SSL / HTTPSSponsored by Flatiron School

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a website (site1.com) that has a login script that it pulls from site2.com. Site1.com has a SSL certificate assigned to it, and site2.com has no SSL certificate. On site1.com I have a pop up login dialog box with a login script that is linked from site2.com. The problem is site1.com is showing mixed content (insecure warnings) when trying to use that login script. The only way to get the "secure" green lock on site1.com is to remove that content completely. Is there anyway to get this content secured while referring\linking to site2.com?

Thanks in advance!
0
Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Please bear with me, as this is going to be lengthy. The short of it is, I bought an SSL cert from GoDaddy for *.mydomain1.com. After installing it on IIS, I try to browse to the site on Chrome and get an SSL error NET::ERR_CERT_COMMON_NAME_INVALID. Looking at the Cert on Chrome, it says it's issued to *.anotherdomain.com. How is this even possible?

Here are screenshots of everything.

Note the two different SSL Certs in GoDaddy.
Note the two different SSL Certs in GoDaddy.
Here are the certificates installed on the server. Note the difference in expiration dates.
Here are the certificates installed on the server. Note the difference in expiration dates.
And, here are the certs installed on IIS.
And, here are the certs installed on IIS.
Just for confirmation, I open the cert to see its details. Sure enough, it's issued to *.mydomain1.com.
Just for confirmation, I open the cert to see its details. Sure enough, it's issued to *.mydomain1.com.
Here is the binding for the site in IIS.
Here is the binding for the site in IIS.
And finally, when I try to go to sales-dev.mydomain1.com, I get this error.
And finally, when I try to go to sales-dev.mydomain1.com, I get this error.
Any help would be greatly appreciated.
0
Hi
We are changing from a self signed cert to a 3rd part one.
The firewall is managed by a 3rd party co.  I have the CSR for the new cert but unsure which co to use?

https://uk.godaddy.com/web-security/ssl-certificate/options/add-ons?src=ac&plan=ssl_001sites_tier1_024mo
https://www.digicert.com/order/order-1.php

Ideas?
0
Is one way better than another for forcing site-wide https with the htaccess file? Here are a few methods suggested on different websites:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]

Does it make any difference which RewriteCond I use? It looks to me like all three RewriteConds are saying the same thing. Are they essentially interchangeable in achieving my purpose?

Also, the last two RewriteRules differ from the first. I'm assuming the syntax on the first ( ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} ) is correct for my purpose. Is this true?

Thanks!

Regards,
Jonathan
0
I have the same issue https://community.spiceworks.com/topic/1989498-active-directory-certificate-authority-no-longer-exists talks about

How can I find out what a certificate was used for to determine if I need to make sure it still works since most of the items that were in the old domain I walked into (Exchange, SharePoint, etc) are no longer in use, therefore I might not need any SERVER "CA" certificates ?
0
My client has installed  a Enterprise certificate few months  ago and let the  CA's vilid period to be 3 years in the installation. I noticed the template's valid period was set or defaulted to three years. Then a  certificate was duplicated from that template for servers and PCs. Also GPO was  configured  to auto-enroll.
My understanding is that cert is being issued to PCs and servers  and will be replaced after three years when the cert expires, and also if i install a new server today and that server will get cert to cover three years from today, I might be wrong to assume that. Not sure what that CA valid period is doing here and what the template expire date?
Experts out there,
1. If CA's valid period and template expire/valid period are same then How do I extend the CA's valid period to 5 or six years?
2. Does the CA get the same certificate as rest of the servers and PC, that is, the root certificate is same as the rest of the servers?
I would appreciate if you shed light on these.
1
I am trying to install Sonicwall SSL  VPN and the install fails with the following error.

Starting to connect RDP...


RDP ActiveX Control appears to be disabled or not installed.





If it is disabled, goto 'Tools->Manage Addons...', and enable 'XTSAC Control'.Please wait while the Remote Desktop ActiveX Client loads ...


Protected Mode WarningcloseDell SonicWALL Secure Remote Desktop Client has detected that Internet Explorer is running in Protected Mode. Security warning may popup during launching the client under Protected Mode. You can add the SSL VPN web address into the browser's trusted sites list to avoid this.
Click 'Yes' to continue and 'No' to cancel launching the client.NoYes


'XTSAC Control does not appear in the add ons
0
I am attempting to create a self-signed certificate on a Windows 2016 machine (running IIS 10).

With the "Server Certificates" selection under the Server name (in IIS) I choose "Create Self-Signed Certificate", enter the host name and save it to "Personal".

