SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

We are using Exchange 2013, and we have started to receive "Revocation check failed" for SSL certificates, which we purchased from GoDaddy, I have attached screenshot.
I have tried to follow instructions on "https://blogs.technet.microsoft.com/bshukla/2012/04/30/certificate-revocation-checked-failed/" but after step 2 I receive an error;
[SC] CreateService FAILED 1073:

The specified service already exists."

So even I continue after this nothing happens, means I don't see step 4: which is "Locate “Interactive Services Detection” icon blinking in the taskbar and click “view message”

We do use proxy (BlueCoat), which I have taken out, but it still doesn't seem to resolve the issue.

thanks.
Cert.JPG
0
Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

I have set 2 custom cookies to be saved when user clicks a button that runs the script to save the cookies.

The issue is that I need these to be saved through HTTPS because I am using them on a store locator page, and need a secured connection to allow for location detection to happen properly.

When I do not add TRUE for secure connection and leave code as shown below, the cookies save just fine when running through HTTP.

setcookie('lat', $_POST['lat'], time()+62208000, '/', $_SERVER['HTTP_HOST']);
setcookie('lng', $_POST['lng'], time()+62208000, '/', $_SERVER['HTTP_HOST']);

Open in new window

However, when I try to add TRUE for secure connection as shown below, it does not work properly with HTTPS running:

setcookie('lat', $_POST['lat'], time()+62208000, '/', $_SERVER['HTTP_HOST'], TRUE);
setcookie('lng', $_POST['lng'], time()+62208000, '/', $_SERVER['HTTP_HOST'], TRUE);

Open in new window


I have tried including httponly as either TRUE or FALSE as well, but nothing seems to have worked.

If anyone could give any tip about getting this resolved, I would appreciate it!

Thank you!
0
I am getting an error on running nginx as a reverse proxy to access multiple servers with ssl.

The initial ssl forward seems to happen properly but once I'm logged in the issue occurs.

The error only seems to show up after I have logged in. See screen shots to see what I mean.

This same behavior seems to happen on other servers as well.

I want to run nginx not other reverse proxies so please advice on the current config not other solutions.
lpr-error.jpg
lpr-login.jpg
0
Need to consume a SOAP webservice with an SSL Certificate, we have the certificate and is in PEM format, all attempts to connect to the endpoint say, we've looked everywhere online and can't find the solution to this and the documentation on PHP and OpenSSL is... complex...

Error: SoapFault exception: [HTTP] Could not connect to host in

Open in new window


If we comment out the $localCert we can connect to it, the PHP version running is:

[root@smpp StartNotification]# php -v
PHP 7.0.3 (cli) (built: Feb  4 2016 20:50:17) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
[root@smpp StartNotification]#

Open in new window

    $localCert = "file.pem";
    $opciones= array( 
        "local_cert" => $localCert,
        "trace" => 1,


        "exceptions"=>1,
        "features" => SOAP_SINGLE_ELEMENT_ARRAYS,

        "stream_context"=>stream_context_create(array(
            "ssl"=>array(
                'ciphers' => 'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA',
                'verify_peer' => false,
                'verify_peer_name' => false, 
                "ca_file"=>$localCert,
                'allow_self_signed' => false //can fiddle with this one.
            )
            )
        )

    ); 

Open in new window

0
Does anybody know of any good links that give step by step guidance on setting up a new client VPN in NPS ? We have purchased a new SSL wildcard cert along with a domain name for VPN clients to connect to but we are unsure of the next steps to get this deployed to users.
0
Hello experts,

Good day to you all. I would like to have an experts opinion or knowledge-base article on how to enable ssl using self-signed certificated in windows server (iis).?

Currently, we have an active directory (****.local) domain with a child server (hrms.****.local).
In this child server Windows IIS is enabled and currently working with http binding only on port 8080 (tcp).
Now we want to implement https binding and restrict http access.
Kindly help me through this with your valuable advice.

note - It is an ASP .net application for our company internal usage.

Thanks & Regards,

Mohamed Marzook
0
I get the WCF error "{"The remote server returned an error: (403) Forbidden."} The HTTP request was forbidden with client authentication scheme 'Anonymous'." when using basicHttpBinding with Transport security and certificate credential. My service is in amazon ec2 instance and my client app remotely connect to it over the internet. I am able to connect to the wcf service if I my Transport credential is set to "None" in both the web.config of the service and app.config of the client. My service certificate is like "www.example.com" is installed on amazon ec2 "local machine store" and "Personal Folder". My client app certificate is just a self-signed certificate which I installed to its "local machine and Personal Folder" and also to the "Trusted People store" in the amazon ec2 instance where my wcf service is. I have also setup "https" to my IIS site bindings and I can reach the site through like "https://www.example.com"

Below is the web.config, app.config, and the code I have on the client app.

