Search Results

Search found 3266 results on 131 pages for 'san certificate'.

Page 102/131 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • Lighttpd domain redirection

    - by HTF
    I would like to redirect domains on HTTP/HTTPS: http://old.com -> https://new.com https://old.com -> https://new.com I have to specify the SSL key/certificate for the old domain but I'm not sure where I have to place these directives: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/pki/tls/private/new.com.pem" ssl.ca-file = "/etc/pki/tls/certs/new.com.crt" } $SERVER["socket"] == ":80" { $HTTP["host"] =~ "old.com|new.com" { url.redirect = ( "^/(.*)" => "https://new.com:443/$1" ) } } I was trying to add the code below but Lighttpd reports configuration errors: $SERVER["socket"] == ":443" { $HTTP["host"] =~ "old.com" { url.redirect = ( "^/(.*)" => "https://new.com:443/$1" ) } ssl.engine = "enable" ssl.pemfile = "/etc/pki/tls/private/old.com.pem" ssl.ca-file = "/etc/pki/tls/certs/old.com.crt" }

    Read the article

  • VoIP and IPv6 with IPsec

    - by PhilCisco
    Hi, I had some basic questions about VoIP in a IPv6 architecture, right now I'm running VoIP in a v4 architecture, and I was thinking about to change everything to v6. my questions are not that practical but I would like to understand it well. Question 1: if i had internet full v6 or v4 and that I enable IPsec on my v6 router do I still need a VPN through the internet ? because my routers will anyway exchange their pub/priv key or their certificate to ensure the communication. Question 2: If the answer to question 1 is yes then I only have two advantages to put my VoIP architecture to IPv6 the second advantage for me is the NAT which I will not have anymore. I know that right now I should anyway still use things like NAT-PT, Tunnelling and so one but in full v6 are their any other advantages ? Thank you

    Read the article

  • Apache Ubuntu SSL Configuration

    - by JSP
    Where besides the vhost configuration can SSL be configured? I see an SSL configuration in sites-available but it's not an enabled vhost (and the certificate it points to is expired). Using apache2 -V shows me the configuration directory is /etc/apache2 but I can not for the life of me find the SSL configuration and it's driving me crazy. Any suggestions on where to look or what I'm missing? Ubuntu 12 Linux ip-10-39-119-18 3.2.0-23-virtual #36-Ubuntu SMP Tue Apr 10 22:29:03 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

    Read the article

  • Remote Desktop Problem on Windows Server 2008 R2

    - by lukiffer
    Revised this question to be more concise, consolidating several revisions. Symptoms: From a domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server (by hostname or FQDN) = success Domain credentials to a member server (by IP) = fail Local credentials to a member server (by either) = success From a non-domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server = fail Local credentials to a member server = success (Identical behavior from a Mac RDC 2.1 client) Server Configuration Details: Windows 2008 R2 Datacenter w/ SP1 The domain in question is a subdomain of a Windows 2008 domain (forest root). Root has DCs in both Site A and Site B, subdomain only has DCs in Site B. RDP is operating normally on all root member-servers and DCs. No remote desktop settings are defined by GPOs. Network level authentication is enabled; all clients are compatible and the certificate exchange/SSL handshake completes successfully. Not catching any errors in netlogon log.

    Read the article

  • Personal Archive not Visible in Outlook

    - by Krypton2k
    I just added a second user to my Exchange 2010 box, it is in coexistence with exc2003. My account is already set up and working with a personal archive folder. The user I just set up however is unable to see the archive in Outlook. It is visible in OWA but not outlook. I have created a test profile on my PC with the users account and still no archive, if I jump back to my profile on the same box the archive is there so I know it is not an office versions issue. UPDATE: I have deleted all profiles from Outlook (one of which worked with the archive) now any new profiles including my own no longer show up. I think I have broken something In exchange. I get an auto discover certificate error which I am in the process of fixing. Perhaps the 2 problems are related. Also OWA on this server runs on a custom SSL port.

