SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to import an ssl certificate into my IIS web server.  The csr was not requested by this web server but I have access to the private key, and the .pem file from GoDaddy. The certificate is also in use by a different web server.
 
I believe I need to create a pfx to import into IIS. Is it possible to create a pfx file from just the pem and private key, or any other way. Does the intermediate certificate need to be added?

Thank you.
0
CompTIA Network+
LVL 19
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

I have 1 on Prem Exchange 2013 servers and I'm trying to migrate to Exchange 2016. I moved my mailbox to one of the new servers and now I get a certificate warning only when I connect to exchange using Outlook connected to the corporate network. All of the internal uri's are pointing to the internet fqdn. The SAN cert is complaining that the local exchange server isn't in the SAN cert which it isn't. This works no problem for the Exchange 2013 server. Is there another setting I'm missing? Thanks in advance.
0
I need to secure a couple websites, and am looking for the ideal SSL solution to handle multiple domain names / multiple hosts. Here is a breakdown of my topology.

Website 1 - Self hosted IIS server. This server has multiple IP addresses (3 different ISP connections) and host names, but all point to the same exact virtual machine, aside from a replica that is stored at a remote location, but would need to be able to come online as a failover.

website1a.com - points to 1.1.1.1 (onsite IIS Server)
website1b.com - points to 2.2.2.2 (onsite IIS Server)
website1c.com  - points to 3.3.3.3 (onsite IIS Server)
website1d.com - points to 4.4.4.4 (offsite backup of IIS server)

Website 2 (Wordpress) - GoDaddy VPS hosted, with Name Cheap backup website
website2.com - points to 5.5.5.5 when there is a fail over, I auto redirect the DNS for website2.com to go to NameCheap Hosting 6.6.6.6

I was thinking about purchasing a single SAN SSL that includes every domain. However, I am not sure I will be able to install that SSL on the IIS server, as well as the go-daddy and name-cheap hosting.

Looking for advise.

Thanks in advance!!
Dan
0
Dear EE,

I have SSL certificate with the extension (.pfx).
I have Apache 2.4 installed on Windows 2012 R2.

I need to configure the SSL Certificate on Apache (Windows Based).

Your kind support is needed.

Thanks
0
Domain Validation via DNS or HTML; at the first level subdomain.
I am in a situation where I have been provided the FQDN city.state.gov to use.  I need to get several certificates for city.state.gov, using DNS DV.  I do not control any of the DNS entries for the city.state.gov or state.gov, I have to send in request changes to an a DNS Admin group.  I applied for an SSL and had the state DNS admins create a DV record.  The DV record was created at the first level subdomain city.  The SSL provider needs the DV record to be located at the primary root domain level state.gov.  The State DNS Admins are unwilling to make the record at this level (same is true for the HTML method).

Does anyone know of an SSL provider that will perform DV at the subdomain city.state.gov level?

Thanks for you consideration to this question
0
Hi,

I'm sure the used to work before! I need my website to redirect http to https, every time I try an achieve this the website stops serving all pages :( This is the
/etc/nginx/sites-enabled/default file WORKING as it stands.

What do I need to add change? Note: Ive added every combination of

server_name petenetlive.com www.petenetlive.com;
return 301 https://www.petenetlive.com$request_uri;

I can find, they all break the website

Help!!

So all http://www.petenetlive.com requests get redirected to https://www.petenetlive.com

# Default server configuration

server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

# Set The Root Directory for the Entire Website

    root /var/www/html/;

# Rocket-Nginx configuration, include.

    include rocket-nginx/default.conf;


# Add index.php to the list if you are using PHP

    index index.html index.htm index.nginx-debian.html;

# Add The Server IP Address or FQDN

    server_name petenetlive.com;

# Don't log favicon requests

    location = /favicon.ico {
      log_not_found off;
      access_log off;
     }

# Don't log robots.txt requests

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log on;
    }

# Set the location for the site SSL Certificates.

    ssl_certificate /etc/nginx/ssl/www_petenetlive_com.crt;
    ssl_certificate_key /etc/nginx/ssl/www.petenetlive.com.key;

# 

Open in new window

0
What’s the risk of having a self signed SSL cert on servers ?
0
What command is used to check a ssl certificate on mac terminal using IP address
0
Hi,

I am trying to run a Powershell to install a cert on a remote machine.

I am using the Invoke-Command for the remote and the ScriptBlock with the Start-Process.

I know there is a credential parameter option and I have tried it with it and without. Same results. Also, the intent is to run it under the same user which it the default I believe with the absence of the -Credential.

