Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a series of servers at a clients site that runs Exchange, dedicated Terminal server (2008 R2), Webserver and Application server.

Their UCC certificate thats used for Exchange, autodiscover, and terminal service connection has lapsed and I am in the process of updating it across the board.

I've already generated, and completed the CSR request from Godaddy, imported into Exchange (confirmed its working on new cert), exported that from IIS uploaded to the Terminal server and imported into Personal store.

However when I go to Remote Session Host configuration under General > Certificate > Select...
It only shows me the previous certificate, does not give me any other option aside from the old certificate I'm replacing.

Where might I find the option for replacing the RDP-TCP certificate for 2008 R2 Terminal server?

Furthermore the server does not have Connection Broker Tools or Remote Desktop Gateway Tool features installed at this moment. I've looked online found a couple promising guides however they either don't pertain to my scenario or they are for a different version of Server than I have.
0
Free Tool: SSL Checker
LVL 10
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Good afternoon,

Mozilla seems to have stopped displaying images on our website.  We noticed it today, but not sure when it started.

Our website is https://ppar.com.  This is a 2012R2 Server running IIS 8.5.9600.16384.  Our websites reside on this server.  We have a valid cert for this website.  The images reside on another server running Server 2016 with IIS 10.0.14393.0.  The images server also has a valid cert.  The time on both servers is correct and both certificates have not expired.

When I try a valid link ( https://photos.ppar.com/matrixlarge/11/8120075-1.jpg ) in both Chrome and Firefox, it works in Chrome and fails in Firefox with the following error:
"An error occurred during a connection to photos.ppar.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT"

I'm beating my head against a wall...any help?

Attached images.
FireFox.JPG
FireFox1.JPG
Chrome.JPG
0
The GoDaddy SAN certificate for an Exchange 2013 server has been revoked.  I have re-keyed the certificate and a new one has been issued and downloaded, but I'm unable to access the EMC due to the revocation of the old certificate, and am at a loss as to how to go about installing the new cert.  This is something I know little about, so step by by step help would be much appreciated.
0
I have created an Amazon S3-compatible server that is being used purely for backing up my data (using ARQ, etc.)   However, I am only able to connect to it using HTTP as a URL not HTTPS.   If I use HTTP (not HTTPS) as my URL, are my S3 credentials and data transmitted in plain text, or is encrypted?  

Thanks.
0
I have a IdHTTPServer and i want implement the support for handle both http and https request. There are my consig

FSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
FSSLHandler.SSLOptions.CertFile     := 'certificate.pem';
FSSLHandler.SSLOptions.KeyFile      := 'key.pem';
FSSLHandler.SSLOptions.RootCertFile := 'chain.pem';

FIdHTTPServer.Bindings.Add.Port := 443;
FIdHTTPServer.IOHandler := FSSLHandler;

FIdHTTPServer.Activate := true;

Open in new window


in the server directory i have ssleay32.dll and ssleay32.dll v1.0.2l (Win32) downloaded from http://indy.fulgan.com/SSL/

when i make a request from Chrome, in the security tab of the developer tool i see:

YLrb4.png
Also, analyzing the server with sslyze i have some others security issue (see VULNERABLE label):

> sslyze --regular local.XXXXXXXXXXXXXX.com:4343

SCAN RESULTS FOR LOCAL.XXXXXXXXXXXXXX.COM:4343 - 127.0.0.1
 --------------------------------------------------------

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1_1 Cipher Suites:
     Preferred:
        None - Server followed client cipher suite preference.                                                            
     Accepted:
        TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits                                    
0
I have a google visitor map that uses Geo location that has stopped working on the live site but still works @ locallhost

I'm thinking it could be because I don't have  SSL certificate!

