SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

When my site are in development I have always gotten the IP address from AWS, then accessed them from my browser. But here's an article I would read if there is a secret exposure...

https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want

I do not take lightly to changing my Hosts file because I do not want to put myself into an unstable condition, if I missed something in the directions.

Is there risk to using an IP address to directly access my PC? I assume the biggest benefit is that the site can be kept private from public view, but is there any way in the world that someone cold guess that address?

Are the scrapers out there pinging billions of IP addresses?

As far as keeping it private, it is mainly that I can use my real domain name and keep that private? That's nt important to me since I can buy the SSL cert and do that before launch. AT the moment, I just need to look at the sire and test it, so by adding my IP into the browser, does that expose my IP to scrapers?

Thanks.
0
[Webinar] How Hackers Steal Your Credentials
LVL 8
[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Hi.
Have a SBS 2011 , with Exchange 2010.
Setting up new pc's with Office 2016 that only support autodiscover set-up.
Have a certificate mail.domainname.com.
Made a DNS cname record ; autodiscover.domainname.com -> mail.domainname.com

Autodiscover setup i Outlook now works but gives waring on every startup (of Outlook).
Stating that there is a missmatch between the certificate (mail.domainname.com) and the server it connects to (autodiscover.domainname.com) Which I understand. There is a missmatch..


So, was hoping to get around this without buying a new multi-sub-domain certificate.

Found a workaround:

#
HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

4.      Click the Edit menu, point to New, and then click String Value.
5.      Type the name of the HTTPS server to which AutoDiscover can be connect without warning for the user, and then press ENTER. For example, to allow a connection to https://contoso.com, the first String Value (REG_SZ) name would be as follows:

contoso.com
#

here I added autodiscover.domainname.com (and mail.domainname.com + domainname.com, when it didn't work) without any luck.

Outlook works (send and recive mail) even if I let the warning stay open, but would like to get rid of it.

- Only 3 pc's connected to domain.
0
Hi all,
I have just installed a Thawte SSL certificate on my server for one of my websites. Its seems et up correctly, however, now the site does not work correctly. It is not a Joomla or WordPress site but does make use of some external assets such as fonts etc. Is this causing the issue?
http://www.jonbysoft.com/   << None secure

https://www.jonbysoft.com/  << Secure SSL

New to this. Any help of advice appreciated.

Kind regards
Abiel M de Groot Sanders
0
Performing an Exchange 2003 o 2010 migration.  I have switch mail flow from EX2003 to EX2010 in coexistence.  Mail seems to be working correctly, but I am getting the following error now on the EX2010 server:

The following fatal alert was received: 46.
Event ID: 36887

I have only moved a few mailboxes over to EX2010.  I am getting certificates errors on Outlook Web Access, but can still log on and get mail.  The error searches I have found so far says it an issue with SSL.  I have a SSL certifcate installed on EX2010 and exported it on to EX2003.  I purchase this new certificate from the request I created on EX2010.  Anyone have any solution ?
0
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
0
Hello all,

I have some Win 2012 3cx v15 phone systems and was having trouble with apple push notifications for calls to remote devices.  I've determined it to be a TLS issue.  I had used IIS Crypto to remove the less secure SSL 3.0, TLS 1.0 and 1.1, leaving just TLS 1.2 and more secure ciphers.  This breaks apple push notifications from the 3cx server/software.  I put back TLS 1.1, no luck.  Put back TLS 1.0, now push notifications work.  I find it odd that I should still need 1.0 enabled on the server.  

Is apple push still using that protocol and not 1.1 or 1.2, or might there be something else going on here.

I'm by no means familiar with protocols/ciphers, just determined what fixes the problem.
0
Hi,

I am migrating an Ex2010 server to Ex2016.

I've already introduced the Ex2016 server into the environment. I have not yet changed DNS or cut over namespaces.

I am at the SSL stage.

