SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Getting a TLS error on a particular web site when connecting via a Fortinet VPN connection. Error is "Can't connect securely to this page. This might be because the site uses outdated or unsafe TLS security settings".

The site works fine when connecting from the local LAN.
0
Python 3 Fundamentals
LVL 13
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Hello!
I want to setup ssl free certificate that will also renew automatically. As I know the best option is letsencrypt.
Plz if anyone knows how to perform that task or maybe have really working manual - help me. Please!
0
Hello dear friends
I need your help with configuring encryption between web browser and proxy server (SQUID)
I have working squid on vps with ncsa authorization but I don’t know how to encrypt traffic  between proxy client and server. I don’t want to use vpn or http tunnel for it. Plz help.
0
We have to be PCI compliant and on the PCI comliance report, I have an issue with port 465 and my exchange cert.  Not sure why it's throwing an error, but
it's complaining about a self signed cert.  I'm running exchange 2016, and in my certs section, there are 4 certs, one is invalid, expired.

The multiple names certificate is my good, or real, valid cert, from Godaddy. The report is complaining about either the  wmsvc-sha2 cert or the other,
my question is, can I delete every cert here except my multiple name certificate?   Will that cause any issues to mailflow, or OWA?

Not sure how to resolve this issue?  Any thoughts?

elisha is the name of my exchange server.

Exchange certs
cert

PCI error
PCI error
0
I try an  Https  POST  but the response  is empty . i'm with indy  10.5. It was working with indy 9,  after upgrading to indy 10  a response  is empty '';

   
      TSideStream = class(TIdMultiPartFormDataStream)
  public
    property RequestContentType: string read FRequestContentType write FRequestContentType;
  end;
      
      DataStream := TSideStream.create;
      
      IdHTTP.ProxyParams.ProxyServer          := '';
    IdHTTP.ProxyParams.ProxyPort            := 0;
    IdHTTP.ProxyParams.BasicAuthentication  := False;
    IdHTTP.ProxyParams.ProxyUsername        := '';
    IdHTTP.ProxyParams.ProxyPassword        := '';

  IdHTTP.Request.ContentLength := -1;
  IdHTTP.Request.ContentRangeEnd := 0;
  IdHTTP.Request.ContentRangeStart := 0;
  IdHTTP.Request.ContentType := 'text/xml';
  IdHTTP.Request.Accept := 'text/xml, */*';
  IdHTTP.Request.BasicAuthentication := false;
  IdHTTP.Request.UserAgent :=  'Mozilla/3.0 (compatible; Indy Library)';
  IdHTTP.HTTPOptions := [hoForceEncodeParams];
  
        DataStream.AddFormField('WUA_VERSION', '1.0');
        DataStream.AddFormField('MODEWUA', 'ACTION');
        Horodatage := FormatDateTime('yyyy-mm-dd hh:nn:ss', Now);
        DataStream.AddFormField('DATE_LOCAL', Horodatage);
        t1 := '01-63-0100-999999-999-54';
        DataStream.AddFormField( 'AGREMENT', t1);
        DataStream.AddFormField('REMOTE_ID', 'A0-9999-9999-710001-71');
       t2 := 'FR5375009P';
        DataStream.AddFormField('ITR_ID', T2);
      

Open in new window

0
I'm trying to connecto to this url, just using a get request.  But always get the error EIdOSSLConnectError "Error connecting with SSL"
var
  IdSSLIOHandlerSocket : TIdSSLIOHandlerSocket;
begin
url := 'https://api.monspecialisteauto.com/api/v1/concessions/inspections/report?vin=YV1FW88A1C1044176&apikey=c05b181f-415c-4044-836d-4fb0a201c77e'
IdSSLIOHandlerSocket := TIdSSLIOHandlerSocket.Create(nil);
IdHTTP.IOHandler := IdSSLIOHandlerSocket;
          IdSSLIOHandlerSocket.SSLOptions.Method := sslvTLSv1;
          IdSSLIOHandlerSocket.SSLOptions.Mode := sslmUnassigned;
          IdSSLIOHandlerSocket.SSLOptions.VerifyMode := [];
          IdSSLIOHandlerSocket.SSLOptions.VerifyDepth := 0;
          IdSSLIOHandlerSocket.PassThrough := True;
   IdHTTP.Request.ContentType := 'application/json';
    IdHTTP.Request.Accept := 'text/html, */*';
    IdHTTP.Request.BasicAuthentication := False;
    IdHTTP.Request.UserAgent := 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134';
   IdHTTP.get(url);
end;
and i have error connecting with ssl, i use indy 9 and open ssl indy_openssl096k that i download from https://indy.fulgan.com/SSL/Archive/
this works with some links https like google.com but not my URL.
0
assistance required for SSL certificate renewal for subdomains
0
How do I set port forwarding to connect my exchange server with the public ip of my mail.domain?

