SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a curl error 77
Update Failed: Download failed. cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none

Open in new window

whenever I try to update my plugins in wordpress.

The site is www.thefrugallife.com

I have an Apache 2.4 instance running Linux 2 from Amazon.

I have recently moved the site and switched it to https.  My site certificate is showing it gets a B on SSL Labs using ipv4.

I can't update anything on the site till this error goes away.  Please let me know how to get rid of that error.

Thanks,
0
What were the top attacks of Q1 2018?
LVL 1
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
0
I need to get into a test server that that has woocommerce on it.  Originally it had an ssl cert but now it doesn't.  I keep getting this error in Firefox 61.

https://gyazo.com/3b19eaf25cdab4273cfe1432217cce3a

I have tried this in other browsers too and get a similar result.  I have access to the db and I have removed the https from the site url and the home link.  I have deleted the cookies corresponding to the url I am using to access the dashboard.

Searching wp_options for ssl I get these rows - https://gyazo.com/7abe7622428cf1c648f5bab0a4d4773f

I did use Really Simple SSL as a plugin but don't know how to turn if off with access to the dashboard.

I just need to get into the dashboard and check some settings.  Can anyone help me get into my dashboard?
0
Dear Experts

We are using nextcloud which is on ubuntu 16.04 with php, mysql and apache until now we were using within the local network but now there is a requirement to enable this to external network that is from internet hence would like to procure ssl certificate and install the same,
1.  can you please suggest the good source to purchase the ssl certificates
2. at present users are using this solution  by installing the ssl certificates will it have any impact of not functioning or breaking down the system please suggest.
3. can you please help me how to install the ssl certificate in this server instance
0
Hi

I am trying to create a SSL certificate and I have received the public key (SSL Certificate) and the intermediate key (Intermediate CA Certificates) in text format.

Example of the public key (SSL Certificate) is a separate text as shown below
-----BEGIN CERTIFICATE-----
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
-----END CERTIFICATE-----

 And the intermediate key (Intermediate CA Certificates) is in separate text as shown below
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhppppppp
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
0
I am trying to use Sql Server Migration Assistant 7.8 for Access to migrate access tables from Access to SQL Server 17 and then link the tables in Access to the new SQL back end tables.  SSMA is able to create the SQL Database, create the tables, and migrate the data successfully using trusted windwos connection. However the Linking step is failing as I am getting a Connection Failed error from SQL... See Error Below:

Error Message
Research show this may be caused by miss-configuration of  TLS 1.2. I have made sure that both my workstation and my server have  TLS 1.2 to be enabled for both client and server.   Also I did not install Sql Native Client as Microsoft has deprecated it, Instead, I installed Microsoft's un-depricated ODBC for SQL driver  MSODBSSQL_17.  I can go into the Access database after the data has been migrated and manually create links to tables in the new SQL back end.

Any help getting around this error would be appreciated.
0
I need help -

From PayPal -
Merchants and partners use HTTPS to securely connect with PayPal’s servers. We use the Transport Layer Security (TLS) protocol to encrypt these communications. To ensure the security of our systems and adhere to industry best practices, PayPal is updating its services to require TLS 1.2 for all HTTPS connections. At this time, PayPal will also require HTTP/1.1 for all connections.


I can't get this to work on my Azure VM.
0
a few days a go i bought a ssl certification but from that moment to this moment my referals goes down.

Usually i use $_SERVER['HTTP_REFERRER'] but now this didnt works any more

is there a way to make  $_SERVER['HTTP_REFERRER']  works with ssl?
0
can we use letsencrypt certificates for Sonic wall firewall.
issue: DPI SSl is enabled for users & firewall self signed SSL certificate is pushed to clients by GPO. but when applying the filtering rules for mobile users (smart phones, Iphones, IPads & other computers that are not part of internal domain) they get SSL not trusted error. cannot perform https filtering with this error. so is there any way to use a publicly trusted certificate for my sonic wall local IP or any workaround to filter https for those clients.
Sonic OS 6.5 later  

thank you.
0
Attempting to setup Microsoft Direct access, but it does not see my wildcard SSL cert from godaddy. It will allow me to use a self signed cert, but we would rather use our wildcard cert that matches our domain. I've read setup guides that say a wildcard can be used. Any ideas as to why its not showing up?
0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

I am attempting to recover a Token from an HTTPS server.
There is a  correctly installed Certificaton my PC that when used via a web page returns a Token

Code is in VBA  WinhttpRequest

When the code is run it returns an error  on the send line

Error 800700b7
"Cannot create file when that file already exists."
The same error is returned regardless of the contents of the strSource xml file.

