SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

security scan finding: "SSL Medium Strength Cipher Suites Supported (42873)" error on 2012 R2 / Win10 seems to be port 3389/TCP.

I've seen a solution using https://www.nartac.com/Products/IISCrypto/ but I have a secure environment and I'm not sure about using this product.
I've enabled the GPO 'SSL Cipher Suite Order' setting in admin templates / network which doesn't seem to have anything below 112bits and I've removed DES and 3DES.
is there a another or manual fix for this?

thanks
0
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

we have a security certificate to cover our domain name, which we have added to our mail server.

however, we also have a website which is hosted by a third party, and it cannot be accessed using https://www.domainname.co.uk

can we use the same certificate that we use for our microsoft server to cover our website too, or do we need to purchase another one?

how do we add the certificate to our website?

if anyone can offer any guidance, we would be much obliged.

many thanks
0
hello,
I have pfsense it's work as firewall and ids,ips with snort,
is there any way to check the url that the clients are visited ? I want the https links.
thanks.
0
I need straightforward information on SSL Off-loading and Visibility.  Vendor documents and white papers lean too much to their product.  I have F5 10350v-f load balancers that have SSL and trying to decide between Local Traffic Manger (LTM) and SSL Orchestration which is more money.  My client is not sure what they want so I have to come up with something.  The 10350s sit in front of a DLP, with only two feeds coming to them so I don't think it should be complicated.  So the question with F5 10350 is which level of SSL decryption I should use.

On a separate program I am dealing with a Gigamon and Ixia packet brokers that will be routing to SSL decryption services as well.

Bottom line I just need objective definitions and comparisons when it come to SSL offloading vs ssl visibility vs ssl orchestration, etc. And in other SSL applications

Thanks
0
Dear Sir,

My company have a weblogic 11g installed on Windows Server 2008 R2. The SSL certificate on the web application will be expired on October. I have the renewed SSL certificate on hands. I don't know how to import the SSL certificate into the JKS keystore and apply it on the web application. PLEASE HELP>

Thank you.

With regards,
Wataw
0
Dear Experts, I'm testing the Sharepoint 2016 on-premises, I tried to share the document like these screenshots but the user who was shared COULD NOT receive any notification email of this sharing. I was loggin as Sharepoint Admin and it has functional mailboxa account. How can  we fix it?

sp1.png
sp2.PNG
I also CANNOT share it with external user???

sp4.PNG
One more thing, I'd like to redirect the http: site to https: site in Sharepoint but I could not configure it. I tried 2 methods but they both did not work!

1. Add both http and https links in default zone of mapping site

2. Add redirect http in IIS management


 sp3.PNG
0
Windows Server 2008R2 Standard running Exchange 2010.

Error message "certificate authority is invalid or incorrect". This has happened a few times now. This particular message came up when running a downloaded file from Ninite.

Can access the site no problem, and then download the installer. When we run the installer we get the above message.

Our monitoring software has also stopped communicating with the server. When we look at the logs we can see:
error code 0x00002f8f - ERROR_WINHTTP_SECURE_FAILURE 12175

We have updated Windows, and checked the certificate which looks OK.

We recently installed a wildcard certificate, which is showing in IIS with the correct expiration date. Date and Time on the server is also correct.

Any ideas what I can look at as so far what I have checked appears to match up to the other servers the client has onsite.
0
qpopper 4.1.0 fails to build on this Debian stretch system.  There is a problem associated with openSSL; qpopper builds correctly without openSSL.

root:/usr/src/qpopper/qpopper> ./configure --enable-specialauth --enable-shy --disable-log-login --with-openssl

(configuration proceeds and succeeds)

make clean
make

(numerous modules compile, and then ...)

gcc -c -I.. -I.. -I. \
        -I../mmangle -I../common -I/usr/local/ssl/include \
        -g -O2 -DHAVE_CONFIG_H  -DLINUX -DUNIX pop_tls_openssl.c -o pop_tls_openssl.o
pop_tls_openssl.c: In function âopenssl_initâ:
pop_tls_openssl.c:319:33: warning: assignment discards âconstâ qualifier from pointer target type [-Wdiscarded-qualifiers]
             pTLS->m_OpenSSLmeth = SSLv23_server_method();
                                 ^
pop_tls_openssl.c:324:35: warning: implicit declaration of function âSSLv2_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:324:33: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                 ^
pop_tls_openssl.c:329:35: warning: implicit declaration of function âSSLv3_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv3_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:329:33: 

Open in new window

0
Hello,
I would like to convert HTTP streaming HLS  to UDP or RTP, I  have tried VLC  and it works only in windows 10, does anyone  have any other software example that is validated  and is working properly?

