SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to create a white paper based on actual usage in the field for monitoring traffic.  In particular, monitoring encrypted traffic.  Our data center is receiveing netflow and IPFIX data from a few dozen client enterprises that we are serving.  The netflow/IFIX data that is being sent to us real-time but we do not have control over where our clients are sourcing.  It is up to them.   In other words, the "tap' they use is most likely outside their firewall, and probably outside their boundary router, but may not always be.  So in the case of encrypted traffic, obviously we are not reading their payload, but we need to be able to detect whether specific traffic is encrypted.  For both cases, for SSL traffic and for IPSEC VPN traffic, we need to identify as much as we can for our clients sake, without deciphering the payload.

Can you point me to explanations and scenarios (preferably real case scenarios) where this is done, and how the security techs, who are monitoring this in our data center, are handling this?  Especially, as is most like the cases, if the data we are receiving is from the encrypted data flow.
0
I have recently installed an Offline Root CA with Issuing SubCA.  I want to test them but don't know how.  When I encrypt a file it is not showing up in issued certs area of the CertSrv Utility.  It did show up before I added it to the Certificate to the GPO to push out across my lab.  Shouldn't it still show up in issued certs tho??
0
I am standardizing my SSL certs throughout the enterprise with a wildcard cert for the OOBM stuff - both iLO and iDRAC, etc. I am running into a problem with getting the cert uploaded to my HP Onboard Administrator (firmware 4.80) and have not had any luck in determining if I am able to upload my own private key somehow to this thing. Are there any experts out there that are able to tell me if HP has moved their SSL solution into the modern era so that this can be done via SSH? The web interface certainly won't allow it.

Thanks
0
How we can get ssl for local link and get rid of error "Your connection is not private".
0
I have a few users who connect to a third party citrix server via a corporate network. They go to the externally hosted citrix webinterface, login and click on the application, which then downloads the ica file. The citrix receiver then opens the ica file to launch the connection into the externally hosted citrix app. The ica makes the connection via a proxy server on port 8080. The connection is fine, however the issue is they get random disconnects, which only occurs when a connection is made via the proxy server.

As a work around I set the citrix receiver to bypass the proxy which tries to open a connection directly on port 443, but fails with a SSL error. I have read that this is caused by a firewall setting
"SSL inspection"

However when I am on a external network the connection is made directly to the citrix server on port 443 and there are no disconnects.

Is there anyway to stop these disconnects when a session is opened via a proxy server? Alternatively can you set your firewall to just have citrix bypass SSL Inspection and connect directly to the externally hosted server?
0
Hi Experts, need to secure connection to a RDS server from users accessing it via RDP. I was thinking of going the SSL route. This is a one server 2019 RDS environment with all roles on it - RD Gateway, Host session etc. What I needed to know is which role will require the SSL cert? Do I need to generate CSR from IIS? Users will be accessing the server via domain name - remote.domain.com and then click on RDP to access. There is no chance of having VPN since all users are remote and client does not want to setup a VPN solution

Local domain matches external domain - abc.com
DFL and FFL - 2019

Thanks in advance
0
I am trying to deploy a RDS Farm and am pretty new to the setup process.  My goal is to have three remote session hosts, and a connection broker. I have been following the instructions I found in this article.

https://thewolfblog.com/2014/02/08/deploying-a-2012-2012r2-remote-desktop-services-farm/  (I have only gotten as far as deploying the server farm)


but I am getting pretty stumped when I am needing to access the web enrollment portal to request a wild-card cert. I am following steps in the following article.

https://www.petenetlive.com/KB/Article/0001128


My current issue in this article is when I go to https://server.domain.local/certsrv it does not open the enrollment page but instead gives me an HTTP error 404.0 - Not Found. If i navigate to the https:// address then it says the site cannot be reached.

---------------------
The CA is currently and enterprise root CA installed on the domains DC.. On the DC the following roles are installed:

CA
CE web service
CA web enrollment

Also, every machine in my environment is a member of the same domain.

---------------------

I know I am missing some things here and any help would be appreciated and I can try my best to any question you have.
0
Dear All - I am trying to find someone who can explain how to install an SSL certificate on Grandstream UCM6208
0
Hello Experts,

This is the first time I've attempted to do a HTTP post using Multipart/Form-Data Encoding in VBA.  I'm having some trouble figuring out where everything should go in formatting the request.  I'm going to post the instructions and what I have so far.  The file being posted is base64 encoded, which isn't an issue.  I just don't know how to literally string all this together into a properly formatted request.  As you'll see, I didn't attempt adding most of it.

The Instructions:

1. Post a multipart/form-data encoded message (see below for details) to the following URL: https://www.anysite.com/anyFeed/anyFileUpload.asp

2. The header of the http message must contain the login credentials. This is done with an http header formatted as follows. The username and password portion of this line, including the colon in between the username and password, must be base64 encoded.