Obviously I have an SSL cert on the 2010 server (good for another year). From what I have  been reading it says to export the Cert from the 2010 server and import it into the 2016 server. (Name spaces are the same for both servers so the current SSL will be fine.

My question is, when I export the SSL from the 2010 server, will that invalidate/cancel it on the 2010 server and stop it from working? If so, I was thinking of just buying another Cert and installing that on the 2016 server.

Thanks!
nacht
0
Grrrr,

I'm having a hard time.  I'm trying to renew an existing certificate on Exchange 2017.

Just renewed the SSL with GoDaddy.

Received the SSL certificates but no REQ, just .CRT

In ECP when renewing the SSL, I get this error:

"Please use a valid file name when you run the New-ExchangeCertificate cmdlet on server MAIL with the -RequestFile parameter. The file should not exist in target folder. Parameter name: RequestFile"

 2017-06-10_18-16-32.png
What am I doing wrong?

Please advise.  Thanks
0
Hi Folks,

It seems some changes to my site have shocked the search engines:  www.recoveryaudio.org  Traffic today is down by probably 70%.

Last night a new Divi child theme was installed.  A few weeks ago I switched to a secure (https) server, and also added Clouldflare CDN as well as Ezoic, which is a CDN ad proxy server.

I have read that switching from http to https can affect SEO (and i suspect there could be an issue with internal linking), and I suspect the page HTML code has changed significantly as well.

I'm seeking some guidance to identify obvious problems, and/or possibly hiring someone for guidance or "fixing" whatever issues may be going on.

Thanks!!
0
Any HTTPs site I attempt to reach I get a generic page not found error, while if I use a page's HTTP variant, I can reach the site normally.

I have already cleared any proxies in IE, installed and used Chrome and Firefox, checked for firewall rules that block port 443, registered a series of DLLs, and ran sfc /scannow to see if all of the system files were intact ( No errors found).

Are there any other fixes or troubleshooting methods I can look into for this?
0
Free Tool: IP Lookup
LVL 8
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Dear Experts,
I'd like to cache my flash movie on my html page, I do not want to download it again and again from the server when the page is called. Because, I will not change it for two weeks and the file is proportionally large. As far as I know, the browsers cache flash files, but I need to be sure..
I use https ( secure connection )
I wrote my html page like this. What do you think about it?

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="pragma" content="Cache">
<title>My Title</title>
</head>

<body>
<object width="1366" height="768">

<param name="movie" value="upt_video.swf">

<embed src="upt_video.swf" width="1366" height="768">

</embed>

</object>

</body>
</html>

Open in new window

0
I have installed Exchange 2010 onto Server 2008R2. I have an SAN SSL certificate from Godaddy installed on Exchange (mail.domain.com and autodiscover.domain.com). I have a Cisco ASA acting as a firewall and a Sophos XG135 in bridged mode acting as the email filter. Email can be sent and received without a problem and the email is being filtered. OWA works from the outside without a problem, however, Outlook Anywhere will not work. I have poured over the available documentation from Sophos but cannot get a remote Outlook client to connect to the Exchange server using Outlook Anywhere.

Has anyone successfully configured the XG in bridged mode to work with Outlook Anywhere? What steps am I missing? Do I need to install the SSL cert on the XG instead of Exchange and make the XG an SSL Proxy? If so, is there any documentation on how to go about this with the Godaddy certificate?
0
I have Server 2003 R2 with Exchange 2007.

I am trying to create a public SSL certificate I can install on the server. I generate the certificate request from IIS and copied the crt file to godaddy. I generated the certificate by opening IIS Manager > expanding server name > expanded web sites > right click on "Default Web Site" > directory security > server certificates > next > create a new certificate > "Prepare the request now, but send it later > Name: "Default Web Site", bit length 2048, and left "select cryptographic service provider (CSP) for this certificate" unchecked > entered Org name and Org Unite > common name: mail.mydomain.com > Country, State, City > let it default file name c:\certreq.txt.

