SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

My client wants all his users to be on Outlook 2016. On six computers running Windows 7 and Outlook 2003 after installing Outlook 2016, when creating a new message the social networking links in their message would give the error: Certificate Error The application experienced an internal error loading the SSL libraries." This message would pop up 16 times and looking at event viewer there would be 32 instances of Schannel error 36887. I have removed the social networking links for now, but I know the boss will want them back. Certificate error
0
Four New Appliances. Same Industry-leading Speeds.
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Hi all,

I am in the process of setting up a two-way ssl certificate - I have gotten the initial certificate and am now trying to walk through being able to give the second site access. Does anyone have any good links that may assist in walking through the process?

Many thanks!
0
Hello,

I made an app in Delphi Seattle.
The app sends an email to the user.
For this I deploy libcrypto.so and libssl.so.

Interestingly so far it worked well under Android 5 and 6 too, but now I noticed that it works well only with 5 but not with 6 and 7,

The error message is:

Error!
[EldOSSLCouldNotLoadSSLLibrary]
Could not load SSL library.

I read that starting with Android 6 Marshmallow, Google no longer supports OpenSSL on Android.

The question is what should I do so as the Android 6 and 7 users would get my email.

Thank you very much.
0
we are middle of the issue, i have installed Normal ssl certificate in adfs and its proxy servers after the old certificate got expired we cant acces the application..

receiving following error.. did all the basic trouble shooting steps but no luck can any one help

event id 381..
0
Working with a web service and a little out of my depth.  The example that I have been given asks for my cert with my private key as an option in stream_context_set_option.  Could this expose the private key unnecessarily / does this actually submit to the service?
0
Hello All,

I need your help to fix CVE-2016-2183 vulnerability in my CentOS release 6.9 (Final) instance.
I have checked for the various solution to fix this like to make the changes in apache/ngnix configuration. But, i dont have apache/ngnix install in my instance.

The openssl version installed in my instance is OpenSSL 1.0.1e-fips 11 Feb 2013.
When I'm trying to update the openssl package using yum, it did not identify any new version of the package available for installation.

Regards
Rukender
0
All

We have a requirement where we need to build a WCF service which can make outbound calls (as client) to backend services which requires 2-way SSL (mutual-authentication).

We have been trying this with no luck. It works with 1-way SSL (WCF as client), but when we set the backend services to require 2-way SSL, the handshake failed at the point where WCF is supposed to send its certificate to the backend service, but it doesn't.

Any one has experience doing this? Any clues of what the problem could be will be much appreciated.

Best Regards
Charles
0
I have a Debian server with about 15 websites running fine. I added a new website and that is too running fine. However, I also want to add a ssl connection for this website, but whatever I try Apache refuses to show the website. It just shows the default debian page. I allready tried replacing the default ssl file with the file for the website, but then I get a ssl protocol error. Apachectl shows no errors, so do the logs. If I make an error in the config file apachectl gives an error, so the conf file is read by Apache. I've been figuring this out for hours, but I am completely stumped now.
0
I'm trying to enable certificate authentication in ADFS 3.0. I've deployed a client authentication certificate. I've enabled certificate authentication as a primary method of authentication for both extranet and intranet. When I attempt to log on, I click on the "sign in using an X.509 certificate link"  but I do not get a prompt to select a certificate and nothing happens. There is no firewall between the client and ADFS server.
0
This TLS issue will belongs to SSL certificate or any changes we need to update on our server. Please assist me on this on high priority .


Regards
Rajesh
0
Ransomware Attacks Keeping You Up at Night?
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Hello,

I have a question regarding ROOT CA ?  What do they mean by root CA ?  If I have domain like abc.com and if I have SSL certificate for abc.com,  is abc.com  ROOT CA ?
0
I wish I had the screen shot to explain this problem better, but it does not come up on my machine, so I don't. OK: here is the issue. We had an SSL certificate: remote.whistlerbuilder.com because we used to remotely access our email and files. However, we changed servers and no longer use that SSL certificate. The time came to renew from GoDaddy and we did not renew it because we did not need it. Ever since then every time some of the people from our office log in to Outlook 365 (desktop), they get a Security Alert message that comes up with regards to an error in the SSL certificate. I do not know how to get rid of this message. I am not comfortable go into root files, etc. Isn't there an easy way to get rid of the error message?

