[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I get the WCF error "{"The remote server returned an error: (403) Forbidden."} The HTTP request was forbidden with client authentication scheme 'Anonymous'." when using basicHttpBinding with Transport security and certificate credential. My service is in amazon ec2 instance and my client app remotely connect to it over the internet. I am able to connect to the wcf service if I my Transport credential is set to "None" in both the web.config of the service and app.config of the client. My service certificate is like "www.example.com" is installed on amazon ec2 "local machine store" and "Personal Folder". My client app certificate is just a self-signed certificate which I installed to its "local machine and Personal Folder" and also to the "Trusted People store" in the amazon ec2 instance where my wcf service is. I have also setup "https" to my IIS site bindings and I can reach the site through like "https://www.example.com"

Below is the web.config, app.config, and the code I have on the client app.

Service Web.config:

    <?xml version="1.0"?>
    <configuration>
   
      <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
      </system.web>
      <system.serviceModel>
       
       <bindings>
          <basicHttpBinding>
            <binding name="basicHttpBinding_Config" >
              <security mode="Transport">
                <transport clientCredentialType="Certificate"/>
              …
0
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

How do I redirect mail.domain.com (without https and without /owa) to https://mail.domain.com/owa ?

Having either one will redirect.
Eg
https://mail.domain.com redirects to https://mail.domain.com/owa
and
mail.domain.com/owa also redirects to https://mail.domain.com/owa

mail.domain.com goes to "403 - Forbidden: Access is denied."

In IIS, I have HTTP redirect set to https://mail.domain.com/owa
0
I have a wordpress website on AWS EC2 Ubuntu Linux. I am not good in this department of coding but I get by. I just used created a Load Balancer and attached it to my EC2 instance. I am trying to force SSL (HTTPS) on anyone who visits my site. I have 90% of it correct.  if you visit:

https://www.Example.com
www.Example.com
http://www.Example.com (Redirects to https://www.Example.com)

it works perfectly with Secure. But if you go to
Example.com
http://Example.com

then it goes to a UNSECURE site. and stays on Example.com

In my ".htaccess" file at the very top I have the code below.  So what is the problem? I thank you for the help.


#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^Example.com [NC]
RewriteRule ^(.*)$ https://www.Example.com/$1 [L,R=301,NC]

# Begin force ssl
<IfModule mod_rewrite.c>
# RewriteEngine On
 RewriteCond %{SERVER_PORT} 443
 RewriteRule ^(.*)$ https://Example.com/$1 [R,L]
</IfModule>

Open in new window

0
I need SSL for my website and I don't know from who I should buy it or how to add it to my Windows 2016 Webserver.
I have one main domain and several subdomains.
0
I am trying to use an SSL certificate on a Wordpress Multi-site.

I just installed and SSL certificate for my primary domain, https://simplifychurch.com.  I had assumed (albeit probably incorrectly) that the certificate would cover the network of sites since they all are on the same host, etc.  

I checked my site at http://learn.simplifychurch.com and it gives the not secure error warning.

I'm a bit over my head now in testing what needs to go where, I used a WP Plugin to work on forcing the SSL to the site, and have set it up on each site however the Learn.simplifychurch.com domain is still not working correctly.

Just need some guidance and advice on how to adjust.  I guess I could get a wildcard cert if necessary as there is no way on my host to install an individual certificate to each network site.
0
Is there a way to bypass the SSL certificate error. We have a development environment where we want to bypass the SSL certificate error rather than installing the same. Something like, installing the cert as accepted. Not sure how. Can someone tell me the step by step procedure if this is achievable.

Thanks in advance.
0
We're trying to set up ActiveSync for one of our customers running Exchange 2010, and it's failing the Remote Connectivity Analyzer diagnostic for "Exchange ActiveSync" at the certificate trust validation step:

"There's a missing intermediate certificate in the certificate chain. Subject = CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB. For more information, see Knowledge Base Article 927465. "

I've consulted the KB article it cites, which advises me to make sure all of the intermediate certificates are installed, and verify that nothing is expired.  I went to our cert vendor, obtained the intermediate certs, and reinstalled them.  Verified nothing was expired, and restarted IIS.  Diag still failed.  Rebooted the server to be safe, diag still fails.

