Search Results

Search found 3314 results on 133 pages for 'certificate authority'.

Page 109/133 | < Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116 | Next Page >

Personal Archive not Visible in Outlook

- by Krypton2k

I just added a second user to my Exchange 2010 box, it is in coexistence with exc2003. My account is already set up and working with a personal archive folder. The user I just set up however is unable to see the archive in Outlook. It is visible in OWA but not outlook. I have created a test profile on my PC with the users account and still no archive, if I jump back to my profile on the same box the archive is there so I know it is not an office versions issue. UPDATE: I have deleted all profiles from Outlook (one of which worked with the archive) now any new profiles including my own no longer show up. I think I have broken something In exchange. I get an auto discover certificate error which I am in the process of fixing. Perhaps the 2 problems are related. Also OWA on this server runs on a custom SSL port.

Read the article
Apache Ubuntu SSL Configuration

- by JSP

Where besides the vhost configuration can SSL be configured? I see an SSL configuration in sites-available but it's not an enabled vhost (and the certificate it points to is expired). Using apache2 -V shows me the configuration directory is /etc/apache2 but I can not for the life of me find the SSL configuration and it's driving me crazy. Any suggestions on where to look or what I'm missing? Ubuntu 12 Linux ip-10-39-119-18 3.2.0-23-virtual #36-Ubuntu SMP Tue Apr 10 22:29:03 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Read the article
Remote Desktop Problem on Windows Server 2008 R2

- by lukiffer

Revised this question to be more concise, consolidating several revisions. Symptoms: From a domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server (by hostname or FQDN) = success Domain credentials to a member server (by IP) = fail Local credentials to a member server (by either) = success From a non-domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server = fail Local credentials to a member server = success (Identical behavior from a Mac RDC 2.1 client) Server Configuration Details: Windows 2008 R2 Datacenter w/ SP1 The domain in question is a subdomain of a Windows 2008 domain (forest root). Root has DCs in both Site A and Site B, subdomain only has DCs in Site B. RDP is operating normally on all root member-servers and DCs. No remote desktop settings are defined by GPOs. Network level authentication is enabled; all clients are compatible and the certificate exchange/SSL handshake completes successfully. Not catching any errors in netlogon log.

Read the article
SSH Tunnel doesn't work in China

- by Martin

Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

Read the article
Nginx load distribution and multi-domain SSL

- by Steve Clark

I'm researching into the best methods of two new parts of our infrastructure, hopefully finding a single solution for both. 1) We're currently running a single application server, and we're going to be adding an additional application server and load balance between the two. 2) We handle a few thousand domains across the application server(s), and we're looking to support SSL. The best method i've come across so far is using nginx for it's Load Distribution to serve the requests to the application servers, and for it's SSL support. If a request is using SSL, nginx accepts the request on, terminates SSL and pipes to apache (app servers). Now, that's all good, but i'm yet to figure out how we can let nginx handle multiple domains using SSL. We're potentially looking at using UCC SSL Certs, so we can support 150 domains on a single certificate, with each cert on a single IP. I'm all new to this (My experience is just with physical load balancers and a single domains on SSL), so any advice would be very much appreciated.

Read the article
Restrict Apache to only allow access using SSL for some directories

- by DrStalker

I have an Apache 2.2 server with an SSL certificate hosting several services that should be only access using SSL. ie: https://myserver.com/topsecret/ should be allowed while http://myserver.com/topsecret/ should be either denied or, ideally, redirected to https. http://myserver.com/public should not have this restriction, and should work using either http or https. The decision to allow/deny http is made at the top level directory, and affects all content underneath it. Is there a directive that can be placed in the Apache config to retrict access in this manner?

Read the article
Reverse Proxy Server SSL?

- by valveLondon

Context We currently have an Apache web server in the DMZ set up as a reverse proxy and load balancer for two machines running Windows Server 2008 (IIS) inside. The Apache server has a genuine SSL certificate and serves up both http and https, however, the balancer members in the load balancing section are set to: BalancerMember {https://server1} and {https://server2}. The IIS web servers have self-signed certificates in order to respond to the https requests. My question: Do we need to forward any requests from Apache (in the DMZ) to the inside using SSL? e.g can the reverse proxy forward the requests using HTTP? and if so, why would I choose to forward them with SSL? (how secure is the http line between the dmz and the inside); In other words, can I totally disable SSL on my inside web servers?

Read the article
Apache redirect some requests to another server

- by mucie

We just bought a new server. We want our old server to respond the https connections(because of ssl certificate) and new server to respond the rest. New server is ready but i don't know how to redirect requests to new one. mydomain.com => old machine ip 10.10.10.41 => new machine Requests will come through mydomain.com. If it is https: respond else redirect to 10.10.10.41 How should i configure apache for this situation?

Read the article
redirecting HTTPS requests to http in lighttpd

- by chochim

I have a lighttpd server running which has an SSL certificate installed. I would, due to certain reasons, like to forward all https: //www. requests to http: //www. My lighttpd code looks like as follows: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/path/to/pem/file" ssl.ca-file = "/path/to/ca/file" HTTP["host"] =~ "^www\.(.*)$" { url.redirect = ("^/(.*)" => "http://www.%1$1") } } Can you please point out the problem here. Another thing, what is the difference between %1 and $1 ?

