SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Pls help...

User http access : sdm.mnd.com (75.68.129.206, Port 80)
Gateway will NAT the IP address & port to reserve Proxy server IP : 152.210.72.4:10118
RH Linux - Reserse proxy server : 152.210.72.4:10118
RH Linux application server : 152.160.85.4:10021

Verified the application server works well with direct IP.
RH Linux reverse proxy server, verified httpd successfully started.
Configuring reverse proxy settings, it is not working.
Can help me/ advise me what went wrong or to be modified...

User will access the URL http://sdm.mnd.com

Reverse proxy server httpd.conf file

<VirtualHost *:10118>
        ServerAdmin admin@mnd.com
        ProxyRequests off
        ProxyPreserveHost On
        ServerName sdm.mnd.com
        ProxyPass               /        http://152.160.85.4:10021
        ProxyPassReverse        /        http://152.160.85.4:10021
</VirtualHost>


Application server server.xml file

-->
      <Connector port="10021" protocol="HTTP/1.1"
      connectionTimeout="20000"

      redirectPort="8443" URIEncoding="UTF-8" />
   
      <!-- A "Connector" using the shared thread pool-->
   
<!--
0
OWASP: Threats Fundamentals
LVL 13
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Users cannot get to specific web pages (on IIS) using internet explorer 11, or microsoft edge.

The error message they recieve is attached to this question. Basically, IE is telling us to turn on TLS 1.0, TLS 1,1 and TLS 1.2

The Pages work fine in Chrome (I havent tested any additional browser),

Is There a way to see which protocols are being used in IIS and how we can modify them if necessary?
0
Hi,

I have a Apache webserver on centos7

Its perfectly running on http port 80

Below is the configuration

httpd.conf
Listen 80
User tomcat
Group apache



configured vhost.cong in  /etc/httpd/conf.d/
NameVirtualHost *:80

<VirtualHost *:80>

    ServerAdmin abc@def.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/htmlexample.com/
    ErrorLog /var/log/httpd/example.com/error.log
    CustomLog /var/log/httpd/example.com/access.log combined





I have generated csr file and purchased ssl certificate from godaddy.

got crt,pem and bundle crt file.
 kept all 3 files in /var/www/html/ssl and used chmod 770 for all 3 files.


modifued below in /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>

DocumentRoot "/var/www/html/example.com/"
ServerName www.example.com:443
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /var/www/html/ssl/example.crt
SSLCertificateKeyFile /var/www/html/ssl/example.com.key
SSLCACertificateFile /var/www/html/ssl/gd_bundle-g2-g1

getting error while restarting systemctl restart httpd

[root@xxx conf.d]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@xxx conf.d]# journalctl -xe
--
-- Unit httpd.service has finished shutting down.
Oct 12 23:23:36 xxx systemd[1]: …
0
We are working to get a set number of our servers hosted/managed by a third party vendor.  The servers will sit on their private cloud and our users will connect to the application via a URL.  We will be connected to the managed servers  via IP sec tunnel so the application URL will be considered in our domain.  The vendor is needing an SSL wildcard cert for the multiple URLs needed for this implementation.  My question is whether I can issue that cert out with our Internal CA or do I need to do through an external cert authority.  I'm a little new to certs and what all can be done with our internal CA so trying to get some direction here.  If I can issue one out to our vendor for this purpose, do I need info from their end to generate the cert request?
0
We have IIS 7.5 on Server 2008 R2 Datacenter. We have been using a Godaddy SSL cert and it had to be rekeyed. I did that, the SSL cert was approved and available on the website. I downloaded the zip file and followed Godaddy's steps. I added the intermediate cert using the Certificates MMC. Then I went to IIS and chose "complete certificate request" and chose the .crt file. When I add a "friendly name" and click okay, it looks like it's there. But, when I go to bind it to the website, it isn't there, and it disappears from the Server Certificates area in IIS.

I did some googling and found the following, which appears to have fixed the issue in that I can see the cert now: "Here are instructions to make the PFX if you have no private key. To fix this, use the MMC snapin to import the cert into PERSONAL, click it and grab the serial # line.  Go to dos, run certutil -repairstore my "paste the serial 3 in here" (you need the quotes) then refresh MMC with personal certs, right click it – export – select everything except DELETE PRIVATE KEY, hit ok.  Then go to IIS and IMPORT cert instead of finish request." (comment by pixelloa at https://blogs.msdn.microsoft.com/vijaysk/2009/05/22/disappearing-ssl-certificates-from-iis-7-0-manager/ )

When I went to export the PFX it prompted for a mandatory password, which I added, and then entered it when importing into IIS. This is a business website with about 50 users and I'd prefer this to run smoothly. Are there any caveats I should …
0
Hi,

I have a registered a domain at .ovh. I want to create a letsencrypt ssl certificate for my synology DSM5.2 NAS.