Authorization: Basic username:password

The username and password portion of this line, including the colon in between the username and password, must be base64 encoded. For example:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

3. The body of the http message must contain an embedded file in the required multipart encoded format (see below for details).

4. For automatic submission, post the embedded file over HTTPS using multipart/form -data (MIME) encoding.  Below is an example of the HTTPS message to be submitted.

5. Each line of the message is terminated …
0
How do I convert a .crt file to pkcs12
0
We have a website that is hosted on a dedicated windows server. The domain has a SSL certificate associated with it.

The website is a rental website and we have some clients who have created sub domains like shop.xyz.com. This domain is pointed to our IP address in their DNS. Our firewall also has an entry for these domains. This way these clients can have their customers access our website using their branding and url. So for example we have a page:
www.ourdomain.com/store.asp?storeid=1

The same page can be accessed via shop.xyz.com/store.asp?storeid=1 where storeid represents each unique client or store. The page would be displayed using store markings like logo and custom css.

Similarly some clients have pointed their domain to our IPs in which case the above example becomes www.customer2.com/store.asp?storeid=2, 2 being the store id for customer2 and www.customer2.com being the domain owned by customer2.

We now have to put SSL for these sub domains /domains which is creating a problem. The limitations are:
1. We cannot create sites for these sub domains as the site www.ourdomain.com uses some objects that can only be initialized once. So multiple copies of the website cannot work.
2. Since we cannot create these sites in IIS, the sites are virtual sites with mapping done in firewall.

Looking forward to your approach and solutions.

Question is how can we install SSL certificates for these sub domains.
0
HI, I was changing a ketstore for my app. I had changed the cacerts under jre/security , and in my server.xml, I also provide the same jks file path, but when I run the app,  I got an error below:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Any inputs will appreciated
0
Hi,

We created a new website and replaced old website with this one.

The URL is the same as we were using and with same hosting provider.

We manage our website through cPanel in WHM.

When searching our website, it comes up as "Not Secure".

Our website used to be listed as secure.

Our provider mentioned that we used AutoSSL for licensing.

I am not to knowledgeable on how to use AutoSSL to get certification as it was setup a few years ago.

We would like to set our site to load in HTTPS using AutoSSL.

How would this be done?

Thanks,
Robbie
0
I have a certificate problem sending to a server:

Thu Nov 21 16:17:05 GMT 2019: ERROR: com.eds.bes.adapters.WSGenericOutSOAPPost: 00065431641536 : Unable to send/write message to the outputstream of the trading partner: sun.security.validator.ValidatorException: No trusted certificate found
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

First of all I try to refresh the certificate chain in the keystore, but that gives me this:
ms.VMD21:/tmp/lks21> openssl s_client -showcerts -connect xxx:443
CONNECTED(00000003)
write:errno=232
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 230 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

What can I try to see where the issue lies?
What does write:errno=232 mean?

Regards,
Tim
0
hello,
i've installed erpnext on centos 7, and need to apply my wildcard certificate on it, how can i acheive that?
thanks
0
OS: Windows 10
Application: Internet Explorer 11
Issue: Need to write a script (PowerShell preferred)  that un-checks the IE11 TLS 1.0 and TLS 1.1 check boxes. I am able to only configure TLS 1.2 via IE11 GPO. However, IE11 interface is showing both of these boxes checked. This will end up confusing our users.
0
I have a network environment which is on-board a vessel, so constantly moving in and out of range of the internet. Our on-board server hosts an application database which is accessible using web browsers on our laptops.

The problem is, whenever we move out of range of the internet, the SSL webpages take forever to load (I'm talking almost 3-5min), and these are just connecting internally to the server. All other network dependent services run perfectly, its just the internal SSL Websites.

Our SSL certificates were provided by GoDaddy and I remember reading somewhere that most web browsers by default verify these certs with the CA. I wonder if this could be happening and because there is no internet, it just causes a delay. Could someone shed some light on this
0
hi all,

i have some issues...
Seeking for experts help.
I manage to setup web and app server but stuck at reverse proxy configuration.
OS is redhat linux 7.7 somereason mod_jk is not available to install and configure for tomcar app server.
So i am opting for reverse proxy configuration.

User will access the URL..https site, https://sasitsgp.com:3486
Gateway will NAT the Public IP and Port number to private IP (sasitsgp.com) and Port Number 8011.

When i try the url from outside to webserver, it was loading https but the page background color and content allignment is not correct.
After entering username and password, clicking sign but not proceeding/ logging.
Also noticed js css etc being blocked..

Can help me/ advise me what went wrong or to be modified...
Frontend server is httpd (https) and backend is tomcat (http).

Error and configuration below.

