SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does trusted email domain require its own ssl cert on the exchange server?

- Domain A has been set up and working for years
- Domain B as a re-brand effort was added to Exchange 2010.
- All emails still route to the server name for Domain A [mail.domaina.com]
- Receiving certificate issues and warnings when loading Outlook into the new email address for Domain B.
- A portion of Sent emails are being bounced or captured in external recipient's junk/ spam.
- I'm assuming a certificate needs to be installed.

Can I add a certificate for the trusted domain to this server to resolve the cert warnings?
0
Webinar: What were the top threats in Q2 2018?
LVL 1
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

I am hosting a couple of web sites on couple Linux boxes and OWA on a Windows box in my office. Currently http is forwarded to Host_W and https is forwarded to Host_M.  Host_W serves pages for www.site-m.biz, www.site-d.net, and www.site-f.com while it forwards requests for host_l.site-s.org and www.site-s.org to Host_L. The current structure looks like this:
 
Current Config
What I want to do is forward both http and https to Host_W while serving the same three sites and forward https requests for mail.site-m.biz to Host_M and requests for site-s.org to Host_L. The structure would look something like:

Disired Config
 I have attached sanitized copies of what I think are the relevant config files.
 
The port forward is not a problem, simple change on the firewall. Installing Let's Encrypt certificate on both Nginx and Apache2 are heavily documented and a Godaddy certificate for mail.site-m.biz is already installed on Host-M.

What I don't have a handle on is the changes needed on the Apache2 on Host_W. I think it would be just to add something to the site-m.biz.conf like (and something similar to site-l.org.conf):

<VirtualHost *:443>
        ServerName mail.site-m.biz

        SSLEngine On
        SSLProxyEngine On
        ProxyRequests Off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        SSLInsecureRenegotiation on
        SSLProxyVerify none
        SSLVerifyClient none
     

Open in new window

0
Hi guys

How do you give someone the private key for the SSL certificate but un-encrypted? I don't get what they are saying.

I've got a Windows 2008 R2 web server that I created the CSR onto. Then I got the certificate from the provider and have applied the certificate to this to complete the request.

My colleague needs the private key. I exported it as a .PFX file, but when you do that, it is password protected. He needs it un-encrypted.

Do you use the MMC console to do this and then export it as a .CER file? Will that be correct?

Cheers
Yashy
0
Hi guys

I am going to be buying a multi-EV domain SSL certificate. This domain will have quite a few sub-domains. When i want to create the certificate request on the server, in the common name section, do I just put in the domain name only? So would I put 'contoso.com'? And not '*.contoso.com'. I assume i would only put an asterisk if it was going to be a wildcard ssl right?

Thanks for helping
Yash
0
For Citrix NetScaler, I need .pfx SSL certificate. But I received .cer SSL file. To convert this CER file to PFX, I have followed below process.
Opened Certificate MMC --> Imported the CER file in PERSONAL\Certificate --> Export
When I try to export from with the CA, I don't get an option " yes, export the private key"  and on the export file format " Personal Information Exchange - PKCS#12(.PFX)" is greyed out".
Please suggest.
0
I guess I really don't know what I am doing.

Working on an SBS 2011 Standard machine on subnet 192.168.1.0.

There's a vpn to a remote location 192.168.2.0

A new laptop at the remote site with windows 10 / office 2016 keeps getting an error about the autodiscover.domain.com certificate.  It says the name on the security cert is invalid or does not batch the name of the site.

Clicking on view cert, it says it's issued to: domain.com   issued by let's encrypt authority x3 with valid date of 8/14/18 to 11/12/18

WE DO have a certifficate for the domain issued by comodo.  From a browser, if you type remote.domain.com/owa, you get to the owa page and it says it's secured with the comodo cert.

anyone know where the lets encrypt certificate is coming from?

Other laptops at that remote location are working fine for email.
0
Dear Experts

We have hosted web based application which runs on linux, apache, mysql and php. data security is top most priority, we have installed ssl certificate and also deployed two factor authentication, when used the online ssl checker by going to https://ssltools.digicert.com/checker/views/checkInstallation.jsp  after the scan following shows up

1. Vulnerabilities checked
Heartbleed, Poodle (TLS), Poodle (SSLv3), FREAK, BEAST, CRIME, DROWN
Non-critical issues found
BEAST
Not mitigated server-side BEAST.

2. Secure Renegotiation: Enabled
Downgrade attack prevention:Enabled
Next Protocol Negotiation: Not Enabled
Session resumption (caching): Enabled
Session resumption (tickets): Enabled
Strict Transport Security (HSTS):Not Enabled
SSL/TLS compression:Not Enabled
Heartbeat (extension):Enabled
RC4:Not Enabled
OCSP stapling:Not Enabled

---------
Please help me to understand on above 1 and 2  and let me know the steps correct as per the best practice. thank you.
0
hi guys

Does Microsoft Exchange both on premise and online accept EV SSL certificates? Or must they be Unified Communications Certificates for your OWA  and other web services to work?