When running acme.sh I am getting this error message

acme.sh-error.jpg


I have opened ports 443 and 80 on my router to point to the NAS IP

I have no website just want to use an https login to access afp with synology DSFiles through vpn. Any idea how to fix the ssl certificate issue?

Thks in advance
0
We are working on a e-commerce portal that is built on Dot Net.

For faster response and scalability, we have implemented an ARR based Reverse Proxy and Disk Caching. The site is deployed on Windows server 2012 R2 standard & IIS version 8.5.96000. Origin & ARR Reverse Proxy, are on the same server as of now.

This works fine most of the time, except there are intermittent issues which we are unable to solve.

Again, on a staging site everything works well. But on production site with live traffic we are getting these issues:

net::ERR_CONNECTION_RESET 200 error. This gives me a blank page! This is again more frequent, but it doesn't come always. It comes when we are performing searches. Check the image here: https://i.stack.imgur.com/4m1kg.png

Moreover, for both of above error, if I just do a refresh, then it works fine!
0
We are working on a e-commerce portal that is built on Dot Net.

For faster response and scalability, we have implemented an ARR based Reverse Proxy and Disk Caching. The site is deployed on Windows server 2012 R2 standard & IIS version 8.5.96000. Origin & ARR Reverse Proxy, are on the same server as of now.

This works fine most of the time, except there are intermittent issues which we are unable to solve.

Again, on a staging site everything works well. But on production site with live traffic we are getting an issue of

PR_CONNECT_RESET_ERROR when accessing website.

Check the image here: https://i.stack.imgur.com/7zpVR.png.

This we're unable to find exact step, but we still get this error rarely while browsing. And our visitors are facing the same, as we found our traffic has impacted due to this.
0
I am trying to renew my NDES server certificates and since I upgraded my CA's and reissued their certs from SHA1 to SHA2 I am unable to add the Exchange Enrollment Agent (Offline request) to the templates available to issue from the CA.

Server 2012 R2 Active Directory Certificate Services installed.
0
I have a two tier Microsoft CA an offline root and online subordinate CA.  I have been having some issues since I installed it where some systems dont trust the subordinate and I will have to install the sub CA cert in trusted roots for the issued cert to be trusted.  I am also having issues with issued certificates showing up on iphones as not verified even know both the root and subordinate CA certs are installed on the iphone and the certificate trust settings for the root CA are enabled for full trust.  Any ideas?
0
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Hi Everyone. Can an SSL certificate be assigned to port 4443 instead of port 443 for RDP?
Can port 443 be shared between two different domain certificates for RDP remote.domain.com.au & remote.domain2.com.au?
Is there a way of securing RDP if none of these options are feasible?

Thank you in advance.
0
I have a client who has had two separate credit cards compromised in the last week.  Same user, same computer, different secure websites, and two totally different cards.  I have run malware and AV scans on the machine, verified the web browser was fully patched and didn't have any extensions installed, verified Gateway AV IPS and App Control was enabled on the Sonicwall.  We looked for rogue APs and came back clean.  Both cards were used within an hour of being used for online transactions and the cards were entered in to the web browser manually, not saved.  I am running out of ideas on where to look or what to even look for.  Any help would be appreciated.
0
Current setup:
Windows 2019 server
with Exchange 2019 running on it.

With an official certificate installed. We are using an anti-spam solution provided by the ISP. Mail will first be delivered to their spam filter before being pushed through to our exchange server.

In the old situation (Exchange 2013) we had the same setup with no issues. After replacing the entire network with the new exchange server the ISP is not able to deliver the email to us.
The error they are giving me is that when they (and only they) connect they are still seeing the .local (self signed) certificate.
Every check I do that I can do is showing me the correct official certificate.
We have checked the settings on the Exchange server and can’t seem to see anything wrong with those.
We have changed the MX record so that mail will be directly delivered for the time being and that is working without a issue. I do need to get the ISP back into the loop. Any help would be appreciated.

I did find the following article but i have no idea if this will be the solution to our problem.
https://community.spiceworks.com/topic/2101795-exchange-2013-receive-connector-enforced-tls-not-working-after-migration
The part that might be of use for me is from:
Got it. It looks like you are experiencing the same issue as I did. You should actually see something similar to this for the corresponding receive connector:

ServerName\Default Frontend ServerName <I>CN=Godaddy Secure Server CA, …
0
hello,
is their any guide for installing certificate authorty role to create certificate to apply it in internal services if i've an web application for example and need to access it using ssl certificate and it'll be internal only?
thanks
0
Hi,

I have a question regarding exchange 2016. I need a statistic of how many emails are encrypted on our server.

We want to switch from opportunistic to mutua TLS, but I need to know how many companies do not have TLS enabled.

Thank you in advance!

Best regards,
Bernhard
0
I know encryption decryption mechanism for a typical HTTPS based communications.