Do I need Routing and Remote Access Service (RRAS)  If so do I put it on a DC01, DC02, Gate, Exchange or create a new Server to put it on?
0
I had exchange 2010 on an old server. I forcefully uninstalled Exchange and turned the Server Off.

I installed exchange 2019 on a new server. I was able to install and successfully rekeyed and added the SSL License .

Problem using SSLlabs SSLtest I found that "mail.advsystems.com" is still pointing to the old server.

https://www.ssllabs.com/ssltest/analyze.html?d=mail.advsystems.com.

How do I get it to point to the new server

Edit

I edited GoDaddy to the Exchange Server IP 192.168.103.150 from (98.191.213.57) and now it is spitting the error

Assessment failed: IP address is from private address space (RFC 1918)

https://www.ssllabs.com/ssltest/analyze.html?d=mail.advsystems.com
0
We have application using SQL Server 2008 Reporting Service. Usually running normal. but during our security tightening it has some problem. Usually we can test the connection by user browser (IE 11):

hpttps://ctrprt.n2.local:8181/ReportServer (for prod)
hpttps://ctrprtdev.n2.local:8181/ReportServer (for prod)

The production wasok but the development first has problem: . First the problem said "Turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connection..." (notes both were fine before the security tightening)


Then I enabled the , TLS 1.1 and TLS 1.2 on my IE 1.1 then when I tried to connect again it showed "This page can't be displayed"

How I begin to troubleshoot this? I am not really familiar with this reporting server.


Thank you,

Iwan
0
Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

certification
kindly i need to create local SSL certificate for Linux web server  via AD CA authority ,so please advise how to create it and whcich one should be installed on the server and  the clients PCs.
it is internal webserver not be published
0
I need help getting a Kyocera TaskAlfa 3552ci to allow printing over IPP and IPP over SSL.
0
Experts,
 We have sharepoint 2013 with 5 Web servers with 2 Load balance (F5).  We are going to implement SSL offloading to our environment. I would like to work on some detail plan to implement on QA server first.

Can you please guide me come up with some detail plan to implement?
0
Does anyone have a step by step process on creating/applying certificates for Remote Desktop Gateway server. Everything I read is so vague about the process.
0
I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.

In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.

Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCertEntry) of the imported certificates in .keystore decided by the way of importing? or by the .cer file itself?
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?

Thank you!
0
Centos 7 using firewalld

Am trying to redirect all requests to port 80 to port 443.. Otherwise http to https

I have added this rule forward-ports: port=80:proto=tcp:toport=443:toaddr=

But it doesn't seem to work
0
Hi Experts,

One of my customers is encountering the following error when accessing our site, https://pavement-science.com.au:

This page can't be displayed
Turn on TLS 1.0. TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://pavement-science.com.au again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 Link for the details), which is not considered secure. Please contact your site administrator.

He gets this error using Chrome and Firefox, but not with IE or Edge.

Regards,
Leigh
0
I have tried to update my WCF service to use https but ran into so many error that I decided to switch back to http before starting the process again (at some point). However now that I have switched back to http I am getting the following error when I try to build the service. This was previously working under http but obviously I broke something when attempting to move to https.

Severity	Code	Description	Project	File	Line	Suppression State
Error		Reference.svcmap: Failed to generate code for the service reference 'ServiceReference1'.  Cannot import wsdl:portType  Detail: An exception was thrown while running a WSDL import extension: System.ServiceModel.Description.DataContractSerializerMessageContractImporter  Error: Exception has been thrown by the target of an invocation.  XPath to Error Source: //wsdl:definitions[@targetNamespace='http://tempuri.org/']/wsdl:portType[@name='ITransaction']  Cannot import wsdl:binding  Detail: There was an error importing a wsdl:portType that the wsdl:binding is dependent on.  XPath to wsdl:portType: //wsdl:definitions[@targetNamespace='http://tempuri.org/']/wsdl:portType[@name='ITransaction']  XPath to Error Source: //wsdl:definitions[@targetNamespace='http://tempuri.org/']/wsdl:binding[@name='SOAPendpoint']  Cannot import wsdl:port  Detail: There was an error importing a wsdl:binding that the wsdl:port is dependent on.  XPath to wsdl:binding: 

Open in new window

0
We have a Ent root certificate server. It is issuing certificates.  We are trying to enroll a certificate for a server and got an error. I am not sure whether we have selected the correct template for a webserver or something else.  The template was created from a built in server's template and published it as mysrvssl.
 The template permission is set to read and enroll for the server and read permission for authenticated users. I also noticed that STATUS:unavailabe when i try to request using certificate console.
The error message was as below when we try to request a SSL cert.
The request template version is newer than the supported version
MySRV.mydomain.loca\CA
Denied by policy Module
The request template version is newer than the supported template version 0X80094807
(-2146875385 CERTSRV_E_BAD_TEMPLATE_VERSION)
The request ID is 9323[/quote]
0
OWASP: Threats Fundamentals
LVL 13
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

RDweb remote desktop connection computer is different from RDweb/webclient remote desktop connection computer

https://domain.com/rdweb/webclient remote desktop connection computer shows our external domain on our SAN certificate. This desktop client has its connection refused. If I change the computer name to the internal IP address of the RDGateway/Client Broker/Session Manager ( same server ) its connection is accepted but then I am prompted an additional time for credentials since the public certificate server name does not match our internal server name or iP address.

