Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
5
 
LVL 6

Expert Comment

by:mmarth
Comment Utility
can a file be encrypted with OpenSSL as it is being streamed in so it is not first saved in plaintext form
0
Introducing the WatchGuard 420 Access Point
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
0
Superb Internet Corp - SSL Certificates
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like a customer’s personal and credit card information.
1
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
4
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Lots of content here and very well illustrated.  Voting Yes.
And I see it just made Featured Article on the homepage.  Congratulations!
0
Imagine a situation that you have installed SSL Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you can find step-by-step guidance on Cisco's website.

First of all, before you create a CSR (Certificate Signing Request), you must generate a private key, we refer to it as "mykey.pem" later in this document for WLC (Wireless LAN Controller)  use. It is a good practice to save the private key on the local disk in .txt format for future use, but if you forgot to do that, don't worry there is a way to export it from ASA.

We will start from the moment where we have already installed SSL certificate on ASA firewall. Usually for that process you will receive three files from the certificate vendor (or your own root certificate server)
  1. Root CA Certificate (CARoot.crt)
  2. Intermediate CA certificate (SSLCA2.crt)
  3. Device / domain / web server certificate (yourdomain_com.crt)
 

I. To install SSL certificate on WCL you need to create a .pem file that contains the full chain of certificates includes all three* certificates in the following order:

[use a text editor (notepad, nano, vi)]

-----BEGIN CERTIFICATE-----
(Your domain Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate CA certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root CA  certificate)
-----END CERTIFICATE-----

Open in new window

Save this file as allcerts.pem.

2
So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there!

Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Authorities (CAs).  Note that vendors may use slightly different names based on their marketing.  Note that this covers SSL certificates only - other certificate types will be covered in another article.

Standard SSL
Your "no-frills" cert - valid for one name.  This is fine for most folks - it gets you the gold lock in the browser, gives you SSL encryption, and validates your server's identity.

EV (Extended Validation) SSL
This is similar to a Standard SSL cert, except the validation process is a little bit more involved, allowing the CA to assert more confidence in your identity.  The main benefit is that EV certs will turn the address bar green in most modern browsers (IE7+, FF3, etc.) - for an example see https://www.paypal.com.  The overall encryption is just the same as standard - it just makes it easier for the customer to be more confident in your identity to help prevent phishing.

UC (Unified Communications)
a.k.a. multi-domain or SAN (Subject Alternative Name)

This is a Standard SSL cert (unless specified to be EV SSL) that allows for multiple names in the same cert.  This is popular for Exchange certs, but can be used for any environment.  Example you can have www.domain1.com and …
7
We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you do?

The answer depends on what the reason for the security warning is.  Things will vary slightly depending on the browser type and version, but there should be a 'show details' area near the end of the message.  There are 3 flavors of errors that will be seen on the client end here is the paraphrased listing:

1) Name mismatch - try entering the servername portion of the URL exactly as it shows it in the certificate (click the View Certificate button in the error message box or use the gold lock next to the address bar or down in the bottom right corner to show the cert).  For example, if you were going to https://server/index.htm and it got the warning - the certificate may be for server.domain.com, so you should instead go to https://server.domain.com/index.htm and the error should go away.

2) Certificate expired or not yet valid - usually means it expired - renew the cert if it is your server, or else contact the company of that site and ask them to update it.

3) Untrusted root - if the root certificate for the site is not already in your trusted root cert store, you will need to import that.  This is common if the site is using their own CA instead of a commericial vendor, or if they had generated a self-signed …
2
 
LVL 2

Expert Comment

by:Jason Parms
Comment Utility
One more common error – “page contains secure and nonsecure items

This error occurs, while some insecure items (such as images, frames, iframes, Flash, and JS) are being accessed on secure web pages. You can find insecure items for your web site by using this tool - https://www.ssl2buy.com/wiki/why-no-padlock/

Solutions:-

1. Replace URLs (use HTTPS instead of HTTP)

You have to require use https:// for the references on all images, iframes, Flash and JS.

Example:
<img src="https://www.yourdomain.com/abcimage.png" />

Open in new window


2. Use relative path instead of absolute path

If you are using a relative path for the references, then you will never face this error.

Absolute Path:
<img src="https://www.yourdomain.com/abcimage.png" />

Open in new window


Relative path:
<img src=" /abcimage.png" />

Open in new window

0
 
LVL 20

Expert Comment

by:Peter Hutchison
Comment Utility
Another thing to watch out for is fake websites using fake certificates. Just because a site is encrypted using an ssl certificate mean that the site is trustworthy, it doesn't.  Check that certificate, does it come from a compromised CA, is the bit length up to date (2048 bits is required or more), and check the site using different browsers which may highlight other warnings.

http://www.zdnet.com/article/fake-ssl-certificates-pirate-web-sites/
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.