I cannot understand what file it is trying to create.

<Code>
Dim HttpReq1 As WinHttpRequest
   
  Set HttpReq1 = New WinHttpRequest
 
  HttpReq1.Open "GET", "https://secure.authentxxxxx.com/Authenticator/Token.asmx", False
  HttpReq1.setRequestHeader "Content-Type", "application/soap+xml; charset=UTF-8" '
 
  HttpReq1.SetClientCertificate "CURRENT_USER\My\AurtxxxUAT01"
  HttpReq1.setRequestHeader "Content-Type", "text/xml; charset=UTF-8"
  HttpReq1.setRequestHeader "SOAPAction", "http://www.uk.experian.com/WASP/STS"
  HttpReq1.send strSource   'strSource is an XML string with SOAP headers etc.

<Code end>
0
I have Dedicated server on Hetzner. Server is located in Germany.

Server has 256GB RAM 6 CPUs (12 Threads)... In coclusion, it is quite good one. I have CENTOS 7.5. EA4.

Problem is with SSL. Every day for about 2 hours we have 40 requests in one second and at that moment finishing requests takes about 20 seconds sometimes.

While Non SSL takes 0.5 and lower mostly.

There is some exapmle page

http://viber.ge/index.php


After few second you will see responce time and it varies a lot.

From 13:00 to 15:30 (UTC+4) SSL requests take the msot time.

Even if u open this link with SSL and without u might see the difference.

I have WHM available and I've noticed ModSecurity and wonder if it might be the problem.

I have already applied most of the setting provided here but they are not much about SSL.

Could anyone point out where should I look to resolve this issue?
0
How to upgrade TLS 1.01 to TLS 1.1 in window 2008 server?
0
When Using WinHTTP with setClientCertificate I cannot locate the certificate to use in Windows 10 using Access 2016 VBA.

https://msdn.microsoft.com/en-us/library/windows/desktop/aa384055(v=vs.85).aspx  provides an example

// Select a client certificate.
HttpReq.SetClientCertificate(
            "LOCAL_MACHINE\\Personal\\My Middle-Tier Certificate");


If I go into mmc I can see the certificate with the "Issued to" and "serial No".  Searching the registry finds neither of those values.

The Certificate is installed correctly as I am able to access the https website manually clicking the certificate when requested.
0
Go Daddy UCC SAN CERT "You entered an invalid subject alt name. You must use a fully-qualified subject alt name."
There are no .local names:

X autodiscover.DOMAIN.com
X autodiscover.DOMAIN.corp
X DOMAIN.com
X mail.DOMAIN.corp
X mail2.DOMAIN.com
X mail2.DOMAIN.corp
X exhcangeservername.DOMAIN.corp

Wants me to "Add Subject Alternative Name (SAN)"   ?
0
I am using a VCL WEBSockets component from IPWorks to write a WebSocket server application.
I am initially using the Demo server application source code that was provided with the product (a trial version).
The code compiles with C++ Builder XE10.2 and runs. At run-time  you have to supply a TCP port number upon which the server will be listening.
There is also the option at run-time to select or de-select the use of SSL. When SSL is selected the demo program displays the key that it is using as follows which includes an RSA public key:

Issuer: CN=Token Signing Public Key
Subject: CN=d96a8295f11e5dfd
Version: V3
Serial Number: f1c56f5305f258ed5ac99ee94dea627efc92481a
Signature Algorithm: DATA_STRUCTURE
Effective Date: 20-Dec-2016 02:15:23
Expiration Date: 27-Dec-2016 02:15:23
Public Key Algorithm: RSA_RSA
Public Key Length: 1024
Public Key: -----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGBHHSwSweChfdD/EqXR2QkBs5
vB4iRs1oWEmjLlE9DwY37oT0o3Wa2OpXOp+KOgxxq8f0yJ0+qTDWYPd3fVLx1nO4
vRiRX4R6yDPl4JwhdOE0jCK7CTWgNNj/EVEBP2d1putJDdsc2rINRytUf9Z5OpBc
nTfQ+hlSwkasoKWQfwIDAQAB
-----END RSA PUBLIC KEY-----

Where and how do I register this public key on the Windows 10 Professional PC from which a connection with the server will be made?