Looking at the webhosting website they charge from £25.99 per year which seems a bit steep considering I only want it so the google works

My question is do I need a  SSL certificate?
If so do I have to go through the hosting company or can I register for free?
0
Our Exchange 2010 SSL certificate is about to expire and we are preparing to replace it.  In the past, we've had some issues with this process as far as it not being as seamless as we'd like.  Users were getting various warnings/messages, accounts had to be removed and re-added on mobile devices, etc.  What can we do to eliminate the many phone calls from users this time around?  We used EMC to generate a CSR, validated it with GoDaddy, and downloaded the new cert.  I assume it's as simple as selecting the pending cert signing request and completing it, but want to be very cautious.  I would like this to be a seamless process without the end users being aware anything even changed.  

I *think* possibly the issue at the last renewal was due to one of the SANs that had previously been used was missing from the CSR, although we didn't know that at the time and are still not sure why it was missing.  I don't know that this is the cause though so I want to make sure I've covered all possibilities.
0
I have been getting event id 403 after installing a new SSL cert  on my Exchange 2010 server.

The certificate named 'B02FEAAC45742783AA61FC8DB7D0C5E0FF415239' in the Federation Trust 'Microsoft Federation Gateway' is expired. Please review the Federation Trust properties and the certificates installed in the  certificate store of the server.

What does this mean?
0
Hi,
I've added an SSL certificate to a couple of websites to make them secure but noticed that this didn't take place even though the URLs start with https etc.
These are old existing sites so I suspect that the reason might be to do with legacy image links i.e. http:// www.site.com/image1jpg.
Does the same logic apply to hyperlinks to external websites?
For example, if a page is linked to http://www.externalsite.com/ instead of https://www.externalsite.com/ and all other image links etc. are https:, would the page be considered as not being totally secure?

Any and all help and tips would be much appreciated.

Thanks!
0
Hi
We have exchange server 2007 on site and few year before we wanted to upgrade to Exchange 2010 one of the company built the exchange 2010 server and was completed and a  SSL certificate was also installed on this server.
On the exchange server when I open the EMC ,
Later we changed our mind and wanted to go with office 365 and now I am planning to migrate to office 365 in early next year.

Now the SSL certificate on the Exchange 2010 is expired and whenever the client PCs are restarted or sometimes when outlook is opened these is SSL certificate security Alert pops up.
Please see the attached and it is annoying the users and Is it possible to stop this alert from popping.

Any help would be great
Thanks
SSL-popup.jpg
0
Q2 2017 - Latest Malware & Internet Attacks
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

The large image of the four Canada stamps on this page is causing Firefox to tell me the page is not secure due to non-secure elements on the page:

https://www.worldstampcompany.com/country/canada

However, in my HTML I am using:

https://imageshack.com/a/img923/5798/vZdd8h.jpg

If I put that URL in my browser, I do indeed get a "connection is not secure" message. However, if I then forcibly put https in my browser:

https://imageshack.com/a/img923/5798/vZdd8h.jpg (again)

...it does come up as secure.

I'm not sure what Image Shack is doing, it seems like they are redirecting to non-secure (http) but at the same time, if I can force https in, it looks like they have a certificate.

Is there something I can do to make this work, or do I have to contact Image Shack and find out what they are doing on their end?

Thank you!
0
My company owns a particular domain name mystuff.com to a site but due to some weird contract issues we don't control it. DNS control is handled by consultants and they currently have it running at amazon. If we need to add a sub domain now to mystuff.com (SSL cert and a cname), who should be responsible for this? Us or the consultants?
0
Due to how our website is configured, and the fact we have many novice outside people accessing our FTP server (they are sales reps), it may prove difficult to force them to switch to an SFTP or SSH method to access the server.  So I wanted to pose the question - if FTP is the best I can do for now, what is the best, most secure way to configure it?  Is SSL fairly secure?  Any other ways to do it?

Thanks for your input.
0
This if for Exchange Activesync.
If I create the certificate request using IIS, the CA generates a certificate with includes a "SMIME capabilities" field.
However, there is no option to generate a SAN field.