I go into the Certificate Store (via MMC "Certificates" snap-in), export the file as a PFX file and then re-import it. I'm not sure this is a necessary step, but I've been testing as much as I can.

I see the certificate under "Bindings" when I go to the site, but Google Chrome still gives an error: NET::ERR_CERT_AUTHORITY_INVALID

It's not isolates to Chrome, because Internet Explorer and Firefox both show an error.

What am I doing wrong? Have I missed a step to get a self-signed certificate to work on my machine?

Thanks!
0
I need to install TLS/SSL Certificate from GODaddy to Oracle EBS R12.2.7
0
I'm trying to understand when I need to purchase a UCC certificate.  From my understanding so far, I only need UCC certificate only if I need to secure multiple domains correct?  What if I need certificate for an Exchange server and also for RDP access?  For example, mail.domain.com and remote.domain.com.  This is still one domain but multiple sub-domain if I am correct.  Pls advise, thanks.
0
Building an Effective Phishing Protection Program
LVL 1
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

I want to have a free VPN connection to my office from outside this will be for temporary basis as my Juniper SA2500 device is down.

can you please suggest free VPN connection to my office from outside - Need to access the fileserver
0
Dear Wizards, Can I use 2 SSL certificates of 2 different domains for 1 Exchange 2016 mail server?

We have problem here: https://www.experts-exchange.com/questions/29091045/SSL-warning-in-autodiscover-service-of-Exchange-2016.html and trying to add SSL of new-domain.com to old-domain.com Exchange server.

Is it possible and which service should we assign for new SSL?
Many thanks.
0
I have just helped a customer moving their webshop from HTTP to HTTPS.
Unfortunalely Google keeps claiming, that this site is not safe!
I can confirm that it is in fact HTTPS.
The address is: https://cotonshoppen.dk
can anyone tell me what the problem is?
0
Just bought a new Windows 10 laptop and need to install some VPN client software on it so that I can connect to my clients' networks. I have the products installed on my old laptop but don't have any installation media for them. I'm also not able to download the clients from the web or what I have downloaded isn't installing correctly. The products that I need are as follows:

Cisco AnyConnect Secure Mobility Client (version 4.5.04029)
NetExtender Windows Client (MSI) ... version 7.0.196

Does anyone know where I might get these? I can probably get them from my clients who will host these connections but it would be much easier to just download them from somewhere.
0
we are getting below error when we did test on our mx record

proofpoint gatewy:

Trying TLS on mxb-xxhosted.com[138.xx.xx.xx] (preference of 10):

Cert Hostname DOES NOT VERIFY
(see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
So email is encrypted but the host is not verified
cert not revoked by CRL
cert not revoked by OCSP

do we need to install wild card certificate?

THIS IS ONLY happening from one external email address inbound to our exchange server through smtp gateway

all other emails are flowing in fine.

is it something to do with enforced TLS if so where should we implement?
0
I have a WordPress site on a Windows server using IIS, that is using an HTTPS address served from our load balancer. When the site was using just http and no load balancer, it worked fine. Now, none of my stylesheets or other assets are loading on the front end (they say http instead of https), and when I try to login to the WordPress dashboard (wp-admin), I get an error that says the site "redirected too many times".

I have updated the site and WordPress URLs to HTTPS in my WP database. And, I have tried adding various code to my wp-config.php file, along with some rewrite rules to my web.config file but nothing seems to work.

Here are the various lines of code I have tried in my wp-config.php file:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

Open in new window


if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){
	 $_SERVER['HTTPS']='on';
	 $_SERVER['SERVER_PORT'] = 443;
}

Open in new window


define('FORCE_SSL_ADMIN', true);

Open in new window

define('FORCE_SSL_LOGIN', true);

Open in new window


I cannot figure out why the dashboard login won't load, and the front end assets only load with http??
0
Hi Experts

I am working on a wagtail project(like django-cms) I get this error when I run python3 manage.py runserver 0.0.0.0:8000

 
code 400, message Bad request syntax 
  ('\x16\x03\x01\x00®\x01\x00\x00ª\x03\x03³\x06âP\x97Þ%<Sg\x13Ö×[zE\x96\x15?
  \x96\x00\x1ah')
  You're accessing the development server over HTTPS, but it only supports 
  HTTP.

Open in new window


I had changed SECURE_SSL_REDIRECT=FALSE and tested it still i get this same error. I had disabled cache in chrome.