Kind Regards,

Tina
0
Hello,

We have trusted certificate for our ROOT domain and needs to setup few subdomain.  What exactly we need to do, in to subdomains to work properly?
0
I have used 3 set of codes(where I used Indy10.6.2 component), which doesn't show any errors, but i can't able to send SMS through the code. Please help me to send me the Sms through Delphi code

The code which I used is...

const
  URL = 'https://api.bulksmsgateway.in/send/?username=****&hash=****&sender=TXTLCL&numbers=9198........&message=HISUNDAR';
  //URL = 'https://api.textlocal.in/send/?username=*****&hash=******&sender=TXTLCL&numbers=9198...&message=HISUNDAR';
  ResponseSize = 1024;
var
  hSession, hURL: HInternet;
  Request: String;
  ResponseLength: Cardinal;
begin
  hSession := InternetOpen('TEST', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
  try
    Request := Format(URL,[Username,Password,Sender,Numbers,HttpEncode(Message1)]);
    hURL := InternetOpenURL(hSession, PChar(Request), nil, 0,0,0);
    try
      SetLength(Result, ResponseSize);
      InternetReadFile(hURL, PChar(Result), ResponseSize, ResponseLength);
      SetLength(Result, ResponseLength);
    finally
      InternetCloseHandle(hURL)
    end;
    showmessage(result);
  finally
    InternetCloseHandle(hSession)
  end





var
http : TIdHTTP;
IdSSL : TIdSSLIOHandlerSocketOpenSSL;
begin
 http := TIdHTTP.Create(nil);
 IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
 try
  Http.ReadTimeout := 30000;
  Http.IOHandler := IdSSL;
  IdSSL.SSLOptions.Method := sslvTLSv1;
  Http.Request.BasicAuthentication := True;
 // IdSSL.SSLOptions.Method := sslvTLSv1;
  …
0
Hello, I'm using this component to make my system and I came across a problem when sending a post to a certain form where I have to post a captcha code, simply by sending the post to that url, the html returned is like a one GET, because the error message does not come informing the wrong code, it simply does not post the information, I only have a problem on this page, all the others managed to work, get it and posts, I need help in this part!
0
I have to write a Node.JS application that connects to a remote server.  The remote server has a login manager that authenticates my session then spawns a separate process to handle the rest of my session.  The way that works is that I have to make a non-SSL network connection to the login manager and do an initial unprotected handshake.  The lets the client and server negotiate if they will be doing SSL or plain text communications.  If SSL then I need to elevate my socket to an SSL socket, send my login and password along with some other initial information, then get a success of failure message back from the login manager.  If success then I know the login manager is starting a new process and handing off my open socket connection to that new process.  Since the server can't pass the SSL context it de-elevates the SSL connection and runs a program passing it the non-SSL open socket.  Then the new program creates it's own SSL context on the open socket. So in my Node.JS code I need to close the SSL socket but leave the raw socket open.  The new program will send me a success message when it is up and running at which time I need to re-elevate my open socket to SSL again.

My question is how can I close an SSL socket leaving the raw socket open so I can continue to use the raw socket and then re-elevate it to SSL again?
0
I need to see the DNS resolution requests of my applications audited and if necessary modified before being sent. I suppose the easiest would be a local resolver that would review my requests before forwarding them to the resolver of my ISP? Another way would be to monitor and be able to override UDP/53 traffi (something I have no clue about). Is there an open source I could use?
Also, I would need this on all OS.
How would you do that? Or would there be a free solution that exists?
Need: support of iDNs as per RFC 5895 for the wole machine (transparent to applications), management of variants, parental control, typos correction. Etc.
Thank you!
0
I am attempting to load new SSL certs into my Tomcat Server. I was successful in creating a new KeyStore and CSR. before I import the certs I was able to browse to my site internally via the correct port. However, after successfully importing the certs in the Keystore I am unable to browse to the site. I am new to Tomcat and would appreciate any assistance.