Went to another customer that has working ActiveSync and an identical setup.  Verified that the "Exchange Activesync" MS RCA diag passes successfully for them.  Used the Certificates MMC snapin to verify that both their server and the problem customer's server possess the exact same intermediate and root certs.  I looked at "Trusted Root Certification Authorities"\"Certificates", "Intermediate Certification Authorities"\"Certificates", and "Third-Party Root Certification Authorities"\"Certificates, and everything is the same.  I opened and checked the certification path for each certificate in the problem customer's environment, and no errors were noted.  Reverified that …
0
Hi all,

Im working in a company and when we enter in the domain with admin profile, i can select the certificates, but when other users use this pc with their domain, username, certificates need to be selected from the begging. Does it exist any way of entering as admin in that pc and selecting ssl in internet explorer by default as we want them to be for all users?

Thank you,
0
Hi all,

I would like to ask if it is possible to add or better select internet explorer certificates, ssl, once and for all users that will use that pc without having to enter to their pc accounts in order to do for each them?

Thank you a lot for your help!
0
Has been almost a year that I switch to Auth0 in order to manage my customer's access to the dashboard of my application. Nowadays I need to implement access for a RESTFULL API.

If I follow the instructions in order to secure the NodeJS app using JWT it works like a charm. The issue is that I am not properly sure on the implementation for the end user in order to get the token needed for access this API.

I thought of creating the tokens on the dashboard or just use a server side implementation for the login/authentication. I did the last using the access to my own database before and worker amazingly. My issue is that I am not completely sure on how to do it for the end user using Auth0.

Would be great if you can guide me in order to implement the login/authentication side of the API using auth0 and nodejs.
0
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Hi folks, how do I get IIS web server up & serving a page quickly. I just need it to serve up a 'restricted content' warning page for my domain users when they try to access YouTube which I have redirected to my internal IIS server using DNS. Unfortunately to do so seems to require a PhD in SSL certificates. Seems way too complicated for the benefits. Can I just disable HTTPS functionality on the IIS server or should I persevere to enable it - I'm guessing this requires the certificate from the IIS server to be installed on all domain machines via group policy?
Currently all machines are able to get through to the IIS server, but not without a 'your connection is not private' warning like the one here - https://goo.gl/images/7y8vB6
Thanks in advance.
0
set up plesk with ssl but won't automatically  display https:
0
Website not accessible. I have a website hosted on Godaddy.com and working, but the site is not accessible from Internally. nslookup find ip of the server and resolved the name and I am able to ping the server. No problem externally. I checked DNS and seems working.  Refreshed the DNS server and clear the cache on DNS. local domain is domain.local and the website is domain.com. DNS forwarder set to ISP and resolved it correctly.  Any idea?
0
NEED HELP!  We have an email address of bshoward@contoso.com but all our emails resolve to contosoexc.us.  Thus we are trying to get autodiscover to work and have SSL certificate for all of contosoexc.us.  How do I set this up to work... trying to implement MS Dynamics CRM and it will not sync.  We have tried all the help options and also contacted a local exchange expert and no solution.  What do I need to do to get this working?  The impersonation is working for the account we setup, but this is a DNS or certificate error. Not sure...
0
hello,
I have pfsense it's work as firewall and ids,ips with snort,
is there any way to check the url that the clients are visited ? I want the https links.
thanks.
0
Dear Sir,

My company have a weblogic 11g installed on Windows Server 2008 R2. The SSL certificate on the web application will be expired on October. I have the renewed SSL certificate on hands. I don't know how to import the SSL certificate into the JKS keystore and apply it on the web application. PLEASE HELP>

Thank you.

With regards,
Wataw
0
I had this question after viewing Locating ClientCertificate to use in WinHTTP.

Similar question, when using the SetClientCertificate property on a WinHttpRequest, I receive a "Certifcate is required to complete client authentication". The certificate has been created successfully, and appears in the Certifcate Store under Console Root -> Certificates (Local Machine) -> Personal -> Certificates.

The Issued to is ABC Certificate, the Friendly name is ABC

The parameters I am using are as follows:

myMSXML.SetClientCertificate "LOCAL_MACHINE\\Personal\\ABC"

I've tried ABC Certificate etc... tried putting the certificate in different stores, tried a number of other things, but still getting same message returned.

How did you go with your problem referencing a certificate in the Cert Store?
0
Dear Experts, I'm testing the Sharepoint 2016 on-premises, I tried to share the document like these screenshots but the user who was shared COULD NOT receive any notification email of this sharing. I was loggin as Sharepoint Admin and it has functional mailboxa account. How can  we fix it?

sp1.png
sp2.PNG
I also CANNOT share it with external user???

sp4.PNG
One more thing, I'd like to redirect the http: site to https: site in Sharepoint but I could not configure it. I tried 2 methods but they both did not work!