Mixed Content: The page at 'https://sasitsgp.com:6542/' was loaded over HTTPS, but requested an insecure image 'http://sasitsgp.com:6542/html/themes/classic/images/spacer.png'. This content should also be served over HTTPS.
(index):1
Mixed Content: The page at 'https://sasitsgp.com:6542/' was loaded over HTTPS, but requested an insecure image 'http://sasitsgp.com:6542/html/themes/classic/images/common/openid.gif'. This content should also be served over HTTPS.
Mixed Content: The page at 'https://sasitsgp.com:6542/' was loaded over HTTPS, but requested an insecure script …
0
Hi Experts, how to fix my SSL Certificate that I'd found no "Private Key" after installing it in Certificate Snap-in or MMC.

I bought a SSL Certificate from Godaddy.com and install it in MMC and to IIS. However, I found out that there's no Private Key in that SSL Certificate causing my server computer not able to run. Is there anyone who can give solution?
0
Hi,

I have a Apache webserver on centos7

Its perfectly running on http port 80

Below is the configuration

httpd.conf
Listen 80
User tomcat
Group apache



configured vhost.cong in  /etc/httpd/conf.d/
NameVirtualHost *:80

<VirtualHost *:80>

    ServerAdmin abc@def.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/htmlexample.com/
    ErrorLog /var/log/httpd/example.com/error.log
    CustomLog /var/log/httpd/example.com/access.log combined





I have generated csr file and purchased ssl certificate from godaddy.

got crt,pem and bundle crt file.
 kept all 3 files in /var/www/html/ssl and used chmod 770 for all 3 files.


modifued below in /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>

DocumentRoot "/var/www/html/example.com/"
ServerName www.example.com:443
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /var/www/html/ssl/example.crt
SSLCertificateKeyFile /var/www/html/ssl/example.com.key
SSLCACertificateFile /var/www/html/ssl/gd_bundle-g2-g1

getting error while restarting systemctl restart httpd

[root@xxx conf.d]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@xxx conf.d]# journalctl -xe
--
-- Unit httpd.service has finished shutting down.
Oct 12 23:23:36 xxx systemd[1]: …
0
We are working to get a set number of our servers hosted/managed by a third party vendor.  The servers will sit on their private cloud and our users will connect to the application via a URL.  We will be connected to the managed servers  via IP sec tunnel so the application URL will be considered in our domain.  The vendor is needing an SSL wildcard cert for the multiple URLs needed for this implementation.  My question is whether I can issue that cert out with our Internal CA or do I need to do through an external cert authority.  I'm a little new to certs and what all can be done with our internal CA so trying to get some direction here.  If I can issue one out to our vendor for this purpose, do I need info from their end to generate the cert request?
0
We are working on a e-commerce portal that is built on Dot Net.

For faster response and scalability, we have implemented an ARR based Reverse Proxy and Disk Caching. The site is deployed on Windows server 2012 R2 standard & IIS version 8.5.96000. Origin & ARR Reverse Proxy, are on the same server as of now.

This works fine most of the time, except there are intermittent issues which we are unable to solve.

Again, on a staging site everything works well. But on production site with live traffic we are getting these issues:

net::ERR_CONNECTION_RESET 200 error. This gives me a blank page! This is again more frequent, but it doesn't come always. It comes when we are performing searches. Check the image here: https://i.stack.imgur.com/4m1kg.png

Moreover, for both of above error, if I just do a refresh, then it works fine!
0
We are working on a e-commerce portal that is built on Dot Net.

For faster response and scalability, we have implemented an ARR based Reverse Proxy and Disk Caching. The site is deployed on Windows server 2012 R2 standard & IIS version 8.5.96000. Origin & ARR Reverse Proxy, are on the same server as of now.

This works fine most of the time, except there are intermittent issues which we are unable to solve.

Again, on a staging site everything works well. But on production site with live traffic we are getting an issue of

PR_CONNECT_RESET_ERROR when accessing website.

Check the image here: https://i.stack.imgur.com/7zpVR.png.

This we're unable to find exact step, but we still get this error rarely while browsing. And our visitors are facing the same, as we found our traffic has impacted due to this.
0
I have a two tier Microsoft CA an offline root and online subordinate CA.  I have been having some issues since I installed it where some systems dont trust the subordinate and I will have to install the sub CA cert in trusted roots for the issued cert to be trusted.  I am also having issues with issued certificates showing up on iphones as not verified even know both the root and subordinate CA certs are installed on the iphone and the certificate trust settings for the root CA are enabled for full trust.  Any ideas?
0
Hi Everyone. Can an SSL certificate be assigned to port 4443 instead of port 443 for RDP?
Can port 443 be shared between two different domain certificates for RDP remote.domain.com.au & remote.domain2.com.au?
Is there a way of securing RDP if none of these options are feasible?

Thank you in advance.
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.