SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

My website is setup to run over http or https, I assumed everything was working until recently.

On my mac in Safari and Firefox the following two URL's work fine
http://www.petenetlive.com
or
https://www.petenetlive.com

HOWEVER in IE it does not load the CSS and bleats about mixed content, Now I can view the source and see that the css is being loaded from http URLs so that's probably causing the problem, (why Firefox and Safari works I don't know?)

I've tried various Wordpress plugins that claim to fix SSL problems - none of them worked. I've set the site in Wordpress to use the https URL, I've also set this in the wp-config file.

HOW DO I FIX THIS?

Note: In running NGINX and don't have a .htaccess file

Pete
0
Ready to trade in that old firewall?
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Dear Team,

We are planning to purchase a wildcard SSL certificate for our domain (for ex: abc.xyz) but have this situation. Can you please assist?

We have several sub-domains located in one physical server, then purchasing a wildcard SSL cert should be a good choice, right? However if we have another server (the different from the former one) which will hosts Mail server (such as mail.abc.xyz), can we continue using a wildcard SSL which we purchased before?

If not, can we purchase an additional cert for that new sub-domain: mail.abc.xyz? And is there any other option?
0
In trying to get scan to email working I was changing settings in the kyocera cs400ci printer and now locked myself out of the GUI as the SSL settings I set it to are wrong and browsers dont trust it.

I checked SSL and DES only (no 3DES or AES) and now all browsers say invalid/bad/unsupported ssl/tls etc.

Any ideas on how I can ignore any/all ssl warnings and still get to the gui?  force ssl is on so I cant use port80.
0
Hi everyone,

I have a vCenter 6.5 linux appliance that I need to install an SSL certificate into. The problem is that I have very little knowledge about the workings of this, so most articles I find on internets aren't very helpful. Mainly because they expect to have a lot of pre-requisites in place that we do not seem to have.

The vCenter server is in an AD domain environment and uses an AD authentication (LDAP server identity source) for SSO. To my knowledge, some of our web servers are certified with a 3rd party issued wildcard certificate, that covers both the tld "mycompany.com" and the AD local subdomain "ad.mycompany.com". There is no internal CA installed on our Domain Controllers and I am unsure whether that is something that's required to be in place in order to certify the vCenter.

The wildcard certificate I have is in a format of a "pfx" file with a password authentication.

What is the easiest / quickest way to go about it?
0
Hi Folks,

Can anyone explain what is the Difference between the above 3 method of certificates, let me explain my understanding first.

Self-Signed:
Issued by : Webserver1
Issued to : Webserver1

Certificate Authority signed :
Issued to: Websever1
Issued by: Microsoft CA Server

3rd Party CA Cert:
Issued to: Websever1
Issued by: Comodo or Symantec or Verisign

Now the question is what is the difference between using self signed for my Web server and using certificate authority signed for web server. I'm not asking about 3rd party certificate.
0
Hi all,

Being doing some work around tightening security on internal and external communications with stronger certificates and removing weak ciphers. All though this fairly straight forward I had a problem yesterday that has raised questions mainly around my understanding.

We have a web server in the DMZ 2008 R2 IIS. It has an external signed certificate (SHA256). scanning the website shows a number of weaknesses around Ciphers that are part of TLS 1.0, 1.1 and 1,2.

We have to keep TLS 1.0 enabled because of application compatibility.

Is it possible to disable specific ciphers that are weak rather than disabling the tls protocol?
0
I would like to setup redirection from a server that host a site to a different server that host a landing page in IIS.  

How do I setup a redirection in DNS and on the new site?

OLD URL: https://abc.domain.com
NEW URL: https://portal.domain.com/Test/Landing
0
When my site are in development I have always gotten the IP address from AWS, then accessed them from my browser. But here's an article I would read if there is a secret exposure...

https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want

I do not take lightly to changing my Hosts file because I do not want to put myself into an unstable condition, if I missed something in the directions.

Is there risk to using an IP address to directly access my PC? I assume the biggest benefit is that the site can be kept private from public view, but is there any way in the world that someone cold guess that address?

Are the scrapers out there pinging billions of IP addresses?

As far as keeping it private, it is mainly that I can use my real domain name and keep that private? That's nt important to me since I can buy the SSL cert and do that before launch. AT the moment, I just need to look at the sire and test it, so by adding my IP into the browser, does that expose my IP to scrapers?

Thanks.
0
Hi.
Have a SBS 2011 , with Exchange 2010.
Setting up new pc's with Office 2016 that only support autodiscover set-up.
Have a certificate mail.domainname.com.
Made a DNS cname record ; autodiscover.domainname.com -> mail.domainname.com

Autodiscover setup i Outlook now works but gives waring on every startup (of Outlook).
Stating that there is a missmatch between the certificate (mail.domainname.com) and the server it connects to (autodiscover.domainname.com) Which I understand. There is a missmatch..