 I had deactivated chorme caching in registry  by following steps.
Deactivate Chrome Cache in the Registry

Open Registry (Start -> Command -> Regedit)

Search for: HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command

Change the part after ...chrom.exe" to this value: –disable-application- cache –media-cache-size=1 –disk-cache-size=1 — "%1"

Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" - disable-application-cache –media-cache-size=1 –disk-cache-size=1 — "%1"

I had also tried disable cache from chrome developer tools network -disable cache.

I had also tried by clearing cache from hsts on chrome.

I had also tried from incognito window on chrome. But still I get the same error

It is an Ubuntu machine on AWS(accessed by putty from windows pc).

I access from outside (windows pc - local pc )through http://54.23x.9x.17:8000 I am not able to resolve this error.


I had tried on some other machine.  I got the following error on console for Linux Ubuntu

it is changing to https instead of http and I got "GET / HTTP/1.1" 301 0 on console window


Please help me in resolving this error.

With Many Thanks, Bharath AK
0
Hi,

Cannot Login to WordPress Admin Area.

the website is Australia based. i would like to login from india, its not working.
https://dataquest.com.au/wp-admin - error

Why it is like this, any issue please suggest.
0
We are trying to enable SHA384 for TLS1.2 on our Windows Server 2008R2. Our credit card merchant account provider is forcing us to it.
Any detailed steps about enabling the higher version would be appreciated!
0
NEW Internet Security Report Now Available!
LVL 1
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

I am using Quickbooks Enterprise in multi mode on my network. The Database manager and files are all stored on a local server. When I am on my LAN everything works great. I am trying to use my Sonicwall/ Netextender vpn connection into my LAN. I connect fine and open files and folders on the server no issue. I launch Quickbooks, select the company to open and sign in with username and password. Thats when Quickbooks locks up and stops responding. Anyone have any ideas on this one? The only thing I cant get to work on the vpn is Quickbooks.
0
This is using MS Exchange Server 2016, is a new setup and now in full production. Last time, we used to have an older exchange server 2013. We setup this new 2016 exchange to coexist and then migrated all mailboxes to this 2016. Now, the older 2013 server is still online, but with all exchange services off and mailbox databases removed. We are planning to uninstall and decomm this 2013 in 2 weeks time.

However, there is a little problem here. When user open outlook, they always see a dialog box states that "The name on the security certificate is invalid or does not match the name of the site. This is referring to the old server cert (using ms self-signed). I curious, why this outlook still look for this old server (for cert)? anything can be done on autodiscover setting?

Thanks in advance.
0
How do I know which certificates are being used on my exchange server ?

The IT company that did install the certificates is not reachable anymore and I know that they had to use some certificates, then they dropped it and re-installed a new one...since I am managing 5 domains under my exchange box.
How do I know from this screenshot which is still used and which is not so that I know which one to renew and when ?
cert.png
0
How do I setup a Sonicwall TZ300 to allow me to telnet into a server on the local lan behind the sonicwall?
0
I had this problem with Google Chrome before, but now I have it with Firefox as well:

I'm running Ubuntu 17.10 on my laptop, with apache2. This is a development machine so I have numerous php sites defined as virtual hosts. This used to work perfectly on both chrome and firefox. But a couple of weeks (?) ago Chrome refused service, and now Firefox thinks it has to protect me from my own code.  I don't know if the problem is caused by a recent updat of Chrome or Firefox, or if this is caused by an apache update.

Now I can't access any of these virtual hosts anymore. I get some crap message about "Your connection is not secure" and some stuff about HSTS.
The thing is : I don't use https for these sites, and I don't want to use it.  All I'm developing are intranet applications NOT even accessible outside our company network, so I don't need HTTPS, and I couldn't even get certificates if I tried since there is no "official" domainname linked to these sites (they're all .lan, or .dev names)

I wasted a full day on this crap and nothing seems to work. How do I disable HSTS completely on my locally installed apache2 on MY OWN laptop? These sites on my laptop are development versions not accessible outside my laptop, so I don't need this.
Disabling HSTS for any .dev website would also be a solution.

Or alternatively does anyone know of a recent step by step "how to"  on using self-signed certificates that does work? I've tried several today but none of them seem to work…
0
Hi, I just found out that one of our cloud service vendors is dropping LDAP support very soon and rightfully so.

So, they are requesting we use LDAP with TLS or LDAP with SSL.

I am researching these options and LDAP with SSL (aka LDAPS) seems to be the better choice.

However, couldn't I use ADFS instead?


Just wondering.


Thanks in advance.
0

SSL / HTTPSSponsored by Flatiron School

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.