SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

can someone help me to install vsftp Server on Debian with SSL certification?

I followed many guiedes but no success.

my Server can connect locally but after certification install no 21 port from externally.

thanks
0
The Evil-ution of Network Security Threats
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

The strange thing is I have no problems connecting via regular FTP on the same server.  

I'm using IIS for Windows Server 2016 FTP site.

On the client side I'm using WinSCP.

I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
0
I would like to deploy certificates to my internal servers that bear Extended Validation. Through domain policy, I am able to push my own root certificates to the Trusted Root Certification Authority store in the PCs that I manage.  In doing so, the certificates signed by my private key appear to be valid and trusted to my internal users when viewing my internal servers.

Obviously, my root certificate is not going to be included in standard browser installations, so your average web user is not going to trust my certificates.  They don't have access to my internal network, so they have no reason to anyway.

Still, what I'm wondering.. with my root certificate imported into the browsers TRCA store, is it possible for me to sign certificates bearing the necessary attributes to make them appear to the user as an Extended Validation Certificate?  I typically use the OpenSSL commands to generate my keys, CSRs and certificates.  How might I go about this?
0
Hi, If we go to https://   techgardensdotcom,  we see the lock. A test of the ssl cert shows it's installed correctly. But I can still get to http://   techgardensdotcom.

Am I missing something, maybe an entry in the htacess file? Thanks.
0
Hello,

I would like to know how to implement ssl-cert-check from ssl-cert-check

I do have a windows box at work. Can i create it through Cygwin ?

Or what Linux flavor can i use ? Thoughts ?

Thanks for your help.
0
What is the best way to convert my site to https?  The site in question is www.gopherstateevents.com

Thank you!
0
I am have a 2012 server running IIS.  I created a CSR, dropped it into Godaddy's tool and was issued a certificate and an intermediary certificate.  I put those on the local server, went into MMC and added the certficate snap in.  I imported the certificate to the personal and the Trusted Root Certification Authorities areas.  

I then went to IIS manager and tried to edit the binding for the server on port 443.  When selecting the certificate, nothing is there to select.

A support person from Microsoft said that it was because there wasn't a private key.  I tried the "certutil -repairstore my "s/n (or thumbprint) of cert here)" but I am then prompted to insert a smart card.  We don't use these.  

This IIS server is using owncloud and is connected to the LDAP.  Does that have anything to do with it?  

Hoping someone that is better at SSL certs then I can help.

Thanks in advance.  IIS server is down until I get a certificate back on.
0
I had this question after viewing Questions on SSL certificate.

Once the SSL Certificate expires, can you upgrade your SSL Certificate?
0
When I generate a CSR and send it to a certificate authority they send me back the cert and I finish the process. My question is where is the private key, is this the CSR
0
Hi All Expert,

Good Day.

I am tasked to help outside vendor on SonicWall NetExtender VPN setup and don't have much knowledge on this SonicWall NetExtender, I went to the official website and was shock that it does not have the download for windows. The firewall is Sonicwall and I was given the IP address and domain though, windows 10 I know can download the SonicWall Mobile Connect, but I need windows 7 as well. Appreciate if any expert here have SonicWall VPN experience can assist me on.

Thanks!
0
Free Tool: Subnet Calculator
LVL 11
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I have a exchange 2013 server running on server 2012.  The SSL certificate from Comodo expired two days ago.  We purchased a 3 year multi site certificate from Godaddy.  I went through the process of creating the CSR, putting that into Godaddy's CSR request entry form and have received my certificate.  I installed the intermediary certificate and see Godaddy certificate there.

I then go to EAC and complete the CSR and import the certificate.  I then assigned the services IIS, SMTP, POP, IMAP to the certificate.  
I have also looked at IIS manager to verify that IIS is using the correct certificate.  The bindings.

However, when I go to the web site for our OWA, the old expired certificate is still there.  I have been fighting with this for 12 hours now and would appreciate any help I can get.  

Scott
0
I have a load balancer with a public VIP. The partner can only get the site if they ignore that they perceive the site as unsafe.
I’m fairly the certain my very is valid because other VIPs use it. What are some reasons a client might not trust the cert? Brain storming question.
0
Hi Guys,

Trying to install external ssl certificate on Cyber Roam device but having trouble, not able to do so....its asking for .pem file format but my certificate format is .crt

Please advise...what needs to be done to install a comodo instant ssl premium ov certificate on Cyberoam...

Rgds
0
Hello All,

I have an Website with many sub applications... 1 of which is now grabbing bank info and passing it to the banks for payment options/etc... My website on all other apps I dont feel need the https... How do i go about installing it on just the application? This app is in .net so we do require a login on this application so i figure I would SSL it from that point. Anyone have any step by steps on how to do this without interupting anything else on my IIS server? IIS 7 on Win 2008 r2.
0
Hi, I have a weblogic server running with different port numbers for HTTP and HTTPS. In our workstation we setup HTTP pointing to same port in the ISSPROXY.INI file. We could access from the local IIS URL to connect to the weblogic server; but when try to connect to secured server from IIS gets 2 different errors in the event viewer Event ID 1000 and Event ID 1001. below are the errors captured

EVENT ID 1000:

Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96
Faulting module name: iisproxy.dll, version: 0.0.0.0, time stamp: 0x59966438
Exception code: 0xc0000005
Fault offset: 0x0000000000030410
Faulting process id: 0x2514
Faulting application start time: 0x01d35a3fff6328df
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: \\?\C:\xxxxxx\XXXXXXXXX\lib\iisproxy.dll
Report Id: 3dddc54c-c633-11e7-812e-005056886b10
Faulting package full name:
Faulting package-relative application ID:


EVENT ID: 1001
----------------------

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: w3wp.exe
P2: 8.5.9600.16384
P3: 5215df96
P4: iisproxy.dll
P5: 0.0.0.0
P6: 59966438
P7: c0000005
P8: 0000000000030410
P9:
P10:

Attached files:

These files may be available here:



Our iisproxy.ini has the below information:
--------------------------------------------------------------

ISSPROXY.INI

WebLogicHost=ssl-server-name
0
Hello, we have an internal Microsoft Root CA Server 2008 R2
We need to update the encryption algorithm and public key from SHA1 RSA 1024 to SHA256RSA and RSA 2048 bit.