Just connecting to the to RDweb server https://domain.com/rdweb the desktop client which is downloaded to my computer when I select it already contains the internal IP address of the RD server and connects without needing to re-enter credentials due to a certificate mismatch.

We want to be able to use the actual webclient but can't currently due to this limitation.

Server 2016 RD all roles on same server behind our firewall.
0
I am trying to convert my WCF service from http to https. I have purchased an SSL certificate and now I am looking at updating references to http to https. However when I do this I am getting the following warnings:

Users\Administrator\source\repos\TiosService\TiosService\App.config(141,79,-1,-1): warning : WCF configuration validation warning: The 'bindingConfiguration' attribute is invalid - The value 'webHttpsBinding_ITransaction2' is invalid according to its datatype 'serviceBindingConfigurationType'.

Below is the app.config with the changes I have made highlighted. Appreciate some guidance.
regards
Pat
 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <configSections>
    <section name="oracle.manageddataaccess.client" type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.122.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342" />
  </configSections>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
    <add key="ClientSettingsProvider.ServiceUri" value="" />
    <!-- minimum levels Verbose, Debug, Information,Warning, Error, Fatal -->
    <add key="serilog:minimum-level" value="Information" />
    <add key="serilog:write-to:RollingFile.pathFormat" value="C:\TiosFolder\TiosServerLogs\ServerLog.txt" />
    <!--<add key="serilog:write-to:RollingFile.outputTemplate" value="customTemplate"/>
    <add key="serilog:write-to:RollingFile.fileSizeLimitBytes" value=""/>-->
   

Open in new window

0
I'm trying to set up an SSL endpoint on my server (Windows Server 2012 R2) so that it can receive https POSTs from an external server. I am using a simple REST framework for Powershell called RestPS: https://github.com/jpsider/RestPS to listen on port 8089 and I have an SSL certificate that I'm trying to use but I am getting errors when I try to use it. I'm very much a novice with SSL certificates and need some help. When I run Start-RestPSListener in Powershell, I get these messages:

SSL Certificate deletion failed, Error: 2
The system cannot find the file specified.

SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.

Starting: https:// Listener on Port: 8089

Open in new window


I'm not sure what those errors mean or if they matter. But something isn't right because when I try to POST from the external server I get an 'unknown SSL protocol error' connecting to my server.

I've looked at the certificate stores using the MMC and there's a bunch of stuff in there, but it's all very confusing to me.

Not sure if this is related: I'm also running Apache on this server, and it is listening on port 443 using the same SSL certificate. It is working fine and receiving POSTs.

Also, here's what I'm getting from the external/remote server trying to POST to my server:

 Trying <<ip address>>...
Name '0.0.0.0' family 2 resolved to '0.0.0.0' family 2
Local port: 0
Connected to <<domain name>> (<<ip 

Open in new window

0
Dear All


              I have recently Migrated on premise exchange mailbox to O365 but I found it can not connect to outlook on premise window 7 computer, and I found out my exchange ssl certificate only contains "mail.domain.com" but not "autodiscover.domain" , what I need is a Muti SAN certificate, but I just created below SRV record in public DNS server instead of buying a Muti SAN certificate, after that I tested but it still can not connect in outlook for the migrated mailbox, see bottom screenshot,  I receive the popup saying that it redirecting to https://mail.domain.hk/autodiscover.autodiscover.xml , what I can do in order to get this resolve ? any help would be appreciated


Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.domain.com


1

1
1
We have a system that is meant to send out data and messages to an external system (via 443/tcp 80/tcp). This extract system was working perfectly well when our internal system was hosted on Server 2008 R2. We have recently upgraded to 2012R2 and the extract is unable to send outbound data except we have an active browser session by launching the browser and visiting an external website (any website at all as long as it is on the internet). Once the Browser session is closed, the outbound transfer of data becomes impossible.

Thank you
0
We are using Exchange 2013, and we have started to receive "Revocation check failed" for SSL certificates, which we purchased from GoDaddy, I have attached screenshot.
I have tried to follow instructions on "https://blogs.technet.microsoft.com/bshukla/2012/04/30/certificate-revocation-checked-failed/" but after step 2 I receive an error;
[SC] CreateService FAILED 1073:

The specified service already exists."

So even I continue after this nothing happens, means I don't see step 4: which is "Locate “Interactive Services Detection” icon blinking in the taskbar and click “view message”

We do use proxy (BlueCoat), which I have taken out, but it still doesn't seem to resolve the issue.

thanks.
Cert.JPG
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.