I downloaded the completed file from goDaddy and imported into mmc > certificates > and imported the crt file from GoDaddy. Went back to IIS Manager and deleted the pending certificate > Assign an existing certificate > and choose my certificate from GoDaddy. The problem is this does not contain a key to correspond with that certificate to secure my Outlook Web Access. How do i accomplish this?
0
is there any method of setting up simple proxy server

can it be linux or windows based, can some body share any documenation of setting up proxy server

also any difference between proxy server and network load balancer? if so like what I think SSL decryption happens in both
0
Dear All

could you help me I am trying to understand what's the best option in the link below for my site www.alexjenkins.tech 

https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-Off-Flexible-SSL-Full-SSL-Full-SSL-Strict-mean-

Could you help me understand the best option I have gone for FULL Strict but if I go for flexible I don't need to incur the cost of an SSL on the server side?

What would you do and why?

Thanks
Alex
0
Hello Everyone --

We are currently deploying certificates (CBA) for our environment and ran into an issue with iOS devices.  For Android devices, we have exported the certificate (with private key) and installed it on the device for authentication.  Within the client, you can specify the certificate you want to use.  

Now we are trying to deploy it on iOS devices.  We e-mailed the certificate to the iOS (10.3.2) device and installed it.  It shows up as a certificate under Profiles.  However, when we blank out the password under the mail account, it doesn't seem to be picking up the certificate in the native email client.  We tried reinstalling the certificate as well as recreating the account from scratch.  

Any ideas?

Thanks.
0
Hi all,

I have a couple of storefront servers that are in  NLB cluster. I need to renew the SSL certificate as its expiring soon. The certificate was created with our internal root CA and is used for LAN connections only.

I would normally go into IIS on both SF servers and select the renew wizard by choosing our CA server. This with then automatically renew cert with need to create a CSR.

Are there any other implications in terms of the storefront config?
0
This is a Windows Server 2008R2 as CA.
I thought that if the CA was configured to generate SHA1 certificates it would not be possible to get an SHA2 from it unless the CA configuration is updated to SHA2.
A colleague has said it may be possible to generate an SHA2 cert if the CSR specifically requests it,

With that in mind, using OpenSSL I created a CSR using this as my .req file.

[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = req_ext

[ req_distinguished_name ]
commonName =                     Common Name (eg, YOUR name)
commonName_max =                 64       

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = servername

Open in new window


and this command
openssl req -new -nodes -out myreq.csr -config req.conf

Open in new window





Then I went to http://myca/certsrv and requested a cert

Request a Certificate
Advanced Certificate Request
Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7):
Copy contents of myreq.csr file into this field
Certificate Template: Web Server
Certificate Issued Screen ->  Base 64 Encoded
Download

Open in new window


Downloaded the certificate and checked the properties...still SHA1.
Is this because I created the CSR incorrectly or because its not possible to request an SHA2 cert from a CA configured to generate SHA1 certs?
0
Appears to be related to a user profile. Not happening to another users logged in on the same computer.

When browsing to https://www.google.com cannot browse and displays Connection not private
NET::ERR_CERT_COMMON_NAME_INVALID message.

1. Re-installed Chrome
2. Time is OK
3. Updated IE
4. Tried this https://productforums.google.com/forum/#!msg/chrome/95NrJOxJKSg/Ta2O4cBRCQAJ

Any suggestions
0
What Is Transaction Monitoring and who needs it?
LVL 1
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Hi,
In my company we have the outlook connected to an enterprise exchange account.
I'm working in IT department and me and other partners need to work with virtual machines and we have installed VMWare Player 12 to create the VM's.
The SO is Windows 7 Professional x64
The story starts about 6 months ago When I have installed VMplayer 12.
After installing the VMware Player 12, I start having issues connecting to exchange server. instead "Conect to exchange server" appears "Trying to connect". The delay varies from 30 min to 5 hours.
Since I have used player before without problems, I search for a fix. I Have read that uninstalling the windows updates KB3161949, KB3161958, KB3163245, KB3164033 and KB3170455 solves the problem.
After restart the pc, ithe issue is fixed, but until next week because the system center configuration manager reinstall the updates.
I had created a powershell script to remove all 5 updates every week.
Few weeks later, I tried to uninstall the player and install the workstation to see if the problem remains.
It starts connecting without trouble when opening outlook.