These instructions show how to add a SAN field:  https://techontip.wordpress.com/2011/06/06/how-to-create-a-san-certificate-signing-request-for-iis-web-server/

But the certificate generated has no "SMIME capabilities" field.
I think SMIME is an important part of Activesync, correct? So the certificate to use with ActiveSync must have it.

How can I generate a Certificate with both fields?
0
Points of My Scenario:
1. I am troubleshooting CRM Dynamics website failure, which occurred after 3 un-installable Windows updates (KB4025337, KB4022722, and KB4034679).

2. Users get the following error when attempting to connect to website: "This page cannot be displayed. Turn on TLS1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to <https://website> again"

3. TLS 1.0, TLS 1.1, and TLS 1.2 were all always checked (turned on) in the Advanced tab of the Internet Options dialog box.

4. In IIS (on a Windows Server 2008 R2 SP1 member server) the "Microsoft Dynamics CRM" website bindings include http (over port 'wxyz'), and https (over port 'efgh').

5. Surprisingly, the "Browse *:wxyz (http)" link works, WHILE the "Browse a.b.c.d:efgh (https)" link  fails with the generic error "Internet Explorer cannot display the webpage"

6. When the user tests the non-SSL version of the website, (s)he gets the error "Not Authorized. HTTP Error 401. The requested resource requires user authentication."

7. The https (SSL) and the http (regular, unsecure) links are identical - so, whereas the https (SSL) link complains about the absence of settings that are truly present, http complains that the user is not authorized.


QUESTION: What shall I do next to troubleshoot/resolve this failure of the CRM Dynamics website?

I am grateful for any help I can get. :-)
0
This is Apache 2.2.17 and it was complied into its own directory.
The Openssl version on the server was 1.0.0.
I installed a newer version 1.0.1g.

Configured the new version to be used by the OS. 'openssl version' and 'which openssl' both show the new version.

However, when I try to add the new security from OpenSSL in the httpd.conf I get this error:

SSLProtocol: Illegal protocol 'TLSv1.2'

...showing that it is still not using updated OpenSSL.
Per Redhat. httpd2.2.17 should support this:

https://access.redhat.com/solutions/65030
RHEL 6: TLS v1, v1.1, & v1.2 support

You must have at least openssl-1.0.1e-15.el6, httpd-2.2.15-39, and mod_ssl-2.2.15-39 to have support for TLSv1, v1.1, & v1.2.
TLS v1.1 & v1.2 support added to OpenSSL with release of openssl-1.0.1e-15.el6 from RHBA-2013:1585, first shipped in RHEL 6.5.
The ability to specify TLSv1.1 & v1.2 in Apache with SSLProtocol was included in httpd-2.2.15-39, released in RHBA-2014:1386-1.

What needs to be done to do this other than recompiling Apache?
0
We have webserver where certificate Authority webenrollment role installed and it is pointing to Issuing CA

When ever we try https://webservername/certsrv then i can able to request certificates

but when i try https://webserver<Ip Address>/certsrv then in the last step while requesting certificate the following error appears... can anyone help to resolve this

certsrv.JPG
0
Hi
I am installing AFDS on our Active Directory server is Windows 2012 for migrating our exchange server 2007 to office 365 through the Hybrid deployment.
I would like to procure a third party SSL certificate on this ADFS server. As per the link below under Create the SSL Certificate Request (CSR) – Point 8 it says Fill out the certificate request properties.
https://blogs.technet.microsoft.com/canitpro/2015/09/11/step-by-step-setting-up-ad-fs-and-enabling-single-sign-on-to-office-365/

“Make sure that the common name matches what you plan to call the AD FS server farm”

Not sure what would be the common name needs to be put in here. Please suggest and let me know if you need any further information.
Thanks in advance.
0
Hi

Our Active Directory  server is Windows 2012 and I am working on migrating our exchange server 2007 to office 365 through the Hybrid deployment .

I would like to install the ADFS on our Active directory sever .