Thanks.
2017-05-23--1-.png
2017-05-23.png
0
I have 1 website with 1 IP in IIS using both port 80 and port 443. I own 2 wild card certs, one for the external address (@mycompany.com) and one of the internal address (@inside.mycompany.com)

Current SSL certificate that's tied to port 443 is using the external Cert. And the website is reachable external via SSL without issues.
Internally we can reach the website using http on port 80 with the FQDN and that works fine

Management wants SSL applied to the internal web site instead of using http. One method I thought of was to add an additional IP to the website. In Local DNS add a new host name pointed to that IP. Bind the internal Cert to the IP on Port 443. Everyone goes to the website using the new FQDN. To get to the internal Site they using the new FQDN. The concern I have with this approach is that the server still has 2 IP's and local DNS will reflect that. If anything anywhere references the FQDN of the server they could end up getting an error or the wrong item displayed. I

what other options are there?
0
New feature and membership benefit!
LVL 9
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

I have setup an Apache web-server to request client certificates and I need to revoke some of the client certificates. Removing them from the client machine is not an option so I need to revoke them from the server so it does not see them as valid.

I'm trying to use the command :

openssl ca -revoke /etc/ssl/certs/client123.pem

where client123.pem was a certificate validated by the web-server (where the ca was configured).

Thanks
0
Does any one know how to disable sslv3 and activate TLS1,2 for a cisco switch catalyst

I searched for a very long time but i found nothing
0
Just renewed a standard ucc SSL.  I want to add it to our on premise Exchange 2010.

Question:

1. What are the steps to remove the old SSL in our Exchange (still in use as of now) and add the new SSL?
0
Hi all,

Since Apple decided to stop allowing PPTP, we had to reset our VPN server to use SSL / SSTP. I have set up the server as per the guidelines from Microsoft, however I am unable to connect to the server. I get the following error message: The revocation function was unable to check revocation because the revocation server is offline. I have checked all the services on the server and everything seems to be up and running. In the event viewer I get error 18:

The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

The system cannot find the file specified.

I do not know which file it is looking for.
0
Hi All,
I recently took over a Lync 2010 setup that had a self-signed certificate. I've been asked to set up federation with outlook.com and enable mobile access. The first thing to do was get a proper certificate, which I did from GoDaddy. That cert has been applied and when testing both internally and externally using the ruct.exe tool from http://blog.insidelync.com/2011/11/the-remote-uc-troubleshooting-tool-ruct/ the correct certificate is being pulled down, Lync on desktops internally and on laptops from home all continue to work away as normal.

The problem is I cannot get federation or mobile access to work. I've enabled federation, have port 5061 open in and out to the edge server, Gone through the federation with Microsoft etc.

I think the issue is still down to the certificate though. When I test the certificate using DigiCert or SSL shopper neither can connect. both say the connection failed so the SSL cert check fails too.  I am able to telnet to my edge's address (DNS and IP) on ports 5061 and 443 and the RUCT tool is able to connect without issues.

Any idea what could be causing the digicert and ssl shopper certificate checkers to fail to connect? I can only assume a cert problem is causing my federation and mobile woes. I've nothing else to go on

Thanks
0
Greetings,

I have been looking for a way to clone an existing wildcard certificate using a new CSR. It can be done - see https://www.digicert.com/ssl-support/duplicate-ssl-certificates.htm

I have reviewed OpenSSL and "googled" but have not come up with an answer. Note that this is not a reissue - the cert properties are retained.

Thanks,
Rick
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.