SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi all,

We have recently upgraded our internal CA to SHA256. We have a number of internal webservers that have sha1 certificates that are still valid. We are looking to upgrade each other certificates through controlled process. My question is, if we are to renew the certificates on the servers with the new SHA256 if there any issues are we able to recreate a new cert using a SHA1 cert?
0
Transaction Monitoring Vs. Real User Monitoring
LVL 1
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

i have used

openssl pkcs7 -inform der -in YourFile.p7b -out YourFile.pem  

and i have ,pem file, i tried using openssl pkcs7 -in Yourfile.p7b -text -out Yourfile.pem -print_certs

it is giving error.

i opened the ,pem file and i saw

----BEGIN PKCS7-----
MIIPnAYJKoZIhvcNAQcCoIIPjTCCD4kCAQExADALBXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX0SOBLcJPK6QFYY/5KggxAA==
-----END PKCS7-----

what more should i do.

thanks
0
I have used 3 set of codes(where I used Indy10.6.2 component), which doesn't show any errors, but i can't able to send SMS through the code. Please help me to send me the Sms through Delphi code

The code which I used is...

const
  URL = 'https://api.bulksmsgateway.in/send/?username=****&hash=****&sender=TXTLCL&numbers=9198........&message=HISUNDAR';
  //URL = 'https://api.textlocal.in/send/?username=*****&hash=******&sender=TXTLCL&numbers=9198...&message=HISUNDAR';
  ResponseSize = 1024;
var
  hSession, hURL: HInternet;
  Request: String;
  ResponseLength: Cardinal;
begin
  hSession := InternetOpen('TEST', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
  try
    Request := Format(URL,[Username,Password,Sender,Numbers,HttpEncode(Message1)]);
    hURL := InternetOpenURL(hSession, PChar(Request), nil, 0,0,0);
    try
      SetLength(Result, ResponseSize);
      InternetReadFile(hURL, PChar(Result), ResponseSize, ResponseLength);
      SetLength(Result, ResponseLength);
    finally
      InternetCloseHandle(hURL)
    end;
    showmessage(result);
  finally
    InternetCloseHandle(hSession)
  end





var
http : TIdHTTP;
IdSSL : TIdSSLIOHandlerSocketOpenSSL;
begin
 http := TIdHTTP.Create(nil);
 IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
 try
  Http.ReadTimeout := 30000;
  Http.IOHandler := IdSSL;
  IdSSL.SSLOptions.Method := sslvTLSv1;
  Http.Request.BasicAuthentication := True;
 // IdSSL.SSLOptions.Method := sslvTLSv1;
  …
0
Hey guys,
Please note Im not too savvy when it comes to exchange and ssl certs.
Having issues with a computer popping a security alert when opening outlook 2013. OS is windows 10.
It is an exchange 2010 mailbox that is linked with ad and the mail config automatically pulls.  Accounts and everything work great.  However on this computer i am getting a security alert that states the .local servername at the top and a red x next to "the name on the security certificate is invalid or does not match the name of the site."

this is a godaddy cert and the sans on the cert state the name for the owa website and autodiscover urls, and wont allow putting the .local server name.  This cert should be for external use if i understand correctly.

There is a self signed cert on this same server that does have the .local san listed.

but its like for some reason outlook is still pulling the godaddy cert.

Can anyone lend a hand with this issue?  
Im even down for just suppressing the popup if thats possible.
0
We have a root CA that we keep turned off.  We have an intermediate CA where we issue certs for internal use.

All certs I'm issuing refuse to issue out past Dec 20, 2017 at 2:20PM.  

I'm sure this is due to me intermediate CA needing to update it's cert from the root CA, but I'm unsure how to do that.

Can someone point me in the right direction?  <-------(isn't that the name of a boy band?)

Thanks

Cliff

PS:  Windows 2012 R2 servers here.
0
Hi all,

We have a internal CA and I im trying to sign a certificate using the the CA. I have used open ssl to create the CSR file, i would like to know now how I create the cert file.
0
Dear experts,
We have a HAProxy installation with SSL-Passthrough (we need the SSL to reach the apache itself for proper HTTP/2 handling so we can't use SSL termination on HAProxy)

However, I can't seem to configure the HAPrxoy to send the real IP to Apache, the logs always show the internal IP of the HAProxy.

