SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello All,

I have my exchange 2019 server setup and working fine for passing mail.  OWA and the wildcard cert I have works fine for OWA, mail clients, etc.  No problems with normal mail flow, or utilizing the wildcard cert I purchased from Sectigo RSA Domain Validation Secure Server .

I do have an issue when attempting to telnet into Exchange using openssl in order to run starttls.  I am able to get connected via openssl and I am passed a certificate from the exchange server, BUT it is not the certificate I am expecting.  Instead of getting the wildcard certificate from Sectigo RSA Domain Validation Secure Server , I am getting a self signed certifcate.  Which is why I believe my Ehlo after starttls fals with '501 5.5.4 Invalid domain name'.

Looking at EAC I have four certificates total
Name:  Microsoft Exchange,  self signed certificate, assigned services:  SMTP
Name:  Microsoft Exchange Server Auth Certificate, self-signed certificate, assigned to services SMTP
Name:  Wild, Sectigo RSA Domain Validation Secure Server, assigned services IMAP, POP, IIS, SMTP
Name:  WMSVC-SHA2, self-signed certificate, assigned to services SMTP.

Can I remove any of the self-signed certificates?

Is there a way to specify when using openssl to specify which certificate it should use?

my understanding is IIS needs the WMSVC-SHA2 cert....
0
Having problems with RDP cert after changing Commercial cert to new email domain name
I just changed my email domain and have a Commercial cert for the new email domain that works fine in EX 2016, autodiscover, outlook, etc. I make RDP connections to the server hosting the Hyper-V EX 2016 server and it throws a server certificate error (name mismatch). I am not running TSS. I use the RDP connection to administer my remote server through CP Remote settings. How can I change the cert in the server to use the commercial cert for those connections?
0
I received a newly issue SSL cert from GoDaddy and I am importing it into my IIS server, but when I go to the site the old one is still linked.  I have confirmed that the new cert is bounded to the site via IIS manager. I restarted the IIS stack via IISRESET as well as restart within IIS manager.

Any reason why I am still seeing the old cert when I open the page?

Thank you in advanced.
0
I had this question after viewing URL is changing after rewrite with proxy flag.

I am having a similar issue with my Jira instance, but rather than writing :8080 after the URL, :80 is getting inserted. I am not at all an Apache guru and am stumbling along using the Atlassian guides which have not been able to assist me with this problem.

In short: I configured Jira for SSL with Apache acting as a reverse proxy. I have The configs exactly as several guides recommend and when I hit the web pages at https://my.jira.site.com/jira the URL is changed to https://my.jira.site.com:80/jira. If I remove the :80 a couple times, the log in page will come up with the proper URL and will show secure with a valid cert.

After I put in my creds, it does the :80 thing a couple more times and then runs fine.

I am completely puzzled about this.

If someone thinks that they might have a thought, I can post my configs.

Thank you.
0
I moved my SSRS application to a new server.  My last step was to get my SSL certificate working for the new server.  I’ve done quite a few, but cannot get this one to work. It is through Godaddy and I’ve talked to them several times.  Today I was told that they aren’t training in certificates for IIS so they can’t help me.

I’ve followed the instructions in this article:  
https://www.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-8-server-4951

But there is some misleading steps and I don’t know if that is why it isn’t working?  Step 14 says to upload the intermediate (.p7b) to MMC.  I’ve done that.  The next steps are in IIS and on step 22 it says to find your primary certificate that you previously uploaded.  There aren’t any steps that say to import it on MMC so I’m not quite sure what that means.  I complete the install of the primary certificate (.crt) on IIS and then do the bindings.  I then restart the services.  But the website never works.  On IIS everything looks ok.  I’ve actually started the old server and compared what I see in the 2 servers and they look the same.  I’m not sure what to do?  Any thoughts??
0
Can the same 3rd party SSL certificate used in IIS/Exchange 2016 be used for RDS?
0
Hi all,
We are renewing Exchange certificate, I dont need to create a certificate request, as its just a renewal.
I have the go daddy exchange SSL certificate, I have imported it in MMC --> personal certificates, but it doesn't show the key icon on the certificate that its trusted?

How can i get the key icon on SSL certificate?

Thanks.
0
How to replace an already expired SSL Certificate.

I have always found SSL Certificates confusing and it is even more confusing if things do not work as planned from the instructions provided.  But it is a good opportunity to learn.  I have an SSL Certificate from godaddy.com and it has expired(1 month ago, or 30 days ago).  It is not a wild card certificate and we need to renew and replace it for an appliance and its  web address.  I see notes from: https://support.cartika.com/portal/kb/articles/renewing-your-ssl-certificate-godaddy-19-6-2018 on how to create a n SSL certificate and this part seems very familiar and straight forward.