So, was hoping to get around this without buying a new multi-sub-domain certificate.

Found a workaround:

#
HKEY_CURRENT_USER\Software\Microsoft\Office\xx.0\Outlook\AutoDiscover\RedirectServers

4.      Click the Edit menu, point to New, and then click String Value.
5.      Type the name of the HTTPS server to which AutoDiscover can be connect without warning for the user, and then press ENTER. For example, to allow a connection to https://contoso.com, the first String Value (REG_SZ) name would be as follows:

contoso.com
#

here I added autodiscover.domainname.com (and mail.domainname.com + domainname.com, when it didn't work) without any luck.

Outlook works (send and recive mail) even if I let the warning stay open, but would like to get rid of it.

- Only 3 pc's connected to domain.
0
Hi all,
I have just installed a Thawte SSL certificate on my server for one of my websites. Its seems et up correctly, however, now the site does not work correctly. It is not a Joomla or WordPress site but does make use of some external assets such as fonts etc. Is this causing the issue?
http://www.jonbysoft.com/   << None secure

https://www.jonbysoft.com/  << Secure SSL

New to this. Any help of advice appreciated.

Kind regards
Abiel M de Groot Sanders
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

i have used

openssl pkcs7 -inform der -in YourFile.p7b -out YourFile.pem  

and i have ,pem file, i tried using openssl pkcs7 -in Yourfile.p7b -text -out Yourfile.pem -print_certs

it is giving error.

i opened the ,pem file and i saw

----BEGIN PKCS7-----
MIIPnAYJKoZIhvcNAQcCoIIPjTCCD4kCAQExADALBXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX0SOBLcJPK6QFYY/5KggxAA==
-----END PKCS7-----

what more should i do.

thanks
0
Performing an Exchange 2003 o 2010 migration.  I have switch mail flow from EX2003 to EX2010 in coexistence.  Mail seems to be working correctly, but I am getting the following error now on the EX2010 server:

The following fatal alert was received: 46.
Event ID: 36887

I have only moved a few mailboxes over to EX2010.  I am getting certificates errors on Outlook Web Access, but can still log on and get mail.  The error searches I have found so far says it an issue with SSL.  I have a SSL certifcate installed on EX2010 and exported it on to EX2003.  I purchase this new certificate from the request I created on EX2010.  Anyone have any solution ?
0
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
0
Hey guys,
Please note Im not too savvy when it comes to exchange and ssl certs.
Having issues with a computer popping a security alert when opening outlook 2013. OS is windows 10.
It is an exchange 2010 mailbox that is linked with ad and the mail config automatically pulls.  Accounts and everything work great.  However on this computer i am getting a security alert that states the .local servername at the top and a red x next to "the name on the security certificate is invalid or does not match the name of the site."

this is a godaddy cert and the sans on the cert state the name for the owa website and autodiscover urls, and wont allow putting the .local server name.  This cert should be for external use if i understand correctly.

There is a self signed cert on this same server that does have the .local san listed.

but its like for some reason outlook is still pulling the godaddy cert.

Can anyone lend a hand with this issue?  
Im even down for just suppressing the popup if thats possible.
0
We have a root CA that we keep turned off.  We have an intermediate CA where we issue certs for internal use.

All certs I'm issuing refuse to issue out past Dec 20, 2017 at 2:20PM.  

I'm sure this is due to me intermediate CA needing to update it's cert from the root CA, but I'm unsure how to do that.

Can someone point me in the right direction?  <-------(isn't that the name of a boy band?)

Thanks

Cliff

PS:  Windows 2012 R2 servers here.
0
Hi all,

We have a internal CA and I im trying to sign a certificate using the the CA. I have used open ssl to create the CSR file, i would like to know now how I create the cert file.
0
Hello all,

I have some Win 2012 3cx v15 phone systems and was having trouble with apple push notifications for calls to remote devices.  I've determined it to be a TLS issue.  I had used IIS Crypto to remove the less secure SSL 3.0, TLS 1.0 and 1.1, leaving just TLS 1.2 and more secure ciphers.  This breaks apple push notifications from the 3cx server/software.  I put back TLS 1.1, no luck.  Put back TLS 1.0, now push notifications work.  I find it odd that I should still need 1.0 enabled on the server.  

Is apple push still using that protocol and not 1.1 or 1.2, or might there be something else going on here.

I'm by no means familiar with protocols/ciphers, just determined what fixes the problem.
0
Hi,

I am migrating an Ex2010 server to Ex2016.

I've already introduced the Ex2016 server into the environment. I have not yet changed DNS or cut over namespaces.

I am at the SSL stage.

