file.
0
Hello all,

I have some Win 2012 3cx v15 phone systems and was having trouble with apple push notifications for calls to remote devices.  I've determined it to be a TLS issue.  I had used IIS Crypto to remove the less secure SSL 3.0, TLS 1.0 and 1.1, leaving just TLS 1.2 and more secure ciphers.  This breaks apple push notifications from the 3cx server/software.  I put back TLS 1.1, no luck.  Put back TLS 1.0, now push notifications work.  I find it odd that I should still need 1.0 enabled on the server.  

Is apple push still using that protocol and not 1.1 or 1.2, or might there be something else going on here.

I'm by no means familiar with protocols/ciphers, just determined what fixes the problem.
0
Hi,

I am migrating an Ex2010 server to Ex2016.

I've already introduced the Ex2016 server into the environment. I have not yet changed DNS or cut over namespaces.

I am at the SSL stage.

Obviously I have an SSL cert on the 2010 server (good for another year). From what I have  been reading it says to export the Cert from the 2010 server and import it into the 2016 server. (Name spaces are the same for both servers so the current SSL will be fine.

My question is, when I export the SSL from the 2010 server, will that invalidate/cancel it on the 2010 server and stop it from working? If so, I was thinking of just buying another Cert and installing that on the 2016 server.

Thanks!
nacht
0
Grrrr,

I'm having a hard time.  I'm trying to renew an existing certificate on Exchange 2017.

Just renewed the SSL with GoDaddy.

Received the SSL certificates but no REQ, just .CRT

In ECP when renewing the SSL, I get this error:

"Please use a valid file name when you run the New-ExchangeCertificate cmdlet on server MAIL with the -RequestFile parameter. The file should not exist in target folder. Parameter name: RequestFile"

 2017-06-10_18-16-32.png
What am I doing wrong?

Please advise.  Thanks
0
Hi Folks,

It seems some changes to my site have shocked the search engines:  www.recoveryaudio.org  Traffic today is down by probably 70%.

Last night a new Divi child theme was installed.  A few weeks ago I switched to a secure (https) server, and also added Clouldflare CDN as well as Ezoic, which is a CDN ad proxy server.

I have read that switching from http to https can affect SEO (and i suspect there could be an issue with internal linking), and I suspect the page HTML code has changed significantly as well.

I'm seeking some guidance to identify obvious problems, and/or possibly hiring someone for guidance or "fixing" whatever issues may be going on.

Thanks!!
0
Any HTTPs site I attempt to reach I get a generic page not found error, while if I use a page's HTTP variant, I can reach the site normally.

I have already cleared any proxies in IE, installed and used Chrome and Firefox, checked for firewall rules that block port 443, registered a series of DLLs, and ran sfc /scannow to see if all of the system files were intact ( No errors found).

Are there any other fixes or troubleshooting methods I can look into for this?
0
Dear experts,
We have a HAProxy installation with SSL-Passthrough (we need the SSL to reach the apache itself for proper HTTP/2 handling so we can't use SSL termination on HAProxy)

However, I can't seem to configure the HAPrxoy to send the real IP to Apache, the logs always show the internal IP of the HAProxy.

This is my HAProxy Config:

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2     #Log configuration
 
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     30000                
    user        haproxy             #Haproxy running under user and group "haproxy"
    group       haproxy
    daemon
 
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout 

Open in new window

0
Dear Experts,
I'd like to cache my flash movie on my html page, I do not want to download it again and again from the server when the page is called. Because, I will not change it for two weeks and the file is proportionally large. As far as I know, the browsers cache flash files, but I need to be sure..
I use https ( secure connection )
I wrote my html page like this. What do you think about it?

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="pragma" content="Cache">
<title>My Title</title>
</head>

<body>
<object width="1366" height="768">

<param name="movie" value="upt_video.swf">

<embed src="upt_video.swf" width="1366" height="768">

</embed>

</object>

</body>
</html>

Open in new window

0
Free Tool: Subnet Calculator
LVL 8
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hello, I'm using this component to make my system and I came across a problem when sending a post to a certain form where I have to post a captcha code, simply by sending the post to that url, the html returned is like a one GET, because the error message does not come informing the wrong code, it simply does not post the information, I only have a problem on this page, all the others managed to work, get it and posts, I need help in this part!
0
Apple is no longer just for the tech-savvy millennial and professional crowd. Check out today's product release, where developers as young as 7 and as old as 84 are releasing new apps to the App Store. https://www.apple.com/apple-events/june-2017/
6
 
LVL 14

Expert Comment

by:Joseph Hornsey
Wait... Apple users are "tech-savvy"?  Huh.
3
I have installed Exchange 2010 onto Server 2008R2. I have an SAN SSL certificate from Godaddy installed on Exchange (mail.domain.com and autodiscover.domain.com). I have a Cisco ASA acting as a firewall and a Sophos XG135 in bridged mode acting as the email filter. Email can be sent and received without a problem and the email is being filtered. OWA works from the outside without a problem, however, Outlook Anywhere will not work. I have poured over the available documentation from Sophos but cannot get a remote Outlook client to connect to the Exchange server using Outlook Anywhere.

Has anyone successfully configured the XG in bridged mode to work with Outlook Anywhere? What steps am I missing? Do I need to install the SSL cert on the XG instead of Exchange and make the XG an SSL Proxy? If so, is there any documentation on how to go about this with the Godaddy certificate?
0
I have Server 2003 R2 with Exchange 2007.

I am trying to create a public SSL certificate I can install on the server. I generate the certificate request from IIS and copied the crt file to godaddy. I generated the certificate by opening IIS Manager > expanding server name > expanded web sites > right click on "Default Web Site" > directory security > server certificates > next > create a new certificate > "Prepare the request now, but send it later > Name: "Default Web Site", bit length 2048, and left "select cryptographic service provider (CSP) for this certificate" unchecked > entered Org name and Org Unite > common name: mail.mydomain.com > Country, State, City > let it default file name c:\certreq.txt.

I downloaded the completed file from goDaddy and imported into mmc > certificates > and imported the crt file from GoDaddy. Went back to IIS Manager and deleted the pending certificate > Assign an existing certificate > and choose my certificate from GoDaddy. The problem is this does not contain a key to correspond with that certificate to secure my Outlook Web Access. How do i accomplish this?
0
I have to write a Node.JS application that connects to a remote server.  The remote server has a login manager that authenticates my session then spawns a separate process to handle the rest of my session.  The way that works is that I have to make a non-SSL network connection to the login manager and do an initial unprotected handshake.  The lets the client and server negotiate if they will be doing SSL or plain text communications.  If SSL then I need to elevate my socket to an SSL socket, send my login and password along with some other initial information, then get a success of failure message back from the login manager.  If success then I know the login manager is starting a new process and handing off my open socket connection to that new process.  Since the server can't pass the SSL context it de-elevates the SSL connection and runs a program passing it the non-SSL open socket.  Then the new program creates it's own SSL context on the open socket. So in my Node.JS code I need to close the SSL socket but leave the raw socket open.  The new program will send me a success message when it is up and running at which time I need to re-elevate my open socket to SSL again.

My question is how can I close an SSL socket leaving the raw socket open so I can continue to use the raw socket and then re-elevate it to SSL again?
0
is there any method of setting up simple proxy server

can it be linux or windows based, can some body share any documenation of setting up proxy server

also any difference between proxy server and network load balancer? if so like what I think SSL decryption happens in both
0

SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.