Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a DC with a ldaps (636) and an external nat address through the firewall.

it has a self signed certificate from our in house certificate authority. and my hosted software is able to connect to it and allow my users to authenticate via LDAP just fine.

Except one.

the newest is requiring that we have a 3rd party certificate installed. So i purchased one, and added it to the personal store in the Certificate management area for the service account.  however didn't buy the extended validation option. so i think i have to buy another one.

if that is the case.. i would like to do it a bit differently.

if my server is server.mydomain.org
can i (after adding an external DNS alias for ldap.mydomain.org) purchase a cert for ldap.mydomain.org, and if so my reading leads me to believe that if i purchase the EV version of the cert, and put it in the personal store for the serivice account, is that all i need to do to get LDAPS using it ?

Thanks,
0
Free Tool: Port Scanner
LVL 10
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Downloading employee financial reports from third party company and no green padlock after I click the retrieve report link. everything else; login, report access page has the https and green padlock except the retrieve report execution link.
Here is what happens.
You click the retrieve report link. a script is running, then a pop-up window opens and the report is retrieved and downloaded. that pop-up window isn't displaying a padlocked icon but rather an (i)  icon indicating unsecured.  

Should we be worried because these financial reports obviously contain sensitive protected data?
0
Hi Experts,

I have bought a wildcard certificate from COMODO.
Now I need a certificate for my application but it must be a named certificate like:
MDM.DOMAIN.COM

Is it possible to extract a certificate from my wildcard certificate ?
0
We have a 3 year Starfield cert which just auto-renewed.  I am able to download a new cert with the new expiry.  I imported the cert and see that the "Subject Key Identifier" is the same as the expiring cert.

The new certificate does not have the key symbol in certificates MMC indicating the new cert does not have a private key which is expected.  

My question: how is the private key linked to the new certificate?  Should I simply load the new certificate on all servers and bind it to the applications and expect everything to work fine or should I rekey?

I have had some trouble finding a good explanation for how this process works.
0
Hello,

If you connect to a secure bank site, or even Facebook using HTTPS, on an open non secure WiFi, is the data between your computer and the site secure?
1
Hi,

I have configured SSL in tomcat,i am able to access the server using https.

But i am getting the certificate error.I have create below files to resolve the issue.
 1)keystore.jks
2)tomcat.keystore
3)xxxx.csr

From certficate authority i have created certnew.cer and certnew.p7b.

I opened certnew.p7b and used sub and root certficate to create root.cer and root1.cer.bacically i converted the root certificates format to base 64 encoded x.509

Then i used below commands to sent the two certificates to keystore.

keytool -import -trustcacerts -alias Root -file "D:\XXXXXXX\root.cer" -keystore "D:\xxxxxxxx\tomcat.keystore"

keytool -import -trustcacerts -alias Root1 -file "D:\XXXXXXX\root1.cer" -keystore "D:\xxxxxxxx\tomcat.keystore"

then i merged the server certificate by using below command

keytool -import -trustcacerts -alias biuser -file "D:\XXXXX\certnew.cer" -keystore "D:\xxxxxx\tomcat.keystore"

I have modified my server.xml file in tomcat as attached. (PFA)


i got a message that certificate key was installed to keystore,but still iam getting certificate error.
0
Hello!

I have a problem, when I1m trying to get a https image from a web site. The page uses TLS 1.2, so I use OpenSSL and it works for all the text I want to get from the page. When it comes to the picture, then I get the "underlying crypto error, error connecting with ssl, error 1409442E: SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version.

Does anyone have any idei what is causing this? I've tryed more SSL/TLS versions, but none of them worked. I use the latest dlls.

Thanks for any help in advance!
0
Hello all , we are being PCI Scanned an are failing on a few items, one being a self signed cert in Exchange

the X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.

Exchange has a 3rd party SSL certificate installed already which is assigned to
IMAP, POP, IIS, SMTP

the self signed cert is assigned to
IIS, SMTP

Im unable to de-select these options.

Do i need to delete the self signed certificate? if so how would i go about it

thanks
0
Hello everyone,

Been beating my head against the wall about this for a little bit, and other venues I've tried weren't able to provide a lot, partly due to my lack of knowledge.

We have internal DNS for ourcompany.com hosted on a Server 2012 machine, as well as public DNS for ourcompany.com hosted at GoDaddy. It seems that in the last couple months people have been having issues getting to some of our subdomains pointing to external parties, for example mail.ourcompany.com points to outlook.office365.com. Chrome seems to be the biggest offender when having issues. It seems the browser is looking for the cert for outlook.office365.com, but recognizes that it's coming from mail.ourcompany.com and obviously sees that they're not the same thing.