And when i try to duplicate Web Server Template it says "The Web Server Certificate template could not be duplicated. Access is denied"

Thanks for your help
0
Hi iSeries gurus...

I have a need to allow some external consultants to connect via VPN to our iSeries to perform some work for us...
Our security team won't allow this connection to be unsecured...
So, I'm taking a crash course on the use of Digital Certificate Manager to get a SSL Certificate created to allow the SSL connection...

I believe I've got the SSL Cert Store and Cert created...
I Created the Certificate Authority (CA), and the Certificate, and Enabled it.
I downloaded the Cert to my local PC, and installed it into the MMC on my Win7 laptop... (Not sure this was necessary)
Changed the 5250 session config to use SSL...

When I try to connect, I'm getting the generic error CWBCO1049 error "IBM I server application is not started or the connection was blocked by a firewall"

I checked that the System I Access servers are started for "Sign on" and "Server Mapper" - STRHOSTSVR SERVER(*ALL)

I'm thinking that there is something wrong in the Certificate configuration I did...
I'm not sure...

If I use the fully qualified Domain Name in the session config the error pops up right away...
If I connect my 5250 emulation session with the IP address instead, I get the "IBM i signon" dialogue box first, I can enter my credentials, and then when I click OK, I get the CWBCO1049 error popup box... This indicates to me that the connection is working, and it's not a firewall problem...

I've never worked with SSL 5250 emulation with iSeries Access before, so …
0
Hello,
We have a site https://www.external.com (digitally signed at this moment and is external facing or out to the world) but the server that hosts that site internally is https://internal_server.test.local which is not digitally signed.

So, how to request a single SSL for www.external.com and internal_server.test.local ?

Thanks for your help
0
I have a new Ubuntu web server running with Apache.
I have setup 1 website using the default conf file.

I want to make sure that if anyone visits the domian using httpS that it redirects to http.

I don't have any SSL certificates and am not planning on using any.

can someone advise how to do this?

thanks

Steve
0
What Security Threats Are We Predicting for 2018?
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

i am getting below error when i try to access https website hosted on iis ( did all required configurations )
website configured to use "many to one certificate mapping enabled"
on iis -->website--> SSL settings-->Require ssl --> Ignore/accept ---> it works fine.
but when i do if i iis -->website--> SSL settings-->Require ssl -->Require ---> getting 403 error.
( though i am sending valid client certificate )
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
0
Issue :SSL Certificate Signed Using Weak Hashing Algorithm      

An SSL certificate in the certificate chain has been signed using a
weak hash algorithm.      The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.      

Contact the Certificate Authority to have the certificate reissued.      

http://tools.ietf.org/html/rfc3279
http://www.nessus.org/u?e120eea1
http://technet.microsoft.com/en-us/security/advisory/961509

      
Plugin output:The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject             : CN=XXX
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From          : Sep 30 12:06:43 2016 GMT
|-Valid To            : Sep 28 12:06:43 2026 GMT
0
Hi
I just noticed if i do a google page speed test and just put www.mysite in the search, google shows it is scanning the now defunct http: version and displays a result, but if i put in HTTPS://mysite it shows scanning the https version with a different result.
Page header 301 redirects appear ok and only https pages only are served and indexed.
In the search console the https version is the only one which exists and as far as i understand there is no way of manually telling google that the https version is preferred
Is there something I have missed after changing from http to https or is this something google page speed just does
0
SSL Cert for remote.website.com on Remote Desktop Gateway (Server 2008 R2) is about to expire in a month.
Renew SSL Cert on Godaddy.
What type of server file do I download from Godaddy?  
I assume it is IIS file type.
Keep seeing on the forum that I need to convert it the crt file on Goddady to a pfx.
How do renew the SSL Cert on the Remote Desktop Gateway?
0
Hi Experts,
In the intranet environment I am working with, when I open an HTTP website with a catalog of rest services, my AD group memberships are always applied such that I can see the services inside. Today I changed the web site to HTTPS by self-signed certificate, then I can still open the site (after trusting it in browser), but cannot see the AD group protected services inside. I can see these services in HTTPS only if I remove their AD group protections.
Why does this happen? How can I apply AD group membership when opening HTTPS site in intranet?
Thank you!
0
Feel worried.  Well, well-indexed pages got their URLs changed in Google to HTTPS which is making the pages go to 404.  Have a plan.  Need advice.

Spend the next week moving content over to HTTPS.  Do nothing else.

Or, add a <link> element with the attribute rel="canonical" to the <head> section of these pages: <link rel="canonical"...  And, wait for re-indexing?

Or, do both?

Or, move ONLY the incorrectly renamed (http --> https), but still highly indexed, pages to https.  Then, just add the canonical link to all the ones that are still correctly listed.

My thinking here is: if Google went ahead and switched some pages to https on their own, and we've GOT https, just move as many of them over as we can?

Or, is it a better use of time and staff to fix only the ones we can see that have been switched in Google, and then put the "canonical" on the ones that are still shown correctly in Google as http?  Will that "canonical" tag keep the pages from being reindexed?  Or, is this more of the move to all as https, and inevitable - we should just make them all go to https?

Thanks!

OT
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.