1. Add both http and https links in default zone of mapping site

2. Add redirect http in IIS management


 sp3.PNG
0
Windows Server 2008R2 Standard running Exchange 2010.

Error message "certificate authority is invalid or incorrect". This has happened a few times now. This particular message came up when running a downloaded file from Ninite.

Can access the site no problem, and then download the installer. When we run the installer we get the above message.

Our monitoring software has also stopped communicating with the server. When we look at the logs we can see:
error code 0x00002f8f - ERROR_WINHTTP_SECURE_FAILURE 12175

We have updated Windows, and checked the certificate which looks OK.

We recently installed a wildcard certificate, which is showing in IIS with the correct expiration date. Date and Time on the server is also correct.

Any ideas what I can look at as so far what I have checked appears to match up to the other servers the client has onsite.
0
How the Cloud Can Help You as an MSSP
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

qpopper 4.1.0 fails to build on this Debian stretch system.  There is a problem associated with openSSL; qpopper builds correctly without openSSL.

root:/usr/src/qpopper/qpopper> ./configure --enable-specialauth --enable-shy --disable-log-login --with-openssl

(configuration proceeds and succeeds)

make clean
make

(numerous modules compile, and then ...)

gcc -c -I.. -I.. -I. \
        -I../mmangle -I../common -I/usr/local/ssl/include \
        -g -O2 -DHAVE_CONFIG_H  -DLINUX -DUNIX pop_tls_openssl.c -o pop_tls_openssl.o
pop_tls_openssl.c: In function âopenssl_initâ:
pop_tls_openssl.c:319:33: warning: assignment discards âconstâ qualifier from pointer target type [-Wdiscarded-qualifiers]
             pTLS->m_OpenSSLmeth = SSLv23_server_method();
                                 ^
pop_tls_openssl.c:324:35: warning: implicit declaration of function âSSLv2_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:324:33: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
             pTLS->m_OpenSSLmeth = SSLv2_server_method();
                                 ^
pop_tls_openssl.c:329:35: warning: implicit declaration of function âSSLv3_server_methodâ [-Wimplicit-function-declaration]
             pTLS->m_OpenSSLmeth = SSLv3_server_method();
                                   ^~~~~~~~~~~~~~~~~~~
pop_tls_openssl.c:329:33: 

Open in new window

0
Hello,
I would like to convert HTTP streaming HLS  to UDP or RTP, I  have tried VLC  and it works only in windows 10, does anyone  have any other software example that is validated  and is working properly?

Thanks
0
Hi Experts,

We have have this error in a Necus report on a 2016 virtual server:

"SSL Medium Strength Cipher Suites Supported"

I've gone here:

https://stackoverflow.com/questions/4886346/how-to-fix-ssl-medium-strength-cipher-suites-supported-in-iis-6-0

and to several other sites telling me to do almost the same thing.

The problem is, we do not have the path in any of these solutions in our registry.  There is no schannel or Security Providers.

Is that the issue?  :)

Please help, we have to resolve this error and get a clean report and I don't want to make any changes to the registry or add until I am sure that is what is needed for this.

Thank you,

Karen
0
Hi Experts,

I have the following code which works fine for Win8 OS, while in Win7 it gives me an error, "cannot connect to the server".

Someone already helped me set this up in one Win7 pc, however now I need to move this over to another pc.

    Dim objHTTP As New WinHttp.WinHttpRequest



            Set objHTTP = New WinHttp.WinHttpRequest
 
            url = "https://MyAcct.caspio.com/oauth/token"
            objHTTP.Open "POST", url, False
            objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
        
            objHTTP.Send "grant_type=client_credentials&client_id=MyID&client_secret=MySecretID"
        
            ResponseText = Right(objHTTP.ResponseText, Len(objHTTP.ResponseText) - 17)
            access_token = Left(ResponseText, InStr(ResponseText, """") - 1)

Open in new window


PS. this only happens when trying to access secured accounts (Hipaa).

As far I remember we did applied those attached last time, but so far this didn't help.

Thanks in advance.
x64.reg
TLS-1.x-on-Windows-7.zip
0
Hello All,

We receive an instruction to upgrade to Dropbear SSH version, but I have no idea about this. Can you please me understand this please?

Regards
0
I have a net 2.0 compact framework client that pulls data via an asp.net web service (also 2.0) . This is working fine until we try to connect to the web service on an encrypted link
https: Now I'm getting a web exception in the client, it does work if I change it back to http:

Is there something I need to put in the local.config file to support https? Something with the certificate I need to change or something else
Thanks
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.