Thanks
Yash
0
I am using WAMPSERVER 3.1.0 which incorporates Apache. I followed this tutorial to create an ssl certificate and use https on my site. I purchased a Godaddy certificate and it works with https://localhost but does not work with https://mydomain.com. It's like it cannot find it, however http://mydomain.com does work.

Any help would be apprecaited!
0
I am trying to setup IMAP access to my Exchange server 2016.

Followed these instructions

And I see this

[PS] C:\Windows\system32>Get-ImapSettings | Format-List *ConnectionSettings,*Bindings,X509CertificateName

InternalConnectionSettings : {ex-sx-01.domain.local:993:SSL, ex-sx-01.domain.local:143:TLS}
ExternalConnectionSettings : {exchange.domain.ch:143:TLS, exchange.domain.ch:993:SSL}
UnencryptedOrTLSBindings   : {[::]:143, 0.0.0.0:143}
SSLBindings                : {[::]:993, 0.0.0.0:993}
X509CertificateName        : wildcard-domain.ch

Open in new window

Which seems to be ok

However if I try to connect I get

MBP13:~ alex$ telnet exchange.domain.ch 993
Trying 000.000.210.252...
Connected to exchange.domain.ch.
Escape character is '^]'.
* BYE Connection is closed. 14
Connection closed by foreign host.
MBP13:~ alex$ 

Open in new window


MBP13:~ alex$ openssl s_client -connect exchange.domain.ch:993 -crlf
CONNECTED(00000005)
140736108229576:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/ssl/s23_clnt.c:565:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 318 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
MBP13:~ alex$ 

Open in new window

It would seem that my SSL setup is not correct ?!

Any suggestion / pointer ?
0
HTML5 and CSS3 Fundamentals
LVL 12
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

I am trying to run an SQL command ... I have it working as:

sSql = "SELECT * FROM tClaim WHERE ClaimNo = " & """" & sLab & """"

but I need to do a wild card search and trim the variable..... so I tried this:

sSql = "SELECT * FROM tClaim WHERE ClaimNo Like "" * "" & Trim(sLab) & "" * """

This just ends up freezing up MS Access.

What is wrong with my SQL statement looking for a wild card?

Thank you.
0
Hello,

I am installing SSL Certification on my Linux Centos Server. And I am trying the first Domains. It is almost working. But I have one strange problem. If I use a URL to the Site root (www) it comes as Secure. But if I use a URL to any internal directory it comes as Unsecure, depending on using www or a slash at the end.

Please try it in your Chrome Browser, but, clear its Cache memory between the tests. I have added SSL to 2 of our Sites:

segurosagro.com.br
multisites.com.br

And I created a simple directory called testredirect which has just an index.html file with an image.

1) segurosagro.com.br/testredirect

It comes as Unsecure.

2) segurosagro.com.br/testredirect/

It works, and comes as Secure.

3) www.segurosagro.com.br/testredirect

It also works, and comes as Secure.

In the same way:

1) multisites.com.br/testredirect

It comes as Unsecure.

2) multisites.com.br/testredirect/

It works, and comes as Secure.

3) www.multisites.com.br/testredirect

It also works, and comes as Secure.

My actual httpd.conf <virtualhosts> entries for segurosagro.com.br and multisites.com.br are as below. You will see that they are slightly different. This is due to tests I was doing trying to solve the problem:

#--------------------------------------------------------
#                 multisites.com.br
#--------------------------------------------------------
<virtualhost 66.226.75.86:80>
ServerAdmin …
0
I want to move from FTP to HTTPS due to Firewalls being nasty to FTP.
For HTTPS I will need a SSL Certificate.
   Can I get free valid certificates anywhere ?
   Should I distribute my certificates while deploying my Application ?
I use Delphi (ICS HTTPS component) and my application runs on Win OS.
I have developed a backup application which is installed on every machine of my customers.
The HTTP Server will only be installed on the Destination machines and monitoring machine.
0
Hello,

I need little help with renewing 3rd party certificate on Skype for Business 2015 server.
As per pictures attached, i want to renew only that certificate (SIP, since it is 3rd party and all others are from internal CA), and when i go to Request with Advanced option, and populate everything i end up with csr, that has a common name of webdir.<domain>.com, in stead of sip.<domain>.com (as it is atm).

So, the question is how to renew this certificate but to have CN of sip.<domain>.com, when there is no option to define CN?

Can I use maybe exchange server, generate CSR there, then just delete it after i get new cert, or something like that?

Regards,
Ivan.
sip1.jpg
sip2.jpg
0
How to trace an expiring SSL certificate in a domain.
We have 3 Legacy Citrix Farms in our environment.
Users are using web interface servers to access these Farms.
We have multiple SSL certificates for this environment.
Please provide a PowerShell Script to find out SSL certificate Expiring date.
0
I've messed up. Entered an incorrect string into the Web Services Configuration under ciphers and now the cPanel will not connect saying invalid connection. How do I get into the cipher section of the Web Services Configuration using SSH and command line please? This is the silliest thing I think I've ever done on a CentOS 6.x server - it's a live server so my clients are now not able to see their websites.