This is my HAProxy Config:

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2     #Log configuration
 
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     30000                
    user        haproxy             #Haproxy running under user and group "haproxy"
    group       haproxy
    daemon
 
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout 

Open in new window

0
Hello, I'm using this component to make my system and I came across a problem when sending a post to a certain form where I have to post a captcha code, simply by sending the post to that url, the html returned is like a one GET, because the error message does not come informing the wrong code, it simply does not post the information, I only have a problem on this page, all the others managed to work, get it and posts, I need help in this part!
0
I have to write a Node.JS application that connects to a remote server.  The remote server has a login manager that authenticates my session then spawns a separate process to handle the rest of my session.  The way that works is that I have to make a non-SSL network connection to the login manager and do an initial unprotected handshake.  The lets the client and server negotiate if they will be doing SSL or plain text communications.  If SSL then I need to elevate my socket to an SSL socket, send my login and password along with some other initial information, then get a success of failure message back from the login manager.  If success then I know the login manager is starting a new process and handing off my open socket connection to that new process.  Since the server can't pass the SSL context it de-elevates the SSL connection and runs a program passing it the non-SSL open socket.  Then the new program creates it's own SSL context on the open socket. So in my Node.JS code I need to close the SSL socket but leave the raw socket open.  The new program will send me a success message when it is up and running at which time I need to re-elevate my open socket to SSL again.

My question is how can I close an SSL socket leaving the raw socket open so I can continue to use the raw socket and then re-elevate it to SSL again?
0
I need to see the DNS resolution requests of my applications audited and if necessary modified before being sent. I suppose the easiest would be a local resolver that would review my requests before forwarding them to the resolver of my ISP? Another way would be to monitor and be able to override UDP/53 traffi (something I have no clue about). Is there an open source I could use?
Also, I would need this on all OS.
How would you do that? Or would there be a free solution that exists?
Need: support of iDNs as per RFC 5895 for the wole machine (transparent to applications), management of variants, parental control, typos correction. Etc.
Thank you!
0
The Ultimate Checklist to Optimize Your Website
LVL 1
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

I am attempting to load new SSL certs into my Tomcat Server. I was successful in creating a new KeyStore and CSR. before I import the certs I was able to browse to my site internally via the correct port. However, after successfully importing the certs in the Keystore I am unable to browse to the site. I am new to Tomcat and would appreciate any assistance.

Thanks.
2017-05-23--1-.png
2017-05-23.png
0
I have 1 website with 1 IP in IIS using both port 80 and port 443. I own 2 wild card certs, one for the external address (@mycompany.com) and one of the internal address (@inside.mycompany.com)

Current SSL certificate that's tied to port 443 is using the external Cert. And the website is reachable external via SSL without issues.
Internally we can reach the website using http on port 80 with the FQDN and that works fine

Management wants SSL applied to the internal web site instead of using http. One method I thought of was to add an additional IP to the website. In Local DNS add a new host name pointed to that IP. Bind the internal Cert to the IP on Port 443. Everyone goes to the website using the new FQDN. To get to the internal Site they using the new FQDN. The concern I have with this approach is that the server still has 2 IP's and local DNS will reflect that. If anything anywhere references the FQDN of the server they could end up getting an error or the wrong item displayed. I

what other options are there?
0
I have setup an Apache web-server to request client certificates and I need to revoke some of the client certificates. Removing them from the client machine is not an option so I need to revoke them from the server so it does not see them as valid.

I'm trying to use the command :

openssl ca -revoke /etc/ssl/certs/client123.pem

where client123.pem was a certificate validated by the web-server (where the ca was configured).

Thanks
0
Does any one know how to disable sslv3 and activate TLS1,2 for a cisco switch catalyst

I searched for a very long time but i found nothing
0
Just renewed a standard ucc SSL.  I want to add it to our on premise Exchange 2010.

Question:

1. What are the steps to remove the old SSL in our Exchange (still in use as of now) and add the new SSL?
0
Hi all,

Since Apple decided to stop allowing PPTP, we had to reset our VPN server to use SSL / SSTP. I have set up the server as per the guidelines from Microsoft, however I am unable to connect to the server. I get the following error message: The revocation function was unable to check revocation because the revocation server is offline. I have checked all the services on the server and everything seems to be up and running. In the event viewer I get error 18:

The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

The system cannot find the file specified.

I do not know which file it is looking for.
0
Hi All,
I recently took over a Lync 2010 setup that had a self-signed certificate. I've been asked to set up federation with outlook.com and enable mobile access. The first thing to do was get a proper certificate, which I did from GoDaddy. That cert has been applied and when testing both internally and externally using the ruct.exe tool from http://blog.insidelync.com/2011/11/the-remote-uc-troubleshooting-tool-ruct/ the correct certificate is being pulled down, Lync on desktops internally and on laptops from home all continue to work away as normal.

The problem is I cannot get federation or mobile access to work. I've enabled federation, have port 5061 open in and out to the edge server, Gone through the federation with Microsoft etc.

I think the issue is still down to the certificate though. When I test the certificate using DigiCert or SSL shopper neither can connect. both say the connection failed so the SSL cert check fails too.  I am able to telnet to my edge's address (DNS and IP) on ports 5061 and 443 and the RUCT tool is able to connect without issues.

