SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts
We have hosted application on-premises which is behind the firewall.  the application runs on Ubuntu 16.4 server OS and with the components of apache2, mysql5.7, php7.x. This application has to be accessed from the external network( though the internet) which is located in other county from their office where the users will be behind the firewall.  we have to allow the access to them hence I have asked to share their gateway ip so that I can enable access only to this IP.  our hosted application by itself has authentication however we would like to add one more layer of authentication but the remote users will not accept any client software installing on to their local systems like vpn client or OTP SMS, or pass code call back.  They only prefer web based access to the hosted application and they are okay if we send the second level security pass-code to their official email so that finally we can achieve 2 level of authentication which is in additional to allowing their IP only to connect to our network.  Following were my recommendations
1.      Over internet (leased line circuit) Site to Site VPN between their firewall to our firewall so that end users will not have any additional efforts or vpn client not needed, this they denied as their IT policy does not permit to configure their side firewall
2.      Suggested MPLS VPN between their work location to our network but this also been rejected.
Now I am thinking of some solution like placing the Cisco ASA SSL VPN…
0
Upgrade your Question Security!
LVL 12
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

I have a curl error 77
Update Failed: Download failed. cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none

Open in new window

whenever I try to update my plugins in wordpress.

The site is www.thefrugallife.com

I have an Apache 2.4 instance running Linux 2 from Amazon.

I have recently moved the site and switched it to https.  My site certificate is showing it gets a B on SSL Labs using ipv4.

I can't update anything on the site till this error goes away.  Please let me know how to get rid of that error.

Thanks,
0
I recently added a UCC certificate to a newly installed exchange 2010 server. I still get a name mismatch for local exchange outlook connections who are inside the LAN.

my Certificate is a for mail.xxxxx.com  the name mismatch is for the local connection   mail02.xxxx.local..

Sorry certificates are not my thing, any help would be appreciated
0
Dear Experts

When we enable encryption in windows 10 systems it encrypts when we store documents, what exactly happens here as we take the stored files from the encrypted  and transfer it via email or copy to USB or share it in network drive all those other side people who have access can open and read or modify based on permissions does it mean it is not file level encryption I mean whoever know the system password files are accessible if someone wants to crack the harddisk then the file formats stored is not as per the document extension like .docs, or .exls please help me to understand this.

2. what does it mean server side encryption like next cloud deployment says we can enable server side encryption how is it different from ssl enablement that is user accessing through https,
please help me understand above two , thank you very much in advance.
0
We have two IIS servers, sharing the same public ip, one receives all (443) requests and the other all (80) requests (port).

We have a website on Server(80) that needs to have SSL and cannot be moved to the (443) server.
I managed to use Url Rewrite on (443) server so if a clientes uses the https:// it will display the correct webpage using SSL, as I understand, it will pass through Server(443) and using a reverse proxy to reach Server(80).


I want to be able that if someone dosen´t add "https" to theURL, it will automatically change to https to secure the connection:
My problem is that I cannot make it work (using URL Rewrite) on Server(80), that if someone uses http:// (it will read from Server(80), force them to use SSL(443) using Rewrite…
Is this possible? can someone help me?
0
I need to disable the POODLE vulnerability.  I have Centos 7.5 and
OpenSSL 1.0.2k-fips  26 Jan 2017

Open in new window

and I have ran yum update openssl and nothing qualifies.  I added the line
SSLProtocol All -SSLv2 -SSLv3

Open in new window

in
/etc/httpd/conf.d/ssl.conf

Open in new window

- I then restarted httpd.

Yet when I run my cert against https://www.ssllabs.com free ssl checker I still show a POODLE vulnerability.

Please tell me how to get rid of this vulnerability.

Thanks,
0
Can anyone please help?I have wasted almost a day on this,...Codebase I am working on has been analyzed by Checkmarks(i.e Its a tool which scan code for any security  issues), and it came back with a report containing a "Stored XSS" issue. The issue states:

Method retrieveDataTagsNames at line 47 of Correspondence
Template/sf/claims/api/correspondence/template/data/DataTagsNamesDao.java gets data from the database,
for the query element. This element’s value then flows through the code without being properly filtered or
encoded and is eventually displayed to the user in method retrieveDataTagsNamesDetails at line 52 of
Correspondence Template/sf/claims/api/correspondence/template/service/DataTagsNamesRestController.java.
This may enable a Stored Cross-Site-Scripting attack.