I tried to move the sites on the server to another server using the Transfer tool but that fails too, saying SSL connect attempt failed - unsupported protocol.

I can ssh into the server so I'm hoping that I can resolve the issue by using SSH from the command line.

Any urgent responses greatly appreciated.
0
Hi guys

In October, our Symantec EV SSL certificate will be dis-trusted in Chrome and in Firefox, meaning anyone who visits our website will get a certificate error before being able to browse the site. Not great for an ecommerce website!

The current EV SSL certificate is due to expire in December, but to avoid this issue, we’ll need to renew by October 16th at the very latest.

We have two options:

1.      Purchase a new EV SSL certificate from a different provider, such as Comodo.
2.      Switch to using the wildcard certificate that we have for our website. This will mean we no longer have an EV SSL certificate for .

Option number 2 is the cheapest and easiest option, but it means we lose our EV SSL certificate, including all of the security and visual elements of this (such as green browser bar). This apparently affects conversion, as greater customer trust in the website means they are more likely to buy.

Any alternatives or suggestions that you have?

Thank you
Yash
0
Dear Experts

Microsoft AD FS server installed and configured post installation this required to install the SSL certificate and complete the configuration , please help to understand if to change the certificate which is already configured for ADFS to new certificate where all the configuration changes to made, I mean how to re-configure adfs OR assign the new SSL certificate to the ADFS sever, can you please list the changes to be done and where all the changes and what all to be done please.
0
Dear Experts

while i am deploying the ad fs server installed and configured ssl certificate successfully but some how I misplaced the noted password for .pfx file  I have access to the server from where the CSR file is generated and later on the same server imported certificate through digicert utility but now I am in trouble lost the password for .pfx file and I require this so that same certificate to be installed on other ADFS server in the farm. please help me it is of wildcard certificate on how to recover the password I have access the orginal server from where the CSR is generated . please help
0
Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Dear Experts
We procured the wildcard certificate from Symantec and we received the certificate as *.mydomain_com_ee for this I had created CSR file from the microsoft AD FS server the server name was federationsrv.mydomain.com used digicert utility while creating CSR had to mention *.mydomain.com  and did import the certificate and created the pfx file and while in this progress changed the prefix from *.mydomain_com to federationsrv.mydomain.com and installed the certificate and configured the adfs
Adfs configuration wizard showing up the following attached the same with more details snap image from the sever for your reference
1. The ssl certificate subject alternative names do not support host name certauth.federationsrv.mydomain.com
2. error occured during an attempt to set the SPN for the specified service account Set SPIN for the service account manually
3. Also followed https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/enroll-an-ssl-certificate-for-ad-fs
In this I am not able to understand subject alternative is it required to do this and if yes how and where to configure this subject alternative,  IS it to import one more certificate in additional to the above  and configure something like this enterpriseregistration.corp.mydomain.com. OR  as per the SL1 like certauth.federationsrv.mydomain.com and add the records in active directory name server
Can you please help me on above 1 to 3
Results.png
0
Hi EE,

We have SSL certificate that is expiring next month but no one knows where it is located on the network, are any free tools out that help us.

Thank you
1
On  a netscaler 16500 - suppose I want to traffic to https://yaya.foo.com/whatdoyouknow to redirect to https://www.sharktown.com/whatdoyouknow. But the same mechanism would deliver https://yaya.foo.com/somwhere to redirect to https://www.sharktown.com/somewhere. What would I need to cofigure? thank you
0
Hi,

Will someone help me understand how to export a PKCS #10 certificate from a Windows 2008 server? I see an option for PKCS #12 but that is it. Is this even possible? I am using a wildcard certificate issued by Thawte and I need to get one installed on may VPN device. Any advice or guidance?

Thank you.
0
Hi
I had purchased SAN certificate for our Exchange server 2013, through SSL provider and they have been sent the SSL and INTERMEDIATE certificate in text format.
For SSL I copy the text to the notepad and change the file extensions .crt

For intermediate certificate,
Do I copy the text to the notepad and rename the file extension as. pfx
Any help would be great.
0
Hi

I have exchange 2013 and my predecessors has installed a SAN certificate on this server SSL® + UCC
Now I wanted to add another domain and i requested the SSL provider to add a new domain to the SAN certificate and I have been told by the SSL providers that the new domain has been added to the SAN and new certificates were issued on the portal.
On the SSL company website portal- Under my account I can see each of the following text on a separated windows.
I can see CSR text ,  SSL text, INTERMEDIATE text

So first do I need to copy the INTERMEDIATE txt on a notepad and rename as .crt and import into Intermediate Certification Authorities in the certificate mmc console of the Exchange server.
Secondly I copy only the SSL text to notepad and rename as .crt and Log in to Exchange Admin Center and import.
Thirdly Do I need to leave the CSR as it is ?

Please suggest if I am wrong or if I missed any steps?
Also do I need to remove the previous SAN certificate on the Exchange 2013, before I install an updated one.

Any help much appreciated. Thanks in advance
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.