We only recently added the ourcompany.com forward lookup zone to our internal DNS, and it works fine off-network, so I don't know what I'm doing wrong with our internal DNS to get it to work properly.

Some have suggested pointing the DNS record(s) to an IIS box and do http redirect, rather than having DNS just point straight to the 3rd party.

It also seems that clearing Cached Images and Files in the browser clears up the problem for a few days, but I feel like there's gotta be a better solution than clearing cache via GPO.

Does anyone have any suggestions?

Thanks so much!
0
Hi

I have an issue with users in our USA office not being able to open an Exchange 2010 shared mailbox.  We are using RSA tokens (SecurID) to authenticate - I believe what is happening is they can log into the OWA site OK but when selecting add another mailbox, they receive the error 'A server configuration change is temporarily preventing access to your account. Please close all Web browser windows and try again in a few minutes. If the problem continues, contact your helpdesk'

The user I am dealing with in the USA tells me 'Hi Jason.  I can't get to any Houston-hosted box.  So if I try to log in using https://remote.company.com/owa, I get the "A server configuration change is temporarily preventing access to your account. Please close all Web browser windows and try again in a few minutes. If the problem continues, contact your helpdesk." error as it is trying to load my personal mail box.  Instead I log in with https://remote.company.com/OWA/ukmailbox@company.com/ so that it takes me straight to UK.  Once in UK, though, I get the same "A server configuration change..." error if I try to navigate to Houston@company.com'

I'm new to this position and there isn't much in the way of documentation - as far as I can see the client access for OWA setup is using forms based authentication -  there is a Forefront TMG 2010 acting as the Exchange Edge server - as far as I can tell the firewall rule in place for OWA on the TMG is doing what it should - however, weirdly if I …
0
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

We have web server hosted Certsrv (ADCS Role)... Delegations has been made for FQDN, SERVER name(NetBios name) and now it is working fine with https://FQDN/certsrv 

However by calling IP Address ie, https://1.2.3.4/CertSrv it is not working. So i just want to know can we delegate IP address for GMSA?

after some googling i found this article which clearly shows kerberos does not support IP address as it is a normal behavior
https://support.microsoft.com/en-ca/help/322979/kerberos-is-not-used-when-you-connect-to-smb-shares-by-using-ip-addres
0
currently we are having sts.federationdomain.com client asking to setup adfs.federationdomain.com

is there any chance to add this?? or i need to reconfigure it from the scratch with the new name.???
0
Many Google results on the topic but haven't found an explanation that works for me.  Default ssl.conf has a reference to the server's self signed cert  - SSLCertificateFile /etc/pki/tls/certs/localhost.crt.  Vhost conf has a similar references for the vhost specific cert.  This vhost cert has the alternate names for mydomain.com, www.mydomain.com and subdomain.mydomain.com.  

The server and ssl appear to work without the ssl.conf file.  However, that seems like a good place to set up cyphers so that my subdomain can inherit from a common configuration.  If I comment out the localhost cert, apache won't restart.  Assuming my vhosts are set up something like the following, how do I get apache use the vhost cert instead of the localhost cert?  

<VirtualHost mydomain.com:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/mydomain.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mydomain.key
    SSLCACertificateFile /etc/pki/tls/certs/mycadomain.crt

    ServerName mydomain.com
    ServerAdmin admin@mydomain.com
    DocumentRoot /var/www/mydomain/public_html
    ErrorLog /var/www/mydomain/error.log
    CustomLog /var/www/mydomain/requests.log combined
</VirtualHost>
0
I'm trying to replace the stock certificate that vCenter uses for the web console with a local MS CA certificate so errors don't get thrown about the browsers not trusting the cert.  I have found KBs and attempted to create a cert request with the vSphere utility (vCenter is on Windows Server), then process it on a MS CA (with custom template for this vSphere cert) and then tried to install it via the vSphere utility.  It takes forever and rolls back.  I just have some questions on the fields I enter when I create the request:

It asks for Name in the first part.  Is that just an arbitrary name that doesn't matter?  Or should it be specifically the plain name of the MS server?  Or the FQDN?  Or what?

There is a part where it looks like it assumes you are using VMware based CA, and it asks for the FQDN of the VMCA.  Since I am not using a VMCA, but rather a MS CA, for this field would I enter the FQDN of the MS CA or just the name of the vCenter server?

It looks like when I try to apply the cert, it shuts down all the vCenter services multiple times?  Does replacing this cert affect anything else other than the Web-based management console?   I don't want to screw anything up by doing this.
0
I had this question after viewing Replacing certificate on Exchange 2010 with wildcard cert.