Question1:  Do I need to generate a new CSR from that hosting appliance?
      a.  I am assuming yes and I found out how to do this on the appliance.

Question2:  How do I know what type of certificate to create?  Example, for Apache or Tomcat or Other?
     a.  I see from my  note s that all 3 were created last year; but, I am not sure which one was used.
     b.  From the appliance configuration I see a "key Pair" type is listed.

Question3.  I have notes on how to upload the certificate to the appliance; but, I am confused with  how to import the certificate correctly.  We had problems initially when a consultant was doing this.  Initailly the certificate only worked correctly with iphones and computers; but, not with Android phones.  
     a.  The consultant that did this last year had to "create the certificate a little bit …
0
I have a CSR file and got the certificate from our internal CA for an appliance. How do I convert this certificate as a .txt file with BEGIN CERTIFICATE  and END CERTIFICATE so I can paste this text to an appliance to install the cert?
0
Given the turf wars between Firefox and Google over how they handle and display "secure" web sites, are EV SSL Certificates of any value any more?  

To the general public user that is; I know the CAs think they are of value!

The green bar of IE was nice in its day but that has long gone. A LetsEncrypt certificate site looks pretty much the same as an EV certificate site now to all intents and purposes. I mean, how many users are actually checking this - real world users that is, not us.

And are there any policies enforcable by anything that would prevent accessing a NON-EV certificated site?
0
Hi all,

I'm trying to set up an application that uses HTTPS (port 443) on a Windows Server 2012 R2. I do not want to install IIS on the server.
When I test the connection (from outside the network) I can't seem to get through the Windows Firewall. I have tried to add a rule (TCP, 443) - but no luck. When I turn off the Windows Firewall there is no problem.

I have also installed a SSL Certificate on the server.

I have also Googled a lot - but did not find the answer.

Any chance somebody in here can help me out how to enable HTTPS on the server without IIS nor without turning off the Windows Firewall?

Thanks!
0
Mobile mail is saying cannot verify identity so users are not getting email.
0
Hi Experts

Could you give me an in general overall topics on what would be your recommendation for publishing / hosting a portal (similar that) to go into production?

A similar site


Thanks in advance.
1
Hello,

how secure is 7zip password protection?

Thank you
0
I need to import an ssl certificate into my IIS web server.  The csr was not requested by this web server but I have access to the private key, and the .pem file from GoDaddy. The certificate is also in use by a different web server.
 
I believe I need to create a pfx to import into IIS. Is it possible to create a pfx file from just the pem and private key, or any other way. Does the intermediate certificate need to be added?

Thank you.
0
I have 1 on Prem Exchange 2013 servers and I'm trying to migrate to Exchange 2016. I moved my mailbox to one of the new servers and now I get a certificate warning only when I connect to exchange using Outlook connected to the corporate network. All of the internal uri's are pointing to the internet fqdn. The SAN cert is complaining that the local exchange server isn't in the SAN cert which it isn't. This works no problem for the Exchange 2013 server. Is there another setting I'm missing? Thanks in advance.
0
I need to secure a couple websites, and am looking for the ideal SSL solution to handle multiple domain names / multiple hosts. Here is a breakdown of my topology.

Website 1 - Self hosted IIS server. This server has multiple IP addresses (3 different ISP connections) and host names, but all point to the same exact virtual machine, aside from a replica that is stored at a remote location, but would need to be able to come online as a failover.

website1a.com - points to 1.1.1.1 (onsite IIS Server)
website1b.com - points to 2.2.2.2 (onsite IIS Server)
website1c.com  - points to 3.3.3.3 (onsite IIS Server)
website1d.com - points to 4.4.4.4 (offsite backup of IIS server)

Website 2 (Wordpress) - GoDaddy VPS hosted, with Name Cheap backup website
website2.com - points to 5.5.5.5 when there is a fail over, I auto redirect the DNS for website2.com to go to NameCheap Hosting 6.6.6.6

I was thinking about purchasing a single SAN SSL that includes every domain. However, I am not sure I will be able to install that SSL on the IIS server, as well as the go-daddy and name-cheap hosting.

Looking for advise.

Thanks in advance!!
Dan
0
Dear EE,

I have SSL certificate with the extension (.pfx).
I have Apache 2.4 installed on Windows 2012 R2.

I need to configure the SSL Certificate on Apache (Windows Based).

Your kind support is needed.