    Read the article

  • SSH Tunnel doesn't work in China

    - by Martin
    Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

    Read the article

  • Nginx load distribution and multi-domain SSL

    - by Steve Clark
    I'm researching into the best methods of two new parts of our infrastructure, hopefully finding a single solution for both. 1) We're currently running a single application server, and we're going to be adding an additional application server and load balance between the two. 2) We handle a few thousand domains across the application server(s), and we're looking to support SSL. The best method i've come across so far is using nginx for it's Load Distribution to serve the requests to the application servers, and for it's SSL support. If a request is using SSL, nginx accepts the request on, terminates SSL and pipes to apache (app servers). Now, that's all good, but i'm yet to figure out how we can let nginx handle multiple domains using SSL. We're potentially looking at using UCC SSL Certs, so we can support 150 domains on a single certificate, with each cert on a single IP. I'm all new to this (My experience is just with physical load balancers and a single domains on SSL), so any advice would be very much appreciated.

    Read the article

  • Restrict Apache to only allow access using SSL for some directories

    - by DrStalker
    I have an Apache 2.2 server with an SSL certificate hosting several services that should be only access using SSL. ie: https://myserver.com/topsecret/ should be allowed while http://myserver.com/topsecret/ should be either denied or, ideally, redirected to https. http://myserver.com/public should not have this restriction, and should work using either http or https. The decision to allow/deny http is made at the top level directory, and affects all content underneath it. Is there a directive that can be placed in the Apache config to retrict access in this manner?

    Read the article

  • Reverse Proxy Server SSL?

    - by valveLondon
    Context We currently have an Apache web server in the DMZ set up as a reverse proxy and load balancer for two machines running Windows Server 2008 (IIS) inside. The Apache server has a genuine SSL certificate and serves up both http and https, however, the balancer members in the load balancing section are set to: BalancerMember {https://server1} and {https://server2}. The IIS web servers have self-signed certificates in order to respond to the https requests. My question: Do we need to forward any requests from Apache (in the DMZ) to the inside using SSL? e.g can the reverse proxy forward the requests using HTTP? and if so, why would I choose to forward them with SSL? (how secure is the http line between the dmz and the inside); In other words, can I totally disable SSL on my inside web servers?

    Read the article

  • Apache redirect some requests to another server

    - by mucie
    We just bought a new server. We want our old server to respond the https connections(because of ssl certificate) and new server to respond the rest. New server is ready but i don't know how to redirect requests to new one. mydomain.com => old machine ip 10.10.10.41 => new machine Requests will come through mydomain.com. If it is https: respond else redirect to 10.10.10.41 How should i configure apache for this situation?

    Read the article

  • redirecting HTTPS requests to http in lighttpd

    - by chochim
    I have a lighttpd server running which has an SSL certificate installed. I would, due to certain reasons, like to forward all https: //www. requests to http: //www. My lighttpd code looks like as follows: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/path/to/pem/file" ssl.ca-file = "/path/to/ca/file" HTTP["host"] =~ "^www\.(.*)$" { url.redirect = ("^/(.*)" => "http://www.%1$1") } } Can you please point out the problem here. Another thing, what is the difference between %1 and $1 ?

    Read the article

  • How to edit the Boot Graphics Resource Table / Edit windows 8 BOOT LOGO?

    - by user144773
    I want to edit the screen which is displayed when windows 8 (starts) loads (/loading). As for now it has the Toshiba logo, I want my custom logo or the windows default logo. I have found that UEFI has something called "Boot Graphics Resource Table" and that it overides the default logo if there is a image present (source) How can I edit the logo stored in UEFI firmware or Boot Graphics Resource Table? if it's in the "bootres.dll", which does UEFI use? My disk (spread across a few system/usefi/windows/etc partitions) has around twenty bootres.dlls. The bootres.dll is signed by Microsoft, but I don't have to worry because I can sign the file I edit myself with my own certificate.

    Read the article

  • setreg.exe for Windows 7

    - by victoriah
    I want to use setreg.exe (http://msdn.microsoft.com/en-us/library/aa387700(VS.85).aspx) to disable the certificate revocation check. However, it's based on an older version of .NET than what I have. Microsoft says it's shipped with the older .net SDK, and when I download that, try to install, it says something like 'can't install SDK without .net 1.1'. In the article linked it says for newer versions I should use SignTool, but SignTool does not appear to have the function I need . Is it possible to either - a) find a tool that can perform the function I need that doesn't need me to install the older .NET b) get setreg.exe without downloading the SDK or do I need to install the older .NET on my machine? And if the latter is the case, what do I need to do to install an older .NET? Will it overwrite my current .NET? Thanks,

    Read the article

  • Multiple SSL domains on the same IP address and same port?