Code  for DataTagsNamesDao.java:-

public class DataTagsNamesDao {
    private static final Logger LOGGER = LoggerFactory.getLogger(DataTagsNamesDao.class);

    @Autowired
    private NamedParameterJdbcTemplate jdbcTemplate;

    @Autowired
    private Sql retrieveDataTagsNames;

    /**
     * This method retrieves data tags names and values  from a DB2
     * sequence object.
     * 
     * @return String (data tags names and values)
     */
    @Transactional(readOnly = true)
    public List<DataTagsNames> retrieveDataTagsNames(String templateId) {
	
	try {
	    return jdbcTemplate.query(retrieveDataTagsNames.getSql(),new MapSqlParameterSource().addValue("templateId", templateId) 

Open in new window

0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0
When i sent email from my domain to Gmail, it got security issue since last week. I already had SSL certificate and not expire yet.
How can i resolve this issue?
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

I am hosting a website (popswine.com) on a W2K server. There is a valid SSL but our customers are getting "site not secure" errors with the implementation of the new browser rules.

Is there a fix and/or a SSL that will run on a W2K server.

We are planning an update but I'm looking for a "band-aid" if one exists.
0
Hello,

My disc usage under cpanel runs full in minutes and the error log is always:

(PHP Warning:  feof() expects parameter 1 to be resource, boolean given in /home/qgzs8bjq/public_html/wp-content/wp-mbrxsmrs.php)

furthermore the bandwidth is always full as well.

I think it is the same problem like:

https://www.experts-exchange.com/questions/28477747/PHP-Warning-feof-fread-filling-error-logs-and-drive.html

but I don't know which code I have to place and were I have to place.

Could someone help me with that please?

Thanks a lot, Maurice
0
Dear EE,

We have web based application deployed on EASERVER 6.3.1.

Our application works both ways.
HTTP and HTTPS

as SSL certificate is configured on our server.

Now my technical team has following query.

WHEN EVER USER ENTER HTTP URL  for example :- http://www.abc.com it AUTOMATICALLY redirects to HTTPS.

How can we do this in this CASE.

Thanks
0
I am looking for some discussion and feedback on best practices for managing a firewall with HTTPS Inspection/URL and Application Filtering and dealing with a consistent issue with CDN's resources somehow not being successfully pulled down and resulting in a page not loading. This could be due to any of the blades of the firewall affecting the ability for it to load including the inspection, a particular CDN not already being white listed or an ASK for verification of use policy not showing because its being pulled down as a .js resource.

In a nutshell, i want to hear how other firewall admins are managing the constant need to allow CDN's resources to sites for user bases with no real streamline way to proactively plan for it or even sometimes resolve it in a reasonable about of time.

For example - I am experiencing an issue where a user can not access a certification site. The site is pulling down resources from Cloudflaressl, cloudfront and facebook. The domains addresses are very specific and i dont think bypassing https inspection, if thats the issue for these domains is a good call. What do you do short of turning the firewall off? : )

Thanks in advance.
0
Hi Everyone

These events are on my exchange server 2010 with windows server 2012 standard. How can i resolve this? The following KB has been installed already KB2975331. Thanking you in advance for your assistance

I have already gone through
https://answers.microsoft.com/en-us/windows/forum/windows_7-security/schannel-error-id-36874-and-36888/ae41effc-1b0a-4d55-be23-24835cd7a32e
https://blogs.technet.microsoft.com/silvana/2014/03/14/schannel-errors-on-scom-agent/
https://www.microsoft.com/en-us/download/details.aspx?id=44053
https://support.microsoft.com/en-us/help/2975331/august-2014-update-rollup-for-windows-rt-windows-8-and-windows-server

  I am getting  event id 36888 "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205."

event id 36874 "An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."

event id 36874"An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
0
I'm having an issue with any downloading documents from the internet. I have to download documents from various different websites multiple times a day and each time I try to open the download I get a message advising that the file contained a virus and had to be deleted. Is anyone else experiencing this? I have Windows 10 and I've tried fixing by performing updates. It looks like there is a Windows defender fix on the latest Microsoft updates but I've tried twice and my computer will not complete the update either.  Any idea what the issue is and how this can be fixed? This is really impacting my work flow. Any help would be appreciated!
0
Hello,
is there any way to redirect a user for a login page in main internet getaway and check if the user have a certificate on his pc then redirect him to the requested site ?
thanks.
0
Hi All,

We have a wireless network that is secured by SSL. However, we’re having many domain member laptops unable to connect to the wireless network due to an unknown SSL certificate that is appearing on all domain machines, including domain servers.