Service Web.config:

    <?xml version="1.0"?>
    <configuration>
   
      <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
      </system.web>
      <system.serviceModel>
       
       <bindings>
          <basicHttpBinding>
            <binding name="basicHttpBinding_Config" >
              <security mode="Transport">
                <transport clientCredentialType="Certificate"/>
              …
0
How do I redirect mail.domain.com (without https and without /owa) to https://mail.domain.com/owa ?

Having either one will redirect.
Eg
https://mail.domain.com redirects to https://mail.domain.com/owa
and
mail.domain.com/owa also redirects to https://mail.domain.com/owa

mail.domain.com goes to "403 - Forbidden: Access is denied."

In IIS, I have HTTP redirect set to https://mail.domain.com/owa
0
I need SSL for my website and I don't know from who I should buy it or how to add it to my Windows 2016 Webserver.
I have one main domain and several subdomains.
0
I am trying to use an SSL certificate on a Wordpress Multi-site.

I just installed and SSL certificate for my primary domain, https://simplifychurch.com.  I had assumed (albeit probably incorrectly) that the certificate would cover the network of sites since they all are on the same host, etc.  

I checked my site at http://learn.simplifychurch.com and it gives the not secure error warning.

I'm a bit over my head now in testing what needs to go where, I used a WP Plugin to work on forcing the SSL to the site, and have set it up on each site however the Learn.simplifychurch.com domain is still not working correctly.

Just need some guidance and advice on how to adjust.  I guess I could get a wildcard cert if necessary as there is no way on my host to install an individual certificate to each network site.
0
Starting with Angular 5
LVL 12
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Is there a way to bypass the SSL certificate error. We have a development environment where we want to bypass the SSL certificate error rather than installing the same. Something like, installing the cert as accepted. Not sure how. Can someone tell me the step by step procedure if this is achievable.

Thanks in advance.
0
We're trying to set up ActiveSync for one of our customers running Exchange 2010, and it's failing the Remote Connectivity Analyzer diagnostic for "Exchange ActiveSync" at the certificate trust validation step:

"There's a missing intermediate certificate in the certificate chain. Subject = CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB. For more information, see Knowledge Base Article 927465. "

I've consulted the KB article it cites, which advises me to make sure all of the intermediate certificates are installed, and verify that nothing is expired.  I went to our cert vendor, obtained the intermediate certs, and reinstalled them.  Verified nothing was expired, and restarted IIS.  Diag still failed.  Rebooted the server to be safe, diag still fails.

Went to another customer that has working ActiveSync and an identical setup.  Verified that the "Exchange Activesync" MS RCA diag passes successfully for them.  Used the Certificates MMC snapin to verify that both their server and the problem customer's server possess the exact same intermediate and root certs.  I looked at "Trusted Root Certification Authorities"\"Certificates", "Intermediate Certification Authorities"\"Certificates", and "Third-Party Root Certification Authorities"\"Certificates, and everything is the same.  I opened and checked the certification path for each certificate in the problem customer's environment, and no errors were noted.  Reverified that …
0
Hi all,

Im working in a company and when we enter in the domain with admin profile, i can select the certificates, but when other users use this pc with their domain, username, certificates need to be selected from the begging. Does it exist any way of entering as admin in that pc and selecting ssl in internet explorer by default as we want them to be for all users?

Thank you,
0
Hi all,

I would like to ask if it is possible to add or better select internet explorer certificates, ssl, once and for all users that will use that pc without having to enter to their pc accounts in order to do for each them?

Thank you a lot for your help!
0
Has been almost a year that I switch to Auth0 in order to manage my customer's access to the dashboard of my application. Nowadays I need to implement access for a RESTFULL API.

If I follow the instructions in order to secure the NodeJS app using JWT it works like a charm. The issue is that I am not properly sure on the implementation for the end user in order to get the token needed for access this API.

I thought of creating the tokens on the dashboard or just use a server side implementation for the login/authentication. I did the last using the access to my own database before and worker amazingly. My issue is that I am not completely sure on how to do it for the end user using Auth0.