Obviously I have an SSL cert on the 2010 server (good for another year). From what I have  been reading it says to export the Cert from the 2010 server and import it into the 2016 server. (Name spaces are the same for both servers so the current SSL will be fine.

My question is, when I export the SSL from the 2010 server, will that invalidate/cancel it on the 2010 server and stop it from working? If so, I was thinking of just buying another Cert and installing that on the 2016 server.

Thanks!
nacht
0
Grrrr,

I'm having a hard time.  I'm trying to renew an existing certificate on Exchange 2017.

Just renewed the SSL with GoDaddy.

Received the SSL certificates but no REQ, just .CRT

In ECP when renewing the SSL, I get this error:

"Please use a valid file name when you run the New-ExchangeCertificate cmdlet on server MAIL with the -RequestFile parameter. The file should not exist in target folder. Parameter name: RequestFile"

 2017-06-10_18-16-32.png
What am I doing wrong?

Please advise.  Thanks
0
Free Tool: Path Explorer
LVL 9
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi Folks,

It seems some changes to my site have shocked the search engines:  www.recoveryaudio.org  Traffic today is down by probably 70%.

Last night a new Divi child theme was installed.  A few weeks ago I switched to a secure (https) server, and also added Clouldflare CDN as well as Ezoic, which is a CDN ad proxy server.

I have read that switching from http to https can affect SEO (and i suspect there could be an issue with internal linking), and I suspect the page HTML code has changed significantly as well.

I'm seeking some guidance to identify obvious problems, and/or possibly hiring someone for guidance or "fixing" whatever issues may be going on.

Thanks!!
0
Any HTTPs site I attempt to reach I get a generic page not found error, while if I use a page's HTTP variant, I can reach the site normally.

I have already cleared any proxies in IE, installed and used Chrome and Firefox, checked for firewall rules that block port 443, registered a series of DLLs, and ran sfc /scannow to see if all of the system files were intact ( No errors found).

Are there any other fixes or troubleshooting methods I can look into for this?
0
Dear experts,
We have a HAProxy installation with SSL-Passthrough (we need the SSL to reach the apache itself for proper HTTP/2 handling so we can't use SSL termination on HAProxy)

However, I can't seem to configure the HAPrxoy to send the real IP to Apache, the logs always show the internal IP of the HAProxy.

This is my HAProxy Config:

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2     #Log configuration
 
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     30000                
    user        haproxy             #Haproxy running under user and group "haproxy"
    group       haproxy
    daemon
 
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout 

Open in new window

0
Dear Experts,
I'd like to cache my flash movie on my html page, I do not want to download it again and again from the server when the page is called. Because, I will not change it for two weeks and the file is proportionally large. As far as I know, the browsers cache flash files, but I need to be sure..
I use https ( secure connection )
I wrote my html page like this. What do you think about it?

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="pragma" content="Cache">
<title>My Title</title>
</head>

<body>
<object width="1366" height="768">

<param name="movie" value="upt_video.swf">

<embed src="upt_video.swf" width="1366" height="768">

</embed>

</object>

</body>
</html>

Open in new window

0
I have installed Exchange 2010 onto Server 2008R2. I have an SAN SSL certificate from Godaddy installed on Exchange (mail.domain.com and autodiscover.domain.com). I have a Cisco ASA acting as a firewall and a Sophos XG135 in bridged mode acting as the email filter. Email can be sent and received without a problem and the email is being filtered. OWA works from the outside without a problem, however, Outlook Anywhere will not work. I have poured over the available documentation from Sophos but cannot get a remote Outlook client to connect to the Exchange server using Outlook Anywhere.

Has anyone successfully configured the XG in bridged mode to work with Outlook Anywhere? What steps am I missing? Do I need to install the SSL cert on the XG instead of Exchange and make the XG an SSL Proxy? If so, is there any documentation on how to go about this with the Godaddy certificate?
0
I have Server 2003 R2 with Exchange 2007.

I am trying to create a public SSL certificate I can install on the server. I generate the certificate request from IIS and copied the crt file to godaddy. I generated the certificate by opening IIS Manager > expanding server name > expanded web sites > right click on "Default Web Site" > directory security > server certificates > next > create a new certificate > "Prepare the request now, but send it later > Name: "Default Web Site", bit length 2048, and left "select cryptographic service provider (CSP) for this certificate" unchecked > entered Org name and Org Unite > common name: mail.mydomain.com > Country, State, City > let it default file name c:\certreq.txt.

I downloaded the completed file from goDaddy and imported into mmc > certificates > and imported the crt file from GoDaddy. Went back to IIS Manager and deleted the pending certificate > Assign an existing certificate > and choose my certificate from GoDaddy. The problem is this does not contain a key to correspond with that certificate to secure my Outlook Web Access. How do i accomplish this?
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.