The certificate presents itself published to an alpha numeric-ID, by another alpha numeric ID.  There is no additional information that indicates the certificates purpose or origin.

I have uploaded a screenshot of the local computer personal cert. store.

Rogue_Certificate.png
We have checked Group Policy and confirmed that the certificate is not being deployed using policy. Instead, it appears to be installed automatically on all domain member computers and servers.

If the certificate is removed, it appears again after the computer/server is restarted.



We believe it might be related to ADFS or Azure ADsync although we haven’t been able to locate those roles on any servers. We’ve seen a similar certificate on other client sites that use those services.

Does any one know a way in which we might be able to remove this certificate from being published / installed on the domain computer members?
0
I'm trying to configure Pound Reverse Proxy with a HTTPS connection to a Webserver in the backend. Unfortunately it does not work. If I use unencrypted HTTP, it works. Syslog says:
Jun  8 11:11:39 transfer pound: BIO_do_handshake with XXX.XXX.XXX.XXX:443 failed: error:00000000:lib(0):func(0):reason(0)
openssl s_client -connect example.com:443 says "CONNECTION OK".

The used config part of Pound:

 ListenHTTPS
        HeadRemove "X-Forwarded-Proto"
        AddHeader "X-Forwarded-Proto: https"
        Address YYY.YYY.YYY.YYY
        Port    443
        Cert    "/etc/ssl/pound/server.pem"

        ## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
        xHTTP           1

        Service
                BackEnd
                        Address XXX.XXX.XXX.XXX
                        Port    443
                        HTTPS
                End
        End

I've been surfing the net for several hours with no solution, so I thought "maybe experts exchange can help"?


****** edit #1 a few hours later ******

I sniffed the traffic between the reverse proxy and the https-backend-server. I added a screen capture. It seems that the web server just does not answer, then pound runs into a timeout and closes the connection, but I'm not an expert. I've tried to put pound in front of several web servers, with the same effect. I assume that they dislike something in the "handshake-request-packet", but I have no clue what, because I get no …
0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

I'm trying to download Magento v.1 when i reached to download phase this error appeared to me about the SSL certificate.

CONNECT ERROR: SSL certificate problem: unable to get local issuer certificate
How can i fix this ??
0
I have a user that visited our site from a Samsung Phone browser.  I have also verified using a browser test the same experience where our site comes back as unsafe even though we have a valid SSL cert that works on every other browser tested.

the site is http://faithfamilyshiloh.org

can you give me some direction on how to find any necessary chain certificates I might add to fix the experience from Samsung phones?
0
Hi all,
PKI Certificate issue. 2-tier PKI. I need to add O and OU info to Sub CA certificate (because of Firefox). For sure I can create custom request to to put O, OU, DNS and other info but I need to renew CA certificate. But how can I add that info? certutil perhaps?
0
Hello - I have SharePoint 2016 installed and have setup all. I am able to access our site from my APPSERVER1 via port 80. I have recently obtained a SSL cert and followed the instructions on assigning and binding to my APPSEVER1 SP Site.

Site Bindings settings
Authentication settings
Application Pool Settings
SSL Settings
I have imported cert successfully into SharePoint Trust Relationship and I have also configured Alternate Access Mappings.

AAM: Internal URL http://APPSERVER1                          Zone: Default                        Public URL for Zone: http://APPSERVER1

I added this...https://sharepoint.server.org                  Zone: Intranet                      Public URL for Zone: https://sharepoint.server.org 

Now the Web Application set is setup for URL: APPSERVER1 on Port 80 so not sure if this is my issue.

I can access the website https://sharepoint.server.org, however I have to put in my credentials for every piece of webpart to come up. If I navigate to another sub-site I have to enter my credentials all over. Another thing is I get a Pad lock on URL, however it states that parts of the web content is not secure upon me putting in my credentials.

I appreciate your help.
0
Hi Experts,

I am looking for a two-way authentication procedure in the attempt to protect one of our public facing website.

I would like to implement some type of two way authentication to add an additional layer of protect.


I am thing of the end users getting an email notification or some type of verification method.

Any thought or recommendations?

Thank you
0
Please provide me steps to configure ssl in obiee 12c with restart sequences and any change in any file to be made. I implemented using self signed certificate by keytool. Stored those keystores at some path and mentioned those details at adminserver and biserver using console keystores and ssl tabs.i also modified nodemanager.properties as described in google.i shutdown and started biserver.but I had to force shut down adminserver.after that I could not bring up weblogic and hence obiee server.
Any help would be appreciated.
Regards,Kapil Porwal
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.