I know very little about technicalities of SSL or TLS.
0
Hi,
My client has wildcard certificate(comodo)on multiple servers. Mostly AFAIK IIS 8 and cisco asa.
I need to renew wildcard comodo cert on multiple servers.
Do I need to create cert request on IIS but not with renew option?
https://weblog.west-wind.com/posts/2014/May/08/IIS-SSL-Certificate-Renewal-Pain


Do I need to mark old cert and than create cert request

or do I need mark IIS server and than create cert request option?

https://www.youtube.com/watch?v=ji0-HgB4wek
So,to sumarize.Create cert request on one server,import cert and  then export(pfx) and move it and import to another IIS server?
When I create cert request does this information(organizational unit,organization…)must match with old cert and if so how can I find those information on old cert?IT engineer who has purchase cert last year doesnt work here anymore.

0
Hi Experts,

I want to run this file in openssl.
Can you help me please ?

Where to enter what ?

cat > csr_details.txt <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=US
ST=New York
L=Rochester
O=End Point
OU=Testing Domain
emailAddress=your-administrative-address@your-awesome-existing-domain.com
CN = www.your-new-domain.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = your-new-domain.com
DNS.2 = www.your-new-domain.com
EOF

# Let’s call openssl now by piping the newly created file in
openssl req -new -sha256 -nodes -out \*.your-new-domain.com.csr -newkey rsa:2048 -keyout \*.your-new-domain.com.key -config <( cat csr_details.txt )

Open in new window

0
We have a Windows Server 2016 ADCS server and I am recently trying to get it to generate certificates that work with Chrome extra. But no matter what I do when creating the CSR and adding the SAN names to the CSR, they do not appear in the certificate. It

Chrome gives this error:

You connection is not private
Attackers might be trying to steal your information from xxx
NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is nagios.hud.ac.uk; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

What do I need to do on the ADCS server to ensure SAN names are properly added to certificates?
0
Introducing the "443 Security Simplified" Podcast
LVL 1
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

We have an own PKI.
I have created a new certificate for some web services.
I just want to get rid of the cert warnings when I open the site.

When I open the site with IE all is fine and no warnings.
But with CHROME I still have this warnings.

Do you know what I can do ?
0
Looking for any assistance in updating or installing a wildcard SSL in Artifactory v 4.15
Our wildcard SSL needs to be updated before the current cert expires.
0
I am following the directions to retrieve my CSR key for my site certificate from a Linux box form the site below. After following the instructions, nothing happens and I do not get a private key. As you can see from the screenshot, I follow the instructions but it goes back to the root prompt.  

What am I doing wrong? Where does Linux store the key?

https://medium.com/@sslsecurity/how-to-generate-csr-certificate-signing-request-in-linux-ee4d9bc52837
Capture.PNG
0
CENTOS 6.5 Server running Apache 2.2.15

We are running a Secure Site on this server and thus have a SSL cert from GoDaddy. The Cert from Godaddy is current but recently the Server-Cert expired.

Followed the instructions here to generate a new Server-Cert
https://serverfault.com/questions/578069/ssl-library-error-8181-certificate-has-expired

Then here to generate a new CSR
https://tecadmin.net/simple-steps-to-generate-csr-on-centos/#
 

Then we went and Re-Keyed our SSL cert with Godaddy, plugged in the new cert details and restarted HTTPD.

When I run : nmap -sT xxxxx.xxxxxxx.com
Get this
Host is up (0.00044s latency).
Not shown: 993 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
3306/tcp  open  mysql
8443/tcp  open  https-alt
10000/tcp open  snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

It appears that it is not listening on 443. If I add a "Listen 443" directive to the HTTPD Conf though it resolves to the Centos Apache default screen versus the site root.

In the SSL_ERROR Log I am seeing the following
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate
0
We have an

index.php

page that renders to our website's home page

www.example--not-really-domain--name.com

Having added an SSL certificate, we've used a 310 Redirect to successfully redirect many pages within the website from their old insecure to newly secure

https

versions

For some reason, it is not working on our homepage.

Is there any special trick to getting a homepage or an index.php to redirect from

http to https?

Thanks,

OT
0
I'm looking for some help getting Unifi portal to https.  We already have a certificate created for other stuff, so I can't rekey it.  I found directions but it requires the CSR, which I don't have.  Any ideas?
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.