The command I am executing is:

Invoke-Command -ComputerName "$an" -ScriptBlock  { Start-Process -Verb RunAs certutil.exe -f –p "$using:PFXPassword" –importpfx "$using:PFXFile"; write-host "Executed certutil" }

Open in new window


The response is:
Parameter cannot be processed because the parameter name 'p' is ambiguous. Possible matches include: -PassThru -PipelineVariable -FilePath.

So there is a -p on the CertUtil as well there are different -P's with the Start-Process hence the ambiguous.

How do I/can I work this to run the command?

What am I missing?

Any information would be greatly appreciated.
0
Hi,

I am running exchange server 2016 with two domains tenant environment.

I am using webmail.domain.net.au as OWA/ECP and Outlook Anywhere and install the 3rd party certificate.

I generate another CSR for autodiscover.domain.com.au. I install the certificate. I am not sure about services. which service i assign for autodiscover.domain.com.au.

Please review the attach image. I would like to use webmail.domain.net.au as OWA/ECP and Outlook Anywhere but autodiscover.domain.com.au for auto configuration.

Please note: webmail.domain.net.au and autodiscover.domain.com.au both are different domains.
Auto.jpg
0
Exploring SharePoint 2016
LVL 19
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Dear Experts,
We have a Windows Server 2016 Standard running Java 8 v.211, and is getting flagged in the vulnerability scan "A remote Java JMX agent is configured without SSL client and password authentication."  The suggested solution is to enable SSL client or password authentication for the JMX agent, however, as I research for the solution, I am not getting a clear answers.

The one I wanted to try was to set up SSL, using keytool -genkey, then setting the system properties such as javax.net.ssl.keyStore Keystore location.
What I need is to understand how to accomplish these tasks, as I found the commands that need to be executed.   Am I executing this from Java environment that runs on this server?

Please advise.

java -Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.password.file=jmxremote.password
-Djavax.net.ssl.keyStore=/home/user/.keystore
-Djavax.net.ssl.keyStorePassword=myKeyStorePassword
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Djavax.net.ssl.trustStore=/home/user/.truststore
-Djavax.net.ssl.trustStorePassword=myTrustStorePassword
-Dcom.sun.management.jmxremote.registry.ssl=true
-Djava.security.manager
-Djava.security.policy=jmx.policy
-jar lib/derbyrun.jar server start -h 0.0.0.0

(From https://docs.oracle.com/javadb/10.10.1.2/adminguide/radminjmxenablepwdssl.html)
0
Hi
After installing a new SSL cert on exchange 2013, its status remains as in-valid

How can i change the status to valid

Thanks in advance
0
I have a web application hosted in Microsoft Azure. It runs on https.
In the NSG configuration do I need to open the http (443) port inbound, outbound or both?
0
Hello Experts,
I have built few HTTP 1.1 listen service mocks using SoapUI and CA DevTest tools. Every request to the service from a client like Postman is established as a new connection. Inserting a custom header Connection:Keep-Alive into the request and also the response is not making any difference. Can I know is there more to be done to have the socket open for successive connections happening within a second?

Thanks.
0
Dear Experts

Please help me with steps on "HOW TO" generate CSR for installing SSL certificate on Cisco Firepower Management Center(FMC) for Firepower Threat Defense (FTD), either though ssh or through web interface log in please help me with steps. thanks in advance.
0
Dear Experts

We recently installed  Cisco FTD 1010 and for managing FTD we  have installed and configured FMC , now that we have to allow users from external network to connect to our network through Cisco Any Connect software but for this we would like to install SSL certificate, can you please help on how to create CSR and where to create think it should be done in FMC and please let the steps should it be done via ssh or web interface please provide the steps. thanks in advance.
0
Pls help...

User http access : sdm.mnd.com (75.68.129.206, Port 80)
Gateway will NAT the IP address & port to reserve Proxy server IP : 152.210.72.4:10118
RH Linux - Reserse proxy server : 152.210.72.4:10118
RH Linux application server : 152.160.85.4:10021

Verified the application server works well with direct IP.
RH Linux reverse proxy server, verified httpd successfully started.
Configuring reverse proxy settings, it is not working.
Can help me/ advise me what went wrong or to be modified...

User will access the URL http://sdm.mnd.com

Reverse proxy server httpd.conf file

<VirtualHost *:10118>
        ServerAdmin admin@mnd.com
        ProxyRequests off
        ProxyPreserveHost On
        ServerName sdm.mnd.com
        ProxyPass               /        http://152.160.85.4:10021
        ProxyPassReverse        /        http://152.160.85.4:10021
</VirtualHost>


Application server server.xml file

-->
      <Connector port="10021" protocol="HTTP/1.1"
      connectionTimeout="20000"

      redirectPort="8443" URIEncoding="UTF-8" />
   
      <!-- A "Connector" using the shared thread pool-->
   
<!--
0
Users cannot get to specific web pages (on IIS) using internet explorer 11, or microsoft edge.