Any idea what could be causing the digicert and ssl shopper certificate checkers to fail to connect? I can only assume a cert problem is causing my federation and mobile woes. I've nothing else to go on

Thanks
0
Greetings,

I have been looking for a way to clone an existing wildcard certificate using a new CSR. It can be done - see https://www.digicert.com/ssl-support/duplicate-ssl-certificates.htm

I have reviewed OpenSSL and "googled" but have not come up with an answer. Note that this is not a reissue - the cert properties are retained.

Thanks,
Rick
0
Having issues with renewing my wildcard certificate in exchange 2016.

When i go to enter my CSR i get this : For country, please use two-letter abbreviation. This: US. Not this: USA. When in doubt, check .

Where do I need to check? The last time I did the renew it worked fine...

When I went to a website that can ready my CSR it has the following crossed out...

Organization:
Locality:
State:
Country:

any help? I've got a week before it expires... thanks .
0
On Demand Webinar: Networking for the Cloud Era
LVL 8
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

squid.conf.txt

I need to setup a proxy on a windows machine which should be running as https and I have to access https site via that proxy. I am okay to use Squid or any other proxy but not able to setup the conf file properly.

As far as I understand, only chrome browser provides capability of using https proxy so I want to test on chrome browser - opening some https page using https proxy. I will also like to understand that where will all certificates need to be imported for this to work.

I have attached my squid conf, for reference.

Thanks & Regards,
Ashish
0
I had this question after viewing Urgent: Tenon iTools Starting error; apachectl: line 100:  2259 Illegal instruction....

/www-ssl/bin/apachectl start
[Sat Apr  1 00:40:58 2017] [warn] Loaded DSO libexec/mod_suphp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)
/www-ssl/bin/apachectl: line 80: 11458 Illegal instruction     $HTTPD
/www-ssl/bin/apachectl start: httpd could not be started
0
I purchased a SSL Certificate from GoDaddy.  I created the signing request from the Sonicwall and uploaded it to GoDaddy.  I received confirmation that the certificate was ready.  I am now downloading the zip file from GoDaddy using the type as other in the drop down.  I am now experiencing issues when I attempt to install the certificate on the Sonicwall.  Can someone give me the correct steps to make this work.  I keep getting errors when I attempt to install it.  One error I saw was "PKI error, import failed".
0
I had this question after viewing Apache proxy_ajp balancer-manager not working.


I have two websites (for example example1.com and example2.com)

I have installed Apach 2.x on ubuntu 16 and configured the virtual hosts:

like this:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example1.com.conf
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example2.com.conf

sudo nano /etc/apache2/sites-available/example1.com.conf
replace and paste

Virtual host:

<VirtualHost *:80>
    ServerAdmin admin@example1.com
    ServerName example1.com
    ServerAlias www.example1.com
      
    DocumentRoot /var/www/example1.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
        
</VirtualHost>

And I created index.php in /var/www/example1.com/public_html
And same for exaple2.com

And then enables sites:
sudo a2ensite example1.com.conf
sudo a2ensite example2.com.conf


When I enter www.example1.com, I can acccess the page.

Now in /var/www/example1.com/public_html I will install ofbiz which runs with embeded tomcat.
The URLs for ofbiz are for example1.com:

http://127.0.0.1:8080/ecommerce/control/main for the ecommerce application or
https://127.0.0.1:8443/ecommerce/control/main for the ecommerce application or
0
I have an internal web server (called: serverhostname) with 1 site that has been assigned 2 wildcard SSL certificates. the site has 2 IP's attached

1st certificate (*.*.mycompany.com) is for external access. This works fine and the www name is fairly short and easy to remember

2nd certificate (*.*.ny.mycompany.com) is for internal access. This works fine and loads in any browser.

The issue I have is that the URL for internal access is to long and complicated as it uses the FQDN of the server that's hosting the site. The entire URL is serverhostname.ny.mycompany.com. I like to shorten it down so it's easier to remember. I tried using a CNAME alias  but I can't get it to resolve correctly.

I created a CNAME called staff with FQDN as staff.ny.mycompany.com pointed to the FQDN of the target host serverhostname.ny.mycompany.com. When I try to load the URL using the CNAME alias, I get the following error

staff.ny.mycompany.com uses an invalid security certificate. The certificate is only valid for the following names: *.mycompany.com, mycompany.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

I pinged the CNAME and found that it was resolving to the IP address associated with the external certificate. I can't the CNAME record to point to correct IP address
0
Hi all, I have a SAML2.0 implementation and wanted to attach a thirdparty signed secure certificate. All the while we were using openssl to generate self signed certificates. Now of our customer wanted to have a secured third party certificate.

How to go about on this. Any suggestion will highly help.
0

SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.