SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi all,

I have applied DigiCert Certificate on our web servers.  On some of our websites the https applied properly with green locker next to the URL.  However, on some others it doesn't, which i don't know why.  consiquently i had to apply the following redirection script to force the HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This works, but still i have to have port 80 open too.
I there any disadvantages of using this script above to force 443? Shall i keep it or it is better fix the root of the problem?

Thanks
0
SMB Security Just Got a Layer Stronger
LVL 1
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Domain controller certificate expired - don't know much about certs,i think it's a local cert but not sure. also i have like 4 Domain controllers and its expired on all.

Please help
certs.png
0
We have a partner that has a MySQL / Maria DB Master server.  We have a slave and want to replicate against their master.  Some want to use the builtin SSL replication and others want to tunnel via SSH.  Can anyone provide some recommendations or pros and cons of each.  Any security, maintenance issues to consider?  Also, I assume that since we would be replicating against their master, they would have to run with the ssh port listening, not our slave?  Thanks
0
If I am sending out a bulk email that includes a picture for a header, does it matter if the link to the picture is http or https?

I seem to remember from days past that https image links could cause some problems. But I'm not sure if that was from the dark ages and is no longer relevant. Or is that still important?

Thanks.
0
https://www.ssllabs.com/ssltest/analyze.html?d=www.magickitchen.com&hideResults=on  - this report shows several problems, and in each case, it starts: "This server is..."

So is the problem with the security on the server or with the certificate?  I don't manage the server. It's with rackspace, and we have a developer who works on it.

My take is that we need to get on the server and add some protocols and update others. But I'm not sure, and just want some clarification. Thanks.
0
Hello,

I have a customer who will not use Office 365 and has an Exchange 2016 server on a shoestring budget, they will not go for an Exchange Edge Server or WAP though I did get them to buy a firewall (Sonicwall)

I want to implement HTTP redirect for the OWA service and would like to know if opening port 80 on the Exchange server makes it significantly more vulnerable or is it a definite NO-NO.

I know there is a scale of security and normally I wouldn't do this but the client wants people to access webmail through webmail.company.com for ease.

One option I thought if it's possible it to spin up a basic VM in Azure to act as a redirect. Would that be better?

Cheers, as always I welcome input.

Dave
0
I just received this notification from MailChimp.

We strongly encourage any developers who are using the MailChimp API to ensure that their software supports negotiating TLS 1.2 connections, and to coordinate with their system administrators to update software to take advantage of newer TLS versions. In addition, we recommend proactively switching over to TLS 1.2 when communicating with MailChimp’s API by modifying your API client software to enforce TLS 1.2 negotiation.

I have written some code in PHP that makes an API call to MailChimp. I'm not sure how to tell or know if I am using TLS 1.2 to communicate with their API.

How does one make sure you are or find out what protocol you are using?
0
We purchased a SSL cert for a website we host internally only. When I try to access the site via HTTPS the cert errors and gives a mismatched address error. internally we normally open the site via ip address 10.1.1.1/services so I switched it to FQDN hostname.domain.com and I'm still getting the same mismatched error. When purchasing the SSL cert I created the file on the server in question uploaded it to network solutions and created the SSL cert so I'm not sure why I'm getting the mismatched error. I'm not a pro at certs (obviously), any suggestions are appreciated
0
Is it possible to setup and establish VPN connections to a SonicWALL TZ600 router without having to purchase special licenses or subscriptions?

I have a client who has a SonicWALL TZ600 router that currently doesn't have any licenses or subscriptions purchased and we are wondering if we can setup and establish any VPN connections to this router.
0
I would like to have examples of sites which have 302 redirects setup on them. One such example is google.com. The below is the response i get from google.com using the http-ping utility:
Reply: [302/Redirected] bytes=268 time=74ms
0
Learn to develop an Android App
LVL 12
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Hi Guys,

I'm having good knowledge on installing configuring ADCS and working with certificates (all type of troubleshootings, extensions, ocsp,crl etc)

having good knowledge on basics of PKI like how it works, symmetric, assymentric. etc..

I have an interview tomorrow for this position not sure how they are going to ask questions is this knowledge enough to tackle the interview any advises?? interview questions??? everything is welcome.

this ks well reputed company with very good package, i know if i miss this chance i cannot get again the same like this...

JD contains the below: (i have basic knowledges on this concepts)

Enterprise Key Management System (EKMS), Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Key Management Interoperability Protocol (KMIP), Keyed-Hash Message Authentication Code (HMAC), Transparent Data Encryption (TDE), Enterprise Digital Rights Management (EDRM), etc for Data-at-Rest, Data-in-Transit and Data-in-Use.
0
I have a Server where some user use to connect into with Remote desktop, yesterday I noticed in the log start showed me a lot logon failed using account name are not exist in  my environment so somebody is tried to connect attacking the port I think  so my question is what I can do?

I already have gateway with SSL in that remote  

so I need to change the port? which options I have?

my server  windows 2008 R2 and  I have a fortinet Firewall

no to many experience
0
Hi All,

I'm interfacing with a bank API that requires a client certificate (signed by a third party CA) to be attached for certain requests (EG: initiating an ACH transaction).  My code will be deployed in the form of a DLL to multiple desktops within our office which can then be used by another windows application.  