The error message they recieve is attached to this question. Basically, IE is telling us to turn on TLS 1.0, TLS 1,1 and TLS 1.2

The Pages work fine in Chrome (I havent tested any additional browser),  

Is There a way to see which protocols are being used in IIS and how we can modify them if necessary?

Error Page
0
Entering www.felixstowerotaryclub.org successfully redirects to https://www.rotary-ribi.org/clubs/homepage.php?ClubID=469 and you can see the green padlock on the browser bar.

Similarly entering felixstowerotaryclub.org also does the same.

However entering https://www.felixstowerotaryclub.org and https://felixstowerotaryclub.org get certificate errors.

Is it actually possible to get an https URL to redirect to a different website with its own certificate?

One issue is that if someone googles "Felixstowe Rotary Club" one of the search results (for me it is the second one in the list) is https://www.felixstowerotaryclub.org so potentially someone might use this link.
0
Python 3 Fundamentals
LVL 19
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

We have IIS 7.5 on Server 2008 R2 Datacenter. We have been using a Godaddy SSL cert and it had to be rekeyed. I did that, the SSL cert was approved and available on the website. I downloaded the zip file and followed Godaddy's steps. I added the intermediate cert using the Certificates MMC. Then I went to IIS and chose "complete certificate request" and chose the .crt file. When I add a "friendly name" and click okay, it looks like it's there. But, when I go to bind it to the website, it isn't there, and it disappears from the Server Certificates area in IIS.

I did some googling and found the following, which appears to have fixed the issue in that I can see the cert now: "Here are instructions to make the PFX if you have no private key. To fix this, use the MMC snapin to import the cert into PERSONAL, click it and grab the serial # line.  Go to dos, run certutil -repairstore my "paste the serial 3 in here" (you need the quotes) then refresh MMC with personal certs, right click it – export – select everything except DELETE PRIVATE KEY, hit ok.  Then go to IIS and IMPORT cert instead of finish request." (comment by pixelloa at https://blogs.msdn.microsoft.com/vijaysk/2009/05/22/disappearing-ssl-certificates-from-iis-7-0-manager/ )

When I went to export the PFX it prompted for a mandatory password, which I added, and then entered it when importing into IIS. This is a business website with about 50 users and I'd prefer this to run smoothly. Are there any caveats I should …
0
HI, I am new to CORS. I have a question about it.
I have a js post call to web service API , but got an error in my local:
"Access to XMLHttpRequest at 'https://xyz.com/X/gettoken' from origin 'http://localhost:8080' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:8080, *', but only one is allowed. "

I see in my java code, there are some code  which add "resp.header("Access-Control-Allow-Origin", "*")". I removed it, and compiled and run, still get the same result.
Any inputs will be appreciated!
0
Hi,

I have a registered a domain at .ovh. I want to create a letsencrypt ssl certificate for my synology DSM5.2 NAS.

When running acme.sh I am getting this error message

acme.sh-error.jpg


I have opened ports 443 and 80 on my router to point to the NAS IP

I have no website just want to use an https login to access afp with synology DSFiles through vpn. Any idea how to fix the ssl certificate issue?

Thks in advance
0
I'm experiencing issues importing a newly purchased SSL certificate on my app server. I've already imported the intermediate certificate to my local intermediate cert authority store. I'm performing the following:

Access server certificate list => complete certificate request => browse to crt file => input a friendly name => choosing personal (as opposed to web hosting) for store location => ok
Navigate to website => edit bindings => the certificate I just added is not listed in dropdown of available SSL certs
Navigate back to server certs => the certificate that I added is no longer there

Open mmc => certificate => local computer => personal store => I’m able to view the certificate in question there
0
I am trying to renew my NDES server certificates and since I upgraded my CA's and reissued their certs from SHA1 to SHA2 I am unable to add the Exchange Enrollment Agent (Offline request) to the templates available to issue from the CA.

Server 2012 R2 Active Directory Certificate Services installed.
0
Entering http://www.felixstowerotaryclub.org correctly routes to the correct website and sets up a secure connection.

Entering http://felixstowerotaryclub.org routes back to the old website.

Entering https://www.felixstowerotaryclub.org connects correctly

Entering https://felixstowerotaryclub.org gives an invalid certificate error.

How can I get http://felixstowerotaryclub.org to route to the new website and https://felixstowerotaryclub.org to not give an invalid certificate error?
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.