    - by John
    This is a Canonical Question about Hosting multiple SSL websites on the same IP. I was under the impression that each SSL Certificate required it's own unique IP Address/Port combination. But the answer to a previous question I posted is at odds with this claim. Using information from that Question, I was able to get multiple SSL certificates to work on the same IP address and on port 443. I am very confused as to why this works given the assumption above and reinforced by others that each SSL domain website on the same server requires its own IP/Port. I am suspicious that I did something wrong. Can multiple SSL Certificates be used this way?

    Read the article

  • Speedup of fixing an openssl bug with 8192 bit key [on hold]

    - by rubo77
    This is related to this Bug-Report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747453 OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers with long certificate keys (8192 Bit RSA) failed to establish a secure connection because OpenSSL rejected the handshake. This seems to be a small problem to be fixed but although there is an easy patch available to fix the issue in that bug report, no reactions are noticed so far.. The last patch that broke the 2048 barrier took 2 years to be implemented and only resulted in an increase to 4096bit, which seems to be a bad joke. Where would we have to report this to speed up the implementation for such an issue?

    Read the article

  • How to Configure SSL on Particular Folder,Not overall Site in iis 7

    - by user66001
    I have a website for example www.somesite.com. I want to apply SSL settings on Particular Folder in this site. I followed following steps. (1) Import Certificate in IIS 7. (2) Create SSL Bindings. (3) Select folder in website and set required ssl. Now my problem is that I want one particular folder to require SSL not overall site. By Following above steps. I can browse whole site with both http and https. I want whole site to be browsed by only http and the particular folder in website to be browsed using only https. Like -http://www.somesite.com and -https://www.somesite.com/somefolder Thanks in advance.

    Read the article

  • How to configure Apache to act as an SSL proxy to an application server?

    - by ripper234
    I have one physical server that runs: an Apache (httpd) server another web server (let's say Tomcat for sake of argument) on port 1234 Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL? What I imagine is: Traffic to http://myserevr.com/app is redirected to https://myserver.com/app Traffic to https://myserver.com/app is proxied to the application server. My SSL certificate is only installed on the Apache server, not on the Application server Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server What's the best setup to achieve this? (On Ubuntu, if that matters)

    Read the article

  • IPSec 2 hosts (preshared key) - network shares very slow

    - by LxFlip
    I'm testing a IPSec config between 2 hosts, using ipsec auth with preshared key, very simple configuration. (I want to start with a IPSec simple preshared key config, and then step up to a Certificate or kerberos...) The problem is: The connection is working but when accessing network file shares the first time it's very slow. On the same host i'm testing the shares, i have an IIS site running, and the performance seems very normal, fast. Does anybody know why does SMB shares are soo slow? Is there any ipsec policy options that should be tweaked? Thanks

    Read the article

  • How to decrypt an encrypted Apple iTunes iPhone backup?