Firstly If i have to install ADFS role , please let me know if i need to install the Active directory certificate services on the active directory server prior to installing the ADFS.

Secondly , i am planning to procure the SSL certificate from Trustico to install on the ADFS server,
Will i be able to  generate the certificate request CSR file on the ADFs server and send it to  Trustico to issue a signed certificate?

Or do i need to install the Active directory certificate services on the AD server and generate CSR and then send to Trustico.

I am doing this  migration for first time , Please correct  where required and let me know how to go about.

Thanks in advance.
0
What’s Wrong with Your Cloud Strategy ?
LVL 10
What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Please help!

I have been tasked with renewing and then installing a SSL certificate on a SBS 2011 server. I have already renewed the cert and imported into the MMC console and I have ran the Certutil CMD command as per my normal steps. The next step that I usually follow is to launch the SBS Console and then via the certificate wizard 'add a new certificate' choosing the option 'use a certificate already on this computer' however the server in question has an issue whereby the SBS console crashes immediately (not when switching to the network tab but literally immediately). I have confirmed WMI is up and also ran the repair console option using the original CD media and then rebooted but still the error remains. I cannot see anything obvious in Event Viewer.

I have to install this certificate asap (within the next 24 hours) so just wondering is there a way of replicating the 'install a certificate already on this computer' method without using the SBS Console (powershell etc). Going forward clearly the SBS issue needs to be fixed but this is a secondary issue and the most important bit is getting this newly renewed cert installed and in use so the clients email is secured.

Please help! Also bear in mind I am not particularly familiar with SBS (or IT in general) so simple instructions ideally!

Note when it crashes the error reported is CLR20o3 if that helps.


Thanks in advance
0
I renewed a Godaddy SSL cert and when I install the .crt that they returned the data on the website in IIS is updated however, when I go to the site and check the SSL cert it stil has the old date. I have restarted IIS on the server but, the date hasn't updated. What do I need to do to get the SSL cert date to cjhange on the site?
0
In testing compatibility for older browsers, I am running into an issue with trying to access my site using Internet Explorer 11 and Windows 7. (Yes, I know it's a really old system, but you'd be surprised how many of our users still have those old machines).

I want to put up a message that tells them our site will not work with that old of a browser, but I can't even get to the site without getting the "This page can't be displayed" message.  We have the server locked down pretty tight and I'm sure that's the issue. Is there any setting that can be changed (e.g. .htaccess, etc). that will allow a user with an older browser to be redirected either to a different site or to a different, customized message?

My site is: https://chloedog.com.  Thanks.
0
Hi Experts,

1. In what kind of environment , would we need to manage SSH keys?  
   Is it when we have multiple users sshing into any network device/Servers ?

2. Is there any software , that can be used to centrally deploy  different SSL certificates , and manage them (as in inform the admins about the date of expiry , etc.)


Thanks,
T
0
hi guys

So I am going to be installing an SSL certificate on a Linux Amazon EC2. I created the CSR on this instance so I will need to apply the SSL to it to complete the installation.

It is a wildcard SSL certificate. So then I will need to export this SSL certificate and install it on another instance and turn off the other machine. On Windows I know how to export it as a .pfx and install it on another instance, but I don't know how to do this on a Linux machine. It is an amazon EC2 instance.

Are you able to help me accomplish this? What commands do I have to run to export this and then install it again on the new instance?

Thanks for helping
Yashy
0
Hi guys

I've purchased an SSL certificate for an amazon EC2 instance. I am using SSH to connect to the instance.However, I can't copy the purchased files from my desktop onto the actual location /etc/pki/tls/private folder as it's almost certainly down to permissions. The username I am using is 'ec2-user'.

Any ideas how I can change the permissions so it will accept the copy? What permissions would you give it? And then have them set back again? As I know messing with these folders will probably end up with creating a host of other issues.

Any help would be much appreciated.

Thanks for helping
Yashy
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.