Thanks
0
Hi Experts,

We have have this error in a Necus report on a 2016 virtual server:

"SSL Medium Strength Cipher Suites Supported"

I've gone here:

https://stackoverflow.com/questions/4886346/how-to-fix-ssl-medium-strength-cipher-suites-supported-in-iis-6-0

and to several other sites telling me to do almost the same thing.

The problem is, we do not have the path in any of these solutions in our registry.  There is no schannel or Security Providers.

Is that the issue?  :)

Please help, we have to resolve this error and get a clean report and I don't want to make any changes to the registry or add until I am sure that is what is needed for this.

Thank you,

Karen
0
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Hi Experts,

I have the following code which works fine for Win8 OS, while in Win7 it gives me an error, "cannot connect to the server".

Someone already helped me set this up in one Win7 pc, however now I need to move this over to another pc.

    Dim objHTTP As New WinHttp.WinHttpRequest



            Set objHTTP = New WinHttp.WinHttpRequest
 
            url = "https://MyAcct.caspio.com/oauth/token"
            objHTTP.Open "POST", url, False
            objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
        
            objHTTP.Send "grant_type=client_credentials&client_id=MyID&client_secret=MySecretID"
        
            ResponseText = Right(objHTTP.ResponseText, Len(objHTTP.ResponseText) - 17)
            access_token = Left(ResponseText, InStr(ResponseText, """") - 1)

Open in new window


PS. this only happens when trying to access secured accounts (Hipaa).

As far I remember we did applied those attached last time, but so far this didn't help.

Thanks in advance.
x64.reg
TLS-1.x-on-Windows-7.zip
0
Hello All,

We receive an instruction to upgrade to Dropbear SSH version, but I have no idea about this. Can you please me understand this please?

Regards
0
We have a Sonicwall Firewall NSA 2600 and it is configured to not allow access to sites with SSL certificate issues, such as self signed, expired, untrusted, and so forth/

Beginning Monday morning, any attempt to access a Microsoft website is being blocked. First SSL block that occurs is untrusted root CA. I have triple checked and then triple checked the triple check and the Sonicwall does have the Baltimore Cyber Trust Root CA certificate installed and the serial number matches but it keeps saying Untrusted Root CA.

To get past that temporarily I disabled checking for untrusted Root CA and now it is giving an SSL block saying Certificate Chain Not Complete. I was able to find the correct intermediate certificate "Microsoft IT TLS CA 5" and imported it into the firewall certificate store. The serial number matches and the issued by is correct. However, the problem continues.

Is anyone else having any problems with Microsoft secure websites or have an idea of what to look at? I am very knowledgeable about SSL certs and certificate chains and such but this has me stumped.

This is affecting all Microsoft websites including Live.com, Bing, MSN, TechNet and MSDN any site that requires a secure connection.
0
I have a net 2.0 compact framework client that pulls data via an asp.net web service (also 2.0) . This is working fine until we try to connect to the web service on an encrypted link
https: Now I'm getting a web exception in the client, it does work if I change it back to http:

Is there something I need to put in the local.config file to support https? Something with the certificate I need to change or something else
Thanks
0
Is the Instagram iOS app on my iPhone using an HTTPS SSL to encrypt all session activity from being viewed by my ISP? How do you know? Is there any evidence which proves all app activity on Instagram is encrypted or not encrypted?
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
I'm getting this error in windows server 2008 R2 STD, while connecting through RP

The Certificate is not from a trusted certifying authority


Steps i did

1. Generated a Cert from ibmca
using openssl https://knowledge.digicert.com/solution/SO27347.html

2. Imported the cert in the mmc > Local computer, under personal and remote connections

3. Still Im getting this error,while connecting the RDP

4. Imported the cert in the Trusted folders as weil

5. under RDP-Tcp connection  selected the default cert(auto generated), but im unable to see the cert, which was imported, even i cant see in the select list
but
under remote app manager, the digital signature setting is right and RDP port is 3389