    - by afit
    I've been asked by a number of unfortunate iPhone users to help them restore data from their iTunes backups. This is easy when they are unencrypted, but not when they are encrypted, whether or not the password is known. As such, I'm trying to figure out the encryption scheme used on mddata and mdinfo files when encrypted. I have no problems reading these files otherwise, and have built some robust C# libraries for doing so. (If you're able to help, I don't care which language you use. It's the principle I'm after here!) The Apple "iPhone OS Enterprise Deployment Guide" states that "Device backups can be stored in encrypted format by selecting the Encrypt iPhone Backup option in the device summary pane of iTunes. Files are encrypted using AES128 with a 256-bit key. The key is stored securely in the iPhone keychain." That's a pretty good clue, and there's some good info here on Stackoverflow on iPhone AES/Rijndael interoperability suggesting a keysize of 128 and CBC mode may be used. Aside from any other obfuscation, a key and initialisation vector (IV)/salt are required. One might assume that the key is a manipulation of the "backup password" that users are prompted to enter by iTunes and passed to "AppleMobileBackup.exe", padded in a fashion dictated by CBC. However, given the reference to the iPhone keychain, I wonder whether the "backup password" might not be used as a password on an X509 certificate or symmetric private key, and that the certificate or private key itself might be used as the key. (AES and the iTunes encrypt/decrypt process is symmetric.) The IV is another matter, and it could be a few things. Perhaps it's one of the keys hard-coded into iTunes, or into the devices themselves. Although Apple's comment above suggests the key is present on the device's keychain, I think this isn't that important. One can restore an encrypted backup to a different device, which suggests all information relevant to the decryption is present in the backup and iTunes configuration, and that anything solely on the device is irrelevant and replacable in this context. So where might be the key be? I've listed paths below from a Windows machine but it's much of a muchness whichever OS we use. The "\appdata\Roaming\Apple Computer\iTunes\itunesprefs.xml" contains a PList with a "Keychain" dict entry in it. The "\programdata\apple\Lockdown\09037027da8f4bdefdea97d706703ca034c88bab.plist" contains a PList with "DeviceCertificate", "HostCertificate", and "RootCertificate", all of which appear to be valid X509 certs. The same file also appears to contain asymmetric keys "RootPrivateKey" and "HostPrivateKey" (my reading suggests these might be PKCS #7-enveloped). Also, within each backup there are "AuthSignature" and "AuthData" values in the Manifest.plist file, although these appear to be rotated as each file gets incrementally backed up, suggested they're not that useful as a key, unless something really quite involved is being done. There's a lot of misleading stuff out there suggesting getting data from encrypted backups is easy. It's not, and to my knowledge it hasn't been done. Bypassing or disabling the backup encryption is another matter entirely, and is not what I'm looking to do. This isn't about hacking apart the iPhone or anything like that. All I'm after here is a means to extract data (photos, contacts, etc.) from encrypted iTunes backups as I can unencrypted ones. I've tried all sorts of permutations with the information I've put down above but got nowhere. I'd appreciate any thoughts or techniques I might have missed.

    Read the article

  • Stumped by "The remote server returned an error: (403) Forbidden" with WCF Service in https

    - by RJ
    I have a WCF Service that I have boiled down to next to nothing because of this error. It is driving me up the wall. Here's what I have now. A very simple WCF service with one method that returns a string with the value, "test". A very simple Web app that uses the service and puts the value of the string into a label. A web server running IIS 6 on Win 2003 with a SSL certificate. Other WCF services on the same server that work. I publish the WCF service to it's https location I run the web app in debug mode in VS and it works perfectly. I publish the web app to it's https location on the same server the WCF service resides under the same SSL certificate I get, "The remote server returned an error: (403) Forbidden" I have changed almost every setting in IIS as well as the WCF and Web apps to no avail. I have compared setting in the WCF services that work and everything is the same. Below are the setting in the web.config for the WCF Service and the WEB app: It appears the problem has to do with the Web app but I am out of ideas. Any ideas: WCF Service: <system.serviceModel> <bindings> <client /> <services> <service behaviorConfiguration="Ucf.Smtp.Wcf.SmtpServiceBehavior" name="Ucf.Smtp.Wcf.SmtpService"> <host> <baseAddresses> <add baseAddress="https://test.net.ucf.edu/webservices/Smtp/" /> </baseAddresses> </host> <endpoint address="" binding="wsHttpBinding" contract="Ucf.Smtp.Wcf.ISmtpService" bindingConfiguration="SSLBinding"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Ucf.Smtp.Wcf.SmtpServiceBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" httpsHelpPageEnabled="True"/> </behavior> </serviceBehaviors> </behaviors> Web App: <system.serviceModel> <bindings><wsHttpBinding> <binding name="WSHttpBinding_ISmtpService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /> </security> </binding> <client> <endpoint address="https://net228.net.ucf.edu/webservices/smtp/SmtpService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISmtpService" contract="SmtpService.ISmtpService" name="WSHttpBinding_ISmtpService"> <identity> <dns value="localhost" /> </identity> </client> </system.serviceModel>

    Read the article

  • Customizing Rails XML rendering to include extra properties

    - by Isaac Cambron
    Let's say I have a model like this: create_table :ninjas do |t| t.string name end And the Ninja class with an extra property: class Ninja < ActiveRecord::Base def honorific "#{name}san" end end And in my controller I just want to render it to XML: def show render :xml => Ninja.find(params[:id]) end The honorific part isn't rendered. That makes sense, since it's just a method, but is there a way of tricking it? I'm totally up for answers to the effect of, "You're doing this totally wrong." I'll just add that I really do want to calculate the honorific on the fly, and not, like, store it in the database or something.