However, Failed to understand the how chemistry between below 2 blocks works  
{private&Public key} ---vs-  {SSL certificate }

Please advice
0
1. I'm running an EC2 virtual windows instance on AWS. I installed the SSL certificate on the IIS server.  I can get to the IIS server with http and https, however i need the site to display secured by default.  so if your typing http://domain.com it will default it to https://domain.com:9000 .    
2. When I type http://domain.com:9000 I can get to the site application however id I type https://domain.com:9000 the site can't be reached.  On AWS I believe part of the issue may be the AWS security group and or windows firewall on the virtual server or is it a CNAME entry that i need to configure between godaddy and AWS?
0
Hello,

I need to renew a secured certificate on a network device.  I need CRT file and the key.  

I created a CSR from IIS 7.5, got the cert from my vendor, and completed the cert request.  

I open up MMC>personal>certificates, select the cert at the right pane.  I tried to export, but I do not see an option to export the key.  

If someone knows how to do this, please advise.  

Many thanks.
0
Need a tutorial or pointer to create self-signed certificate which does not show "not secure" message in the browser tab for my local system which has a dns name(hostname)  as004.  Lets encrypt with certbot not able to do it. any ideas ?
0
Learn SQL Server Core 2016
LVL 13
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

I purchased  SSL wild
card on godaddy - https://www.godaddy.com/web-security/ssl-certificate.
And I already downloaded zip and get CRT, PEM, and PKC# 7 Certificates.

And I want to use it on my domains (e.g. www.abc.com, xyz.abc.com)  and they are hosting on Azure App Service (not virtual machine). and my Azure subscription is okay to accept SSL.
At this moment, I do not know how to do that. I follow the article below, and I have no idea what to do. Here experts, please help.

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl

Please help
0
How do you add a service reference for a secure web service in Visual studio 2019...

I can view WSDL in browser as the browser asks for the certificate but VS just says can not establish secure ssl/tls.

I have the very in the trusted root store and have given account access unless VS runs under a different account?
0
Dear All,

I would qualify as a 'novice' at best on this so I am probably out of my depth... but...

I am using ProcessMaker the Opensource Workflow engine and I would like to connect it to a secure SOAP Web Service to carry out various integrations - essentially using ProcessMaker as a middleware with a friendly UI purely for demonstration sake.

I have processmaker installed:

ProcessMaker Ver.3.3.6-community
PMUI JS Lib. Ver.0.1.1
MAFE JS Lib. Ver.release/3.3.6.99ec24f
PM Dynaform JS Lib. Ver.release/3.3.6.16ded01

With PHP infoPHP Info attached.

ProcessMaker appears to support SOAP API Connections and there are plenty of examples of how to connect when its http... but I need to connect over https.

I have a web service certificate in the trusted root store and if I navigate to the WSDL in a browser I can view (you need the cert to get to the wsdl).

Once I get into the webservice the call I am trying to make is getPersons which is detailed here:

Web Service WSDL
______________________________________________________________________________________________________________________

<wsdl:types>
<xs:schema targetNamespace="http://cliq.shared.assaabloy.com/ws/query/v2/">
<xs:import schemaLocation="https://cwm02.abloy.com:443/CLIQWebManager/ws/query/v2/?xsd=6" namespace="http://cliq.shared.assaabloy.com/ws/data/v2/"/>
<xs:import schemaLocation="https://cwm02.abloy.com:443/CLIQWebManager/ws/query/v2/?xsd=4" 

Open in new window

0
I have a Apache tomcat 8 webserver running on Windows 2008 server.

It is used to run crystal reports on port 443. it is configured in server.xml for that port.

I am having problem getting the new SSL certificate to work. The non-sslport 8080 works fine. Site is private and restricted to few IP addresses.

Is there a way to redirect any HTTPS requests to the server from port 443 to non-ssl port (http) running on port 8080 until I get SSL port working?
0
I am using ClickOnce deployment to deploy a program to client's computers. I signed it with a self signed certificate and added it to my root CA just for testing. I then deployed updates onto our web servers to test our update feature as described here:
https://docs.microsoft.com/en-us/visualstudio/deployment/how-to-check-for-application-updates-programmatically-using-the-clickonce-deployment-api?view=vs-2019
However, when attempting to download the manifest, it returns an error. Below is the log:

Following errors were detected during this operation.
	* [7/25/2019 4:08:55 PM] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
		- Downloading https://aienrqa2.synergydcs.com/Downloads/WYEPB/EPB.application did not succeed.
		- Source: System.Deployment
		- Stack trace:
			at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
			at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
			at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState, X509Certificate2 clientCertificate)
			at System.Deployment.Application.DownloadManager.DownloadManifestAsRawFile(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
			at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirect(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification 

Open in new window

0
I have a file  from CA (certificate authority) .crt file with multiple BEGIN CERTIFICATE and END CERTIFICATE snippets inside.  I have a node js program to make my site https.
This program takes sslKey": "private-key.pem", sslCertificate": "lws-cert.pem". Now i assume i have the .crt file which can be renamed as lws-cert.pem and used in the program and what about private key ?
Am i missing something ? Is my aproach correct ?
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.