Would be great if you can guide me in order to implement the login/authentication side of the API using auth0 and nodejs.
0
set up plesk with ssl but won't automatically  display https:
0
Website not accessible. I have a website hosted on Godaddy.com and working, but the site is not accessible from Internally. nslookup find ip of the server and resolved the name and I am able to ping the server. No problem externally. I checked DNS and seems working.  Refreshed the DNS server and clear the cache on DNS. local domain is domain.local and the website is domain.com. DNS forwarder set to ISP and resolved it correctly.  Any idea?
0
NEED HELP!  We have an email address of bshoward@contoso.com but all our emails resolve to contosoexc.us.  Thus we are trying to get autodiscover to work and have SSL certificate for all of contosoexc.us.  How do I set this up to work... trying to implement MS Dynamics CRM and it will not sync.  We have tried all the help options and also contacted a local exchange expert and no solution.  What do I need to do to get this working?  The impersonation is working for the account we setup, but this is a DNS or certificate error. Not sure...
0
hello,
I have pfsense it's work as firewall and ids,ips with snort,
is there any way to check the url that the clients are visited ? I want the https links.
thanks.
0
Become a CompTIA Certified Healthcare IT Tech
LVL 12
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Dear Sir,

My company have a weblogic 11g installed on Windows Server 2008 R2. The SSL certificate on the web application will be expired on October. I have the renewed SSL certificate on hands. I don't know how to import the SSL certificate into the JKS keystore and apply it on the web application. PLEASE HELP>

Thank you.

With regards,
Wataw
0
I had this question after viewing Locating ClientCertificate to use in WinHTTP.

Similar question, when using the SetClientCertificate property on a WinHttpRequest, I receive a "Certifcate is required to complete client authentication". The certificate has been created successfully, and appears in the Certifcate Store under Console Root -> Certificates (Local Machine) -> Personal -> Certificates.

The Issued to is ABC Certificate, the Friendly name is ABC

The parameters I am using are as follows:

myMSXML.SetClientCertificate "LOCAL_MACHINE\\Personal\\ABC"

I've tried ABC Certificate etc... tried putting the certificate in different stores, tried a number of other things, but still getting same message returned.

How did you go with your problem referencing a certificate in the Cert Store?
0
Dear Experts, I'm testing the Sharepoint 2016 on-premises, I tried to share the document like these screenshots but the user who was shared COULD NOT receive any notification email of this sharing. I was loggin as Sharepoint Admin and it has functional mailboxa account. How can  we fix it?

sp1.png
sp2.PNG
I also CANNOT share it with external user???

sp4.PNG
One more thing, I'd like to redirect the http: site to https: site in Sharepoint but I could not configure it. I tried 2 methods but they both did not work!

1. Add both http and https links in default zone of mapping site

2. Add redirect http in IIS management


 sp3.PNG
0
Windows Server 2008R2 Standard running Exchange 2010.

Error message "certificate authority is invalid or incorrect". This has happened a few times now. This particular message came up when running a downloaded file from Ninite.

Can access the site no problem, and then download the installer. When we run the installer we get the above message.

Our monitoring software has also stopped communicating with the server. When we look at the logs we can see:
error code 0x00002f8f - ERROR_WINHTTP_SECURE_FAILURE 12175

We have updated Windows, and checked the certificate which looks OK.

We recently installed a wildcard certificate, which is showing in IIS with the correct expiration date. Date and Time on the server is also correct.

Any ideas what I can look at as so far what I have checked appears to match up to the other servers the client has onsite.
0
qpopper 4.1.0 fails to build on this Debian stretch system.  There is a problem associated with openSSL; qpopper builds correctly without openSSL.

root:/usr/src/qpopper/qpopper> ./configure --enable-specialauth --enable-shy --disable-log-login --with-openssl

(configuration proceeds and succeeds)

make clean
make

(numerous modules compile, and then ...)

gcc -c -I.. -I.. -I. \
        -I../mmangle -I../common -I/usr/local/ssl/include \
        -g -O2 -DHAVE_CONFIG_H  -DLINUX -DUNIX pop_tls_openssl.c -o pop_tls_openssl.o
pop_tls_openssl.c: In function âopenssl_initâ:
pop_tls_openssl.c:319:33: warning: assignment discards âconstâ qualifier from pointer target type [-Wdiscarded-qualifiers]
             pTLS->m_OpenSSLmeth = SSLv23_server_method();
                                 ^
pop_tls_openssl.c:324:35: warning: implicit declaration of function âSSLv2_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:324:33: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                 ^
pop_tls_openssl.c:329:35: warning: implicit declaration of function âSSLv3_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv3_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:329:33: 

Open in new window

0
Hello,
I would like to convert HTTP streaming HLS  to UDP or RTP, I  have tried VLC  and it works only in windows 10, does anyone  have any other software example that is validated  and is working properly?

Thanks
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.