6. I deleted the cert, which is default in the remote desktop in certificates which is being auto generated

again it generates automatically, with the certificate
0
Hello

I have problem with SSL Certificate. I would like to have domain with https (https://mydomain.com), but I don't know how to do it. I bought and download SSL Certificate (SHA-2, CSR,CA) from my hosting that I took my domain. I used Server Certificate Admin (certsrv.nsf) and i get dialog box "The certificate has been merged into your key ring. You are now ready to enable SSL on server...". I go to server document Ports->Internet Ports change to enable "Accept SSL site Certificate", but no results. Maybe the problem is with path to keyfile (My path on server "D:/Domino/Data/keyfile.kyr").
0
I believe my service reference is using Triple DES encryption to communicate with one of our vendor's web services. The server we initiate the call from cannot have the 3DES cipher enabled due to PCI constraints.
How can I set my service reference in C# to use RSA instead?
0
Exploring SharePoint 2016
LVL 12
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

I want to import a SSL certificate into my exchange server, I have two with the names "ungorokaIMMssl.p7b and unigorokassl.p7b". I was confused which one to use and tried the this one "unigorokassl.p7b" but it did not work.

I have to do it in exchange server and AD DS to access from OWA, POP3, SMTP etc...


Please assist me on how to go about achieving this.


Thanks alot
0
I recently updated to Apache Flex 4.16.1 AIR30 I can no longer do HTTP requests.

Error Message:
(mx.messaging.messages::ErrorMessage)#0
  body = ""
  clientId = "DirectHTTPChannel0"
  correlationId = "83285769-41EE-7618-7833-CD43BB74BE6B"
  destination = ""
  extendedData = (null)
  faultCode = "Server.Error.Request"
  faultDetail = "Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B" errorID=2032]. URL: http://192.168.200.74/Webessentials/webessentials/api/version"
  faultString = "HTTP request error"
  headers = (Object)#1
    DSStatusCode = 0
  messageId = "DF5A526F-6F62-6D11-F9BD-CD43BC442000"
  rootCause = (flash.events::IOErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = ""
      dataFormat = "text"
    errorID = 2032
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=192.168.200.74&https=N&id=83285769-41EE-7618-7833-CD43BB74BE6B"
    type = "ioError"
  timestamp = 0
  timeToLive = 0
0
Dear expert, we have a sharepoint site problem:

=================================================================================================
Date and time : 2018-07-24 12:00:42
Err message : ID4257: X.509 certificate 'CN=ADFS Signing - url.com validation failed by the token handler.
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=ADFS Signing - url.com is not in the trusted people store. The X.509 certificate CN=ADFS Signing - url.com chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

at System.IdentityModel.Selectors.X509CertificateValidator.PeerOrChainTrustValidator.Validate(X509Certificate2 certificate)
at System.IdentityModel.X509CertificateValidatorEx.Validate(X509Certificate2 certificate)
at System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token)
Program : ADFS-LoginTest
Version : 1.0.0.0

Anyone know what is means and how to fix this?
0
Having an Exchange 2016 issue. Apparently one of our techs accidently deleted the exchange default SSL and replaced it with a new one. We can no longer access the Exchange power shell or exchange admin via the web. Not sure what to do from here. Some of the events we are getting:

An error occurred while using SSL configuration for endpoint 0.0.0.0:444.  The error status code is contained within the returned data.

Cmdlet failed. Cmdlet Enable-ExchangeCertificate, parameters -Services "SMTP" -Identity "Server.JRLDC.local\BCCC5D2160204691A864EBEAD60678610D4F5BED".

Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
 
 Certificate name: Server.JRLDC.local


any one have any thoughts?
0
We have two IIS servers, sharing the same public ip, one receives all (443) requests and the other all (80) requests (port).

We have a website on Server(80) that needs to have SSL and cannot be moved to the (443) server.
I managed to use Url Rewrite on (443) server so if a clientes uses the https:// it will display the correct webpage using SSL, as I understand, it will pass through Server(443) and using a reverse proxy to reach Server(80).


I want to be able that if someone dosen´t add "https" to theURL, it will automatically change to https to secure the connection:
My problem is that I cannot make it work (using URL Rewrite) on Server(80), that if someone uses http:// (it will read from Server(80), force them to use SSL(443) using Rewrite…
Is this possible? can someone help me?
0
I installed AIX 7.1 there is no application installed ,i upgraded java 5 to 7 .
When i run Nessus scan i am getting sslv2 and sslv3 detection vulnerability .
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.