Searching the web I saw that the VMWare Workstation uses the port 443 (SSL) to connect to virtualization server (not the case oof player).
I read that is enough to switch the port 443 in workstation to 8443. at that time it starts working with port 8443 and connects immediatly.
But the problem is that the other colleguees uses the free version of VMware player.

To try …
0
We are having a problem with establishing a secure communication with our credit card processor on their new process. They are requiring a connection from our application to their server via TLS 1.2 only. However, everything I try results in the same SSL handshake initiation being sent from our program on a Windows Server 2008 R2 to their server. Attached is a screen shot of the packet capture (via wireshark) showing what available cipher suites are being offered to their server for negotiation. The problem is that no matter what I do on our server, this list never changes.

I have in the GPO on our server the cipher suite order set properly, with only 27 suites listed, but it makes no difference. (Computer Configuration, Administrative Templates, Network, SSL Configuration Settings, SSL Cipher Suite Order)

Any help or ideas are welcome.
Screen shot of packet capture
0
I cannot get Exchange email accounts setup on any mobile device like Android or IOS devices.

OWA internal/external and internal Outlook clients work flawless - zero issues.

The mobile devices keep saying "The name of the site does not match the name on the certificate".  When I view the details it says the RapidSSL SHA256 CA-G3 Cert is from wpengine.  That's coming from where our web site is hosted and it doesn't even have an SSL cert, going to https://ourdomain.com says not secure.

Our Exchange Cert is a GoDaddy Secure Certificate Authority - G2.

Here is how we are setup:

Our email is hosted at web.com
Our web site is hosted at a 3rd party who uses wordpress
Our DNS is managed at Network Solutions

We have an internal 2016 Exchange Server that has:

- our router port 443 forwarding to our internal 2016 Exchange Server static IP
- the GoDaddy cert installed
- we use a product called POPCON to pull down mail from our mail host web.com and delivery to Exchange user mailboxes
- OWA and Outlook working internal and external, zero issues

Here is our DNS setup at Network Solutions:

A records:
www               - points to static IP address where our web site is hosted
@ (none)        - points to static IP address where our web site is hosted
* (all others)  - points to static IP address where our web site is hosted
autodiscover.ourdomain.com - points to our buildings static IP
remote.ourdomain.com           - points to our buildings static IP …
0
Can anyone please describe the steps for SSL configuration in SharePoint 2013.
0
Currently I have 1 IP on an IIS web server. I need to add in 3 more website and each website must be reachable on http and https

Should I

1. add in 3 extra IP address. Bind each site to an IP on port 80 and port 443. In DNS add in hostname for each site with the appropriate IP address

2. stay with 1 IP address, use host headers for each site
0
Good afternoon

I have a client that has 5 RDP connections. These go to 1 server and 4 individual PC's within the business.
The router has been configured to allow them through using publicipaddress:port (these ports increment by 1 to specify which computer it is going to).

During a recent PCI compliance scan, each of the computers failed as they were using self signed SSL certificates, as well as the router remote access. I need to secure these with SSL certificates from a Certification Authority. My question is as follows:

1. How do you do this easily?
2. Does each computer and the router need it's own SSL certificate purchased from the CA?
3. If I create 1 certificate from a CA using the  public IP address, can this be assigned to each of the devices?
0

SSL / HTTPS

8K

Solutions

7

Articles & Videos

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.