So a few questions based around this:

Is it possible to configure all the clients to use the same hostname or does that present issues?  (We're natted, but we also have redundant internet connections so I'm worried about the source IP).

if it's just an X509 Certificate, is that the same thing as the coding certificate or is there some other kind of cert used for clients?

Best vendor for the kind of certificate needed?

Thanks in advanced.
0
I am in desperate need of help. Here is the full story. We are upgrading from exchange 2010 to exchange 2016. There are 4 exchange 2010 servers. A, 1 primary exchange with main send and receive connectors.
B and C, 2 local exchange that have an internal replay to the primary
DR is the backup exchange

I installed a new Exchange 2016 and set the virtual directories of OWA for internal and external. The Primary exchange (A), has outlook anywhere installed. B and C have it pointing back to itself for all virtual directories. and DR exchange does the same thing.

After the install, Primary exchange A and new ex2016 did not show any problems. But site B and C were unable to connect to exchange outside of our network. Easy fix was to move them to over to the new exchange. Issue, somewhat solved.

Now comes a new problem. I installed an exchange 2016 DR server and created a DAG but I am getting these pop ups cert error
I have a split DNS on site. I looked into changing the _autodiscover SRV file to point from the old exchange DR to the new exchange DR but, I can't do that as we are not fully migrated over. When i open up outlook, it seems to want to connect to my sa-exdr-p01 via MAPI. I'm not sure why it keeps trying to auto connect to it. If I hit no on the cert, It will connect to my OWA. If I hit yes, it will still connect but instead of going to OWA MAPI, it will connect to sa-exdr-p01 mapi. Mail still flows in and out. No problem.

I'm completely lost…
0
Is it possible to make the WinHTTPRequest object to use TLS v1.2 on a Windows 2008R2 server?

I tried to use this site: "https://howsmyssl.com/a/check" to check the connection security properties,
and it reports that the TLS is 1.0
but if I use the object Msxml2.XMLHTTP instead of WinHTTP.WinHTTPRequest,
then the server reports that "tls_version" is "TLS 1.2"

    set http_req = CreateObject("WinHTTP.WinHTTPRequest.5.1")
    http_req.open "GET", "https://howsmyssl.com/a/check", false
    http_req.send 
    MsgBox  http_req.responseText

Open in new window

the response:
{"given_cipher_suites":["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA"],
"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,
"unknown_cipher_suite_supported":false,"beast_vuln":false
,"able_to_detect_n_minus_one_splitting":true,"insecure_cipher_suites":{},
"tls_version":"TLS 1.0","rating":"Bad"}

Open in new window


If that is impossible, then I'd like to know how actually bad to use "Msxml2.XMLHTTP" to make connections from a web server process?
0
Kindly help me fix my SSL signing certificate request, status is not changing even after numerous trials
0
I have my website in a cloud service wwwxyz.com  and my internal DNS can SEE it   I have the record A, www and the external IP of the site this one was working fine for months and now I can see it the site intenal in my network If I use the ip I can see it, the only change we did recently was add it an SSL

any idea?
0
My IIS certificate expired

I bought a new one and used the CSR request from the previous cert I did a year previous (i'm not sure if this will cause issues)...server and domain is the same

How do i update the certificate in IIS?
0
I am using portecle to generate a java store cert for JIRA. I created the keystore, create the key pair, generated the CSR, processed the CSR using third party CA. I then imported the root cert into Portecle. When I import the CA response I get "could not establish trust for the CA reply. The import cannot proceed.
Why is this happening as everything appears correct.
0
Evaluating UTMs? Here's what you need to know!
LVL 1
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Hello,
i read over google that i can decrypt the ssl and tls traffic with wireshark
so i use port mirriong on my router and route all traffic to wireshark it' will help ?
is there any way to do i t?
thanks.
0
Hi
I'm deploying sonicwall cert from a firewall to all my windows clients.
The certificate has been distributed by GPO.
I'm having a problem with java apps (idrack) which can't connect.
I've imported this to my java store but the same issue appeared.
Eventually I will need to distribute this to all my Win and Mac clients.
0
Hi, we're starting a new ecommerce store. On the new domain, I have the Comodo Positve SSL certificate.

We'll be selling some fairly high-priced items, and accepting credit cards. I know the cert I have is compatible with TLS 1.2, so no problems there. Is there any security reason I should go to another SSL certificate?

There's EV certificates, but they don't provide extra security, just the green bar. I'd prefer just to stay with the SSL certificate I have, if nobody thinks it's a problem. Thanks in advance.
0
I've got several .csr files, a pem, and a pkcs12 file for our domain's wildcard cert. My question is how do I generate the private key? Or was this supposed to have been delivered by the signing authority?
0
I need to update a bunch of catalyst switches from TLSv1.1 to TLSv1.2. Also need to disable older ciphers. Has anyone implemented this before?

Please share the steps as I can't seem to find anything documentation online for this.

Thank you.
0
I am looking to purchase a publicly signed SSL certificate to use for a secure web login and stop endless browser security prompts.

Does it matter what CA to purchase from?

Especially as it has to work with Chrome.

I'm sure in the past I have purchased from 123-reg and ended up having to get users to install 123-reg CA root certificate to stop the prompts, which is what I was trying to avoid in the first place!
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.