Team, I have a cert to expire in the coming days, I was given a new Wildcard cert, but I am not sure how to renew or replace the one that is set to expire soon...

Question - Do I simply highlight the Cert that is expiring and Select Renew Exchange Cert? or do I Import the new Cert and then assign the Services that the old Cert had to the new one?  The new Certs I was given are end in CRT...Thanks for any help you can provide
0
Hello all,

We have an RDS server in play that only a handful of people use. It seems like a self-signed certificate expires in a couple of months and new one must be created and then installed on any machine that wants to connect to that RDS server. This requires us to touch the server and every machine that needs rdweb access to the server more frequently then we would like.

My question is: Is there anyway to lengthen the self-signed certificate to over a year, 2 years, 5 years?

Obviously a trusted SSL cert would resolve this, but I am looking for other options at this point.

Server is a Windows server 2012 R2 running remote desktop services.
0
Hi Guys,

I have configured Issuing CA 1 and Webserver 1
Issuing CA - (CA role, CA Webenrollment role, IIS)
Webserver - (Online responder)

Here my question is When i checked the IIS of webserver it show the website for OCSP running but when i click nothing opens (500 error)

Client request me to setup a website for OCSP to access externally, so any one please advise how can I proceed further.

OCSP website output should be - check the status of certificate with options yes, No, Unknown.

Can anyone guide me..?
0
Here's my environment:

Windows 2012 R2 NAT'd to public via FortiGate firewall.  Running IIS7 only for FTP.
I have one client who sends files in a batch once or twice a day.  the client supplied the SSL certificate for FTPS connection and all works well, mostly.
At some point in the transmission, FTP will stop transferring files and the Windows will log System Event 36888 from Schannel.  The TLS protocol error code is 20 and the SChannel error state is 960.

Research didn't track down an exact solution, but some folks were correcting the same error codes by replacing or 'fixing' the certificate.  I had our client generate a new certificate and installed it, but the errors/disconnects continue to occur.  

File sizes are 114KB and 36KB (they come in pairs).  Today, after replacing the cert, the client sent 240 pairs - 480 individual files - and there were five SChannel reset errors logged.  Each time that happens, the client has to restart the sending process.

the OS is fully updated.

Earlier in troubleshooting, I suspected the firewall - outdated OS/old hardware - and configured the path through our new FortiGate firewall (noted above)

I would much appreciate any input you have on how to troubleshoot further or what may be the cause

Thanks!

= k =
0
* Happens on my Mac Mini with El Capitan (up-to-date).
* Doesn't happen with all secure sites.
* Doesn't happen on my iPad which connects via the same router.
* Doesn't happen with Firefox, Opera or Chrome.
* Problem started after I had been messing around establishing a very basic user account for a student - I have double checked that Parental Controls are NOT turned on for my main account. The problem now occurs in the Student account too.
* I have tried changing the DNS setting.
* I have of course tried history & data clearing, restarting Safari, rebooting the computer.
0
Q2 2017 - Latest Malware & Internet Attacks
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Hi,
how can I disable HTTPS and enable HTTP on apache Tomcat?
Based on my researches I have to modify the server.xml in the root folder of apache tomcat. Must I modify the connector? how?
For my Webapplication I'm connecting to the port 8443
<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="-1" shutdown="SHUTDOWN">
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at 

Open in new window

0
Adfs primary server is up and running... adfs service is running using seperate service account

while configuring adfs proxy (DMZ zone non domain joined) we cant complete it... event ID 393

Error : Federation service cannot established to the federation proxy server.

questions:
what account needs to be used for installing adfs proxy ( im using local admin )

How to establish connection between federation server and proxy server??

proxy server is non domain joined then how it will communicate to adfs primary. Did i missed any step??

can any one please explain clearly step by step.. what we need to take care while installing proxy..?
0
Hi,I have a domain hosted on 1and1. I have purchased ssl certificate from third-party . is it possible for me to install that certificate for my website in 1and1???
0
Hi all,

I am in the process of setting up a two-way ssl certificate - I have gotten the initial certificate and am now trying to walk through being able to give the second site access. Does anyone have any good links that may assist in walking through the process?

Many thanks!
0
we are middle of the issue, i have installed Normal ssl certificate in adfs and its proxy servers after the old certificate got expired we cant acces the application..

receiving following error.. did all the basic trouble shooting steps but no luck can any one help

event id 381..
0
Working with a web service and a little out of my depth.  The example that I have been given asks for my cert with my private key as an option in stream_context_set_option.  Could this expose the private key unnecessarily / does this actually submit to the service?
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.