Thanks
0
Domain Validation via DNS or HTML; at the first level subdomain.
I am in a situation where I have been provided the FQDN city.state.gov to use.  I need to get several certificates for city.state.gov, using DNS DV.  I do not control any of the DNS entries for the city.state.gov or state.gov, I have to send in request changes to an a DNS Admin group.  I applied for an SSL and had the state DNS admins create a DV record.  The DV record was created at the first level subdomain city.  The SSL provider needs the DV record to be located at the primary root domain level state.gov.  The State DNS Admins are unwilling to make the record at this level (same is true for the HTML method).

Does anyone know of an SSL provider that will perform DV at the subdomain city.state.gov level?

Thanks for you consideration to this question
0
Hi,

I'm sure the used to work before! I need my website to redirect http to https, every time I try an achieve this the website stops serving all pages :( This is the
/etc/nginx/sites-enabled/default file WORKING as it stands.

What do I need to add change? Note: Ive added every combination of

server_name petenetlive.com www.petenetlive.com;
return 301 https://www.petenetlive.com$request_uri;

I can find, they all break the website

Help!!

So all http://www.petenetlive.com requests get redirected to https://www.petenetlive.com

# Default server configuration

server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

# Set The Root Directory for the Entire Website

    root /var/www/html/;

# Rocket-Nginx configuration, include.

    include rocket-nginx/default.conf;


# Add index.php to the list if you are using PHP

    index index.html index.htm index.nginx-debian.html;

# Add The Server IP Address or FQDN

    server_name petenetlive.com;

# Don't log favicon requests

    location = /favicon.ico {
      log_not_found off;
      access_log off;
     }

# Don't log robots.txt requests

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log on;
    }

# Set the location for the site SSL Certificates.

    ssl_certificate /etc/nginx/ssl/www_petenetlive_com.crt;
    ssl_certificate_key /etc/nginx/ssl/www.petenetlive.com.key;

# 

Open in new window

0
What’s the risk of having a self signed SSL cert on servers ?
0
What command is used to check a ssl certificate on mac terminal using IP address
0
Hi,

I am trying to run a Powershell to install a cert on a remote machine.

I am using the Invoke-Command for the remote and the ScriptBlock with the Start-Process.

I know there is a credential parameter option and I have tried it with it and without. Same results. Also, the intent is to run it under the same user which it the default I believe with the absence of the -Credential.

The command I am executing is:

Invoke-Command -ComputerName "$an" -ScriptBlock  { Start-Process -Verb RunAs certutil.exe -f –p "$using:PFXPassword" –importpfx "$using:PFXFile"; write-host "Executed certutil" }

Open in new window


The response is:
Parameter cannot be processed because the parameter name 'p' is ambiguous. Possible matches include: -PassThru -PipelineVariable -FilePath.

So there is a -p on the CertUtil as well there are different -P's with the Start-Process hence the ambiguous.

How do I/can I work this to run the command?

What am I missing?

Any information would be greatly appreciated.
0
Hi,

I am running exchange server 2016 with two domains tenant environment.

I am using webmail.domain.net.au as OWA/ECP and Outlook Anywhere and install the 3rd party certificate.

I generate another CSR for autodiscover.domain.com.au. I install the certificate. I am not sure about services. which service i assign for autodiscover.domain.com.au.

Please review the attach image. I would like to use webmail.domain.net.au as OWA/ECP and Outlook Anywhere but autodiscover.domain.com.au for auto configuration.

Please note: webmail.domain.net.au and autodiscover.domain.com.au both are different domains.
Auto.jpg
0
Dear Experts,
We have a Windows Server 2016 Standard running Java 8 v.211, and is getting flagged in the vulnerability scan "A remote Java JMX agent is configured without SSL client and password authentication."  The suggested solution is to enable SSL client or password authentication for the JMX agent, however, as I research for the solution, I am not getting a clear answers.

The one I wanted to try was to set up SSL, using keytool -genkey, then setting the system properties such as javax.net.ssl.keyStore Keystore location.
What I need is to understand how to accomplish these tasks, as I found the commands that need to be executed.   Am I executing this from Java environment that runs on this server?

Please advise.

java -Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.password.file=jmxremote.password
-Djavax.net.ssl.keyStore=/home/user/.keystore
-Djavax.net.ssl.keyStorePassword=myKeyStorePassword
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Djavax.net.ssl.trustStore=/home/user/.truststore
-Djavax.net.ssl.trustStorePassword=myTrustStorePassword
-Dcom.sun.management.jmxremote.registry.ssl=true
-Djava.security.manager
-Djava.security.policy=jmx.policy
-jar lib/derbyrun.jar server start -h 0.0.0.0

(From https://docs.oracle.com/javadb/10.10.1.2/adminguide/radminjmxenablepwdssl.html)
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.