    Read the article

  • Changes to JBoss web.xml have no effect

    - by sixtyfootersdude
    I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas? <!-- Force SSL for entire site as described here: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <security-constraint> <!-- defines resources to be protected (in this case everything)--> <web-resource-collection> <!-- name for the resource, can be anything you like --> <!-- Question: is this referenced anywhere else? --> <web-resource-name> Entire Application </web-resource-name> <!-- protect the entire application --> <url-pattern> /* </url-pattern> </web-resource-collection> <!-- defines protection level for protected resource --> <user-data-constraint> <!-- data cannot be observed or changed --> <!-- how it works in tomcat: --> <!-- if (set to integral or confidential && not using ssl) --> <!-- redirect sent to client, redirecting them to same url --> <!-- but using the port defined in the redirect port --> <!-- attribute in the <Connector> element of server.xml --> <!-- default is 443, so in other words user is redirected --> <!-- to same page using ssl. --> <!-- BUT it is differnt for JBOSS!! See this link: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite --> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <!-- Client-side SSL certificate based authentication. The cert is passed to the server to authenticate --> <!-- I am pretty sure that CLIENT-CERT should have a dash NOT an underscore see: http://www.mail-archive.com/[email protected]/msg139845.html --> <!-- CLIENT-CERT uses a client's AND server's certificates. See: http://monduke.com/2006/01/19/the-mysterious-client-cert/ --> <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

    Read the article

  • Convert old NuSoap code into PHP core soap functions

    - by Enrique
    Hi I've been testing nuSoap with codeIgniter (PHP Framework) but seems nuSoap isn't prepared to work with latest php 5.3, even if I download a patched nusoap version for php 5.3 I have the following code: require_once(APPPATH.'libraries/NuSOAP/lib/nusoap'.EXT); //includes nusoap $n_params = array('CityName' => 'San Juan', 'CountryName' => 'Argentina'); $client = new nusoap_client('http://www.webservicex.net/globalweather.asmx?WSDL'); $client->setHTTPProxy("10.2.0.1",6588,"",""); $result = $client->call('GetWeather', $n_params); Can any1 help me to convert these functions into php soap functions? Including proxy function? Thanks a lot

    Read the article

  • How do I start a second console application in Visual Studio when one is already running

    - by Kettenbach
    Hi All, I am working through some examples in a WCF book. There is a Host project and Client project within a single solution. Both are console applications. The Host is the startup app, but the Client app doesn't seem to open the Console like the book says. Book says while the Host is running, run the Client. The Run button is disabled tho as it is already running. The book example definitely has them in the same solution and a single instance of Visual Studio. Anyways, what am I missing here? I have done this with two instances of VS, but I truly have never does this in a single instance. Any help is always appreciated. Cheers, ~ck in San Diego

    Read the article

  • WCF MessageContract Help - MessageBodyMember with hyphenated name

    - by Hcabnettek
    Hi All, I need a bit of WCF help. This project uses message contracts. The transport seems to work ok. I have this code for a response type. namespace tpoke.Contracts { [MessageContract(IsWrapped = true)] public class AuthenticationResponseMC { [MessageBodyMember(Name = "authentication-token")] public Guid AuthenticationToken; } } Now when I run the operation that returns this, I try to deserialize using the XmlSerializer. The is not what I'm needing. I need it to be <authentication-token xmlns="http://tpoke.wcf.com">e13xxxx-xxxx-xxxx-xxxxxx</authentication-token> How can I make this work correctly? Do I need to add the namespace to MessageBodyMember? Why is the hyphen being stripped out? Any tips or advice is certainly appreciated. Thanks, ~ck in San Diego

    Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >