SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Having problems getting expired SSL replaced for VMware Horizon. I have new cert that i replaced the old one with, restarted services, but still have Horizon view in error state. Not sure what I'm missing.
0
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I need to secure a Glassfish Server in a Windows environment, it's running version Payara 4.1, I've requested the certificate using OpenSSL and now have the certificate from the provider GeoTrust but i'm struggling to now secure the web app.
0
Getting these 2 errors from domain controllers - unsure what it is, i checked and none of these servers have expired certificates


The revocation function was unable to check revocation for the certificate.
ErrorCode 0x80092012


Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID 52690 from YDC2.domain.com\domain-YDC2-CA (The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614 CRYPT_E_NO_REVOCATION_CHECK)).
0
Hit yet another 'overhead' in the ongoing saga of trying to get RDweb going on a 2012 R2

So, now I'm battling with certificates again, I had my 3rd Party SSL installed, but my certificate was installed in (LOCAL) not certserv.msc, so I have installed a bunch of components for AD CS:

CA
CA Web Enrollment
CE Web Service
CE Policy Web Service

So, trying to configure AD CS Configuration, chose Enterprise CA, Subordinate, now at the window with "Create new private key or Use Existing PK", I chose "Existing"..

"Select a certificate and use its associated Private Key" - allows me to import but then drops an error

&

"Select an existing Private Key on this computer" - doesn't show me my certificate.

"Active Directory Certificate Services setup failed with the following error: the file exists 0x80070050 win32 80 ERROR_FILE_EXISTS"



tried this powershell command, and it failed..
certutil -setreg config\setupstatus -SETUP_CLIENT_FLAG

certutil -setreg config\setupstatus 0x6001


Anybody gotten themselves out of this before?!
0
Hello,
i have 1109 Mikrtoik > Fortigate 240d > HTTP WebSites
the https websites is domainA.com, DomainB.com
i 1009 is router all 443 to fortigate wan port.
the fortigate should have the domainA.com and DomainB.com ssl certificate on it and the http website will identry to website througe the host header.
can i do it ?
thanks.
0
why we get sslhandshake issue in weblogic ?
if certificate expired or some other issue ?
0
Q1:
Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL:
https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates

Q2:
Which other vendors' SSL certs would you recommend to replace Symantec's?

Q3:
if we don't replace, what are the mitigating controls we can put in place?

Can it wait till Oct 2018 to remediate?
0
Hi

I have inherited a Magento shopping cart that is hosted on an old shared server, which does not offer SSLs. The site works well though.

I have copied the files and database over to a new hosting package that supports SSL and been able to replicate the website.

Although the new site works, it is painfully slow. There does not seem to be any notable errors in the log files.

Is anyone able to advise where I can track down the problem?

I have checked that the database connection is working fine and that the server seems to process test PHP files ok.

The site is at viewgc.co.uk

Thank you
0
hello,
i've fortigate firewall 200E and need to enable the quota for users when i search about that  with the support they advised me to install an ssl certificate and i've it now. shall i publish it via GPO or make template in the server that has certificate role?

thanks,
Ahmed
0
We have a docker container running NGINX and the certificate expired a week ago. I am now stuck trying to figure out what system to generate a CSR on, would it be the virtual machine docker is running on?
0
Will You Be GDPR Compliant by 5/28/2018?
LVL 1
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Hi , everybody

I configured a SSL VPN (webvpn) with ASDM recently , and I can open it through outside IP , and I can login , I added a intranet web server link in SSL VPN , and I could also open this server link ,but  appear garbled , when I finish entering username and password, I click the login button ,nothing happens .
I try to access web server in my company without SSL VPN , I could click login button and enter the secondary link.
In general , when we first click login button , browser will  point you to download a Plug-ins ,and you can access secondary page after install  Plug-ins .
if you had installed  Plug-ins , you can login and access secondary page with SSL VPN, but if you didn't install , browser won't point you to download Plug-ins , and you could not access  secondary page.
what should I do ? the intranet web server use http , not https , is there any relationship ?

Regards,
Kai
0
I am using cPanel for website management and wanted to install SSL for my site. However, the process to install SSL seems to be too complex as I had to do many steps to finish installing SSL. I am wondering if there is an easiest way to install SSL with cPanel with minimum configurations? Please assist...

Thanks!
0
We have a hosted server with an ssl certificate which we can access externally but on the wifi (dns external) we cannot access the hosted server. With the wifi and the hosted server are on different subnets behind the same firewall. Does anyone have any suggestions how we can overcome this issue?
0
Hi ,
In our Internet accounting system users redirected to hotspot login page (based on Mikrotik CCR1036 12G 4S and installed a star SSL cetificate) and when there is a congestion in the logon (more that 500 users attempt simultaneously,) many of users encounters errors such as "The web page is not available" or "SSL connection error".
In that time, DNS server (Bind on Ubuntu 16.04.2 server) cannot respond to nslookup query for hotspot login page (internet.xxx.yyy) in the troubled system (has time out to respond query).
Is there a SSL issue or DNS problem?


Best Regards
Zolfaghar
0
I have a windows program with the Markdown web server that uses a self-generated SSL certificate. I'm not the developer so I have no control over the SSL certificate generation.

But I notice that in the Program Files (86)/program-folder it has the spired.pem file with the private key and certificate (attached)

When I add a valid private key and a Let's Encrypt SSL certificate the web server stops responding.

Can someone guide me on how I could add a valid private key and certificate to the file?

Please note that the attached is a self-generated private key and certificate. I'm not sharing anything that needs to be kept private. It is useless to anyone else. I can regenerate anytime
0
Hello,
We are trying to find out if there are any circumstances whereby a login to a domain server requires an SSL certificate? If so, how can that certificate be identified, given there are multiple SSL certificates installed on this particular domain server?

Thank you for any assistance
0
Hello,
We have many SSL certificates on a domain server we maintain, some of which are expiring soon. We would like to know if there is any way to tell what service(s) a particular SSL certificate is assigned to?

Thanks for any help you can provide
0
Hi:

I am a web developer, not a server administrator. Due to unfortunate circumstances at my office, we no longer have staff that manages our servers, and I have been asked to get our server PCI compliant. Good times. The server is running Windows 2008 R2 64 Bit. There were 9 issues and I have resolved 7 of them. I am having a hard time with the last two. I have been reading for the last two days and I am still unclear how to resolve the issues. Hopefully someone here has the missing pieces I am looking for.

The two issues are:

1. SSL/TLS Weak Encryption Algorithms
2. Reflected Cross-Site Scripting Vulnerability

I don't want to over simplify the solution, but if there's anyone out there who can help me resolve these two items I'd appreciate it. I've included a screenshot of IIS Crypto 2.0 below.

http://awesomescreenshot.com/0046ess867

Thanks for any guidance.
0
Hi,

I have enabled SSL for tomcat 8 and my website is working fine in Internet Explorer,but in chrome it is giving me certificate error.

I am running on updated chrome version,may i know if am missing anything.

Thanks,
Vikram
0
SMB Security Just Got a Layer Stronger
LVL 1
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Hi All,

I have a web server that needs to host 2 SSL certs that will use 1 public IP address

I have added the certs to the server and added a new entry to the ssl.conf file

<VirtualHost *:443>
 #ServerName www.XXXXXXXX.com
 #DocumentRoot /var/www/site2
 SSLEngine on
 SSLCertificateFile /etc/httpd/conf/ssl.crt/XXXXXXXXX.crt
 SSLCertificateKeyFile /etc/httpd/conf/ssl.key/XXXXXXXXkey
 SSLCACertificateFile /etc/httpd/conf/ssl.crt/XXXXXXXX.crt
</VirtualHost>  

When I restart httpd.conf I get the following message.

Starting httpd: [Wed Nov 15 09:25:05 2017] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Obviously, it is looking at both certs and as both use Port 443 it goes with the first cert it sees and not the second. What am I missing?

CentOS 6.9
Apache with mod_ssl installed
0
How to set up two way ssl authentication ( mutual SSL authentication)  
 IIS to IIS.
i did IIS ssl setup , it works fine . ( made ssl settings as required).
servr1(iis) configured to use SSL
server2(IIS) configured to use SSL.

now i wan to set up two way ssl authentication between two servers( server1 and server2)
how to configure two way (mutual) ssl authentication between two servers( server1 and server2) to trust each other?
0
I have followed this guide
https://wiki.opnsense.org/manual/how-tos/sslvpn_client.html
and I have successfully  connected to and passed Auth.
*yes i did add rule to allow vpn traffic access to local resources

When connected to VPN , I can not ping my vpn gateway (10.0.0.1), I can not ping any local resources (192.168.37.X)
Outside of the the VPN I am able to make a connection.

Any help would be appreciated
ty
0
How to install SSL Certificate for bitbucket? Any pointers?
0
Hi,

I have configured SSL in tomcat,i am able to access the server using https.

But i am getting the certificate error.I have create below files to resolve the issue.
 1)keystore.jks
2)tomcat.keystore
3)xxxx.csr

From certficate authority i have created certnew.cer and certnew.p7b.

I opened certnew.p7b and used sub and root certficate to create root.cer and root1.cer.bacically i converted the root certificates format to base 64 encoded x.509

Then i used below commands to sent the two certificates to keystore.

keytool -import -trustcacerts -alias Root -file "D:\XXXXXXX\root.cer" -keystore "D:\xxxxxxxx\tomcat.keystore"

keytool -import -trustcacerts -alias Root1 -file "D:\XXXXXXX\root1.cer" -keystore "D:\xxxxxxxx\tomcat.keystore"

then i merged the server certificate by using below command

keytool -import -trustcacerts -alias biuser -file "D:\XXXXX\certnew.cer" -keystore "D:\xxxxxx\tomcat.keystore"

I have modified my server.xml file in tomcat as attached. (PFA)


i got a message that certificate key was installed to keystore,but still iam getting certificate error.
0
Hello everyone,

Been beating my head against the wall about this for a little bit, and other venues I've tried weren't able to provide a lot, partly due to my lack of knowledge.

We have internal DNS for ourcompany.com hosted on a Server 2012 machine, as well as public DNS for ourcompany.com hosted at GoDaddy. It seems that in the last couple months people have been having issues getting to some of our subdomains pointing to external parties, for example mail.ourcompany.com points to outlook.office365.com. Chrome seems to be the biggest offender when having issues. It seems the browser is looking for the cert for outlook.office365.com, but recognizes that it's coming from mail.ourcompany.com and obviously sees that they're not the same thing.

We only recently added the ourcompany.com forward lookup zone to our internal DNS, and it works fine off-network, so I don't know what I'm doing wrong with our internal DNS to get it to work properly.

Some have suggested pointing the DNS record(s) to an IIS box and do http redirect, rather than having DNS just point straight to the 3rd party.

It also seems that clearing Cached Images and Files in the browser clears up the problem for a few days, but I feel like there's gotta be a better solution than clearing cache via GPO.

Does anyone have any suggestions?

Thanks so much!
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.