Read the article
How to edit the Boot Graphics Resource Table / Edit windows 8 BOOT LOGO?

- by user144773

I want to edit the screen which is displayed when windows 8 (starts) loads (/loading). As for now it has the Toshiba logo, I want my custom logo or the windows default logo. I have found that UEFI has something called "Boot Graphics Resource Table" and that it overides the default logo if there is a image present (source) How can I edit the logo stored in UEFI firmware or Boot Graphics Resource Table? if it's in the "bootres.dll", which does UEFI use? My disk (spread across a few system/usefi/windows/etc partitions) has around twenty bootres.dlls. The bootres.dll is signed by Microsoft, but I don't have to worry because I can sign the file I edit myself with my own certificate.

Read the article
setreg.exe for Windows 7

- by victoriah

I want to use setreg.exe (http://msdn.microsoft.com/en-us/library/aa387700(VS.85).aspx) to disable the certificate revocation check. However, it's based on an older version of .NET than what I have. Microsoft says it's shipped with the older .net SDK, and when I download that, try to install, it says something like 'can't install SDK without .net 1.1'. In the article linked it says for newer versions I should use SignTool, but SignTool does not appear to have the function I need . Is it possible to either - a) find a tool that can perform the function I need that doesn't need me to install the older .NET b) get setreg.exe without downloading the SDK or do I need to install the older .NET on my machine? And if the latter is the case, what do I need to do to install an older .NET? Will it overwrite my current .NET? Thanks,

Read the article
Speedup of fixing an openssl bug with 8192 bit key [on hold]

- by rubo77

This is related to this Bug-Report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747453 OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers with long certificate keys (8192 Bit RSA) failed to establish a secure connection because OpenSSL rejected the handshake. This seems to be a small problem to be fixed but although there is an easy patch available to fix the issue in that bug report, no reactions are noticed so far.. The last patch that broke the 2048 barrier took 2 years to be implemented and only resulted in an increase to 4096bit, which seems to be a bad joke. Where would we have to report this to speed up the implementation for such an issue?

Read the article
Multiple SSL domains on the same IP address and same port?

- by John

This is a Canonical Question about Hosting multiple SSL websites on the same IP. I was under the impression that each SSL Certificate required it's own unique IP Address/Port combination. But the answer to a previous question I posted is at odds with this claim. Using information from that Question, I was able to get multiple SSL certificates to work on the same IP address and on port 443. I am very confused as to why this works given the assumption above and reinforced by others that each SSL domain website on the same server requires its own IP/Port. I am suspicious that I did something wrong. Can multiple SSL Certificates be used this way?

Read the article
How to Configure SSL on Particular Folder,Not overall Site in iis 7

- by user66001

I have a website for example www.somesite.com. I want to apply SSL settings on Particular Folder in this site. I followed following steps. (1) Import Certificate in IIS 7. (2) Create SSL Bindings. (3) Select folder in website and set required ssl. Now my problem is that I want one particular folder to require SSL not overall site. By Following above steps. I can browse whole site with both http and https. I want whole site to be browsed by only http and the particular folder in website to be browsed using only https. Like -http://www.somesite.com and -https://www.somesite.com/somefolder Thanks in advance.

Read the article
How to configure Apache to act as an SSL proxy to an application server?

- by ripper234

I have one physical server that runs: an Apache (httpd) server another web server (let's say Tomcat for sake of argument) on port 1234 Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL? What I imagine is: Traffic to http://myserevr.com/app is redirected to https://myserver.com/app Traffic to https://myserver.com/app is proxied to the application server. My SSL certificate is only installed on the Apache server, not on the Application server Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server What's the best setup to achieve this? (On Ubuntu, if that matters)

Read the article
IPSec 2 hosts (preshared key) - network shares very slow

- by LxFlip

I'm testing a IPSec config between 2 hosts, using ipsec auth with preshared key, very simple configuration. (I want to start with a IPSec simple preshared key config, and then step up to a Certificate or kerberos...) The problem is: The connection is working but when accessing network file shares the first time it's very slow. On the same host i'm testing the shares, i have an IIS site running, and the performance seems very normal, fast. Does anybody know why does SMB shares are soo slow? Is there any ipsec policy options that should be tweaked? Thanks

Read the article
How to decrypt an encrypted Apple iTunes iPhone backup?

- by afit

I've been asked by a number of unfortunate iPhone users to help them restore data from their iTunes backups. This is easy when they are unencrypted, but not when they are encrypted, whether or not the password is known. As such, I'm trying to figure out the encryption scheme used on mddata and mdinfo files when encrypted. I have no problems reading these files otherwise, and have built some robust C# libraries for doing so. (If you're able to help, I don't care which language you use. It's the principle I'm after here!) The Apple "iPhone OS Enterprise Deployment Guide" states that "Device backups can be stored in encrypted format by selecting the Encrypt iPhone Backup option in the device summary pane of iTunes. Files are encrypted using AES128 with a 256-bit key. The key is stored securely in the iPhone keychain." That's a pretty good clue, and there's some good info here on Stackoverflow on iPhone AES/Rijndael interoperability suggesting a keysize of 128 and CBC mode may be used. Aside from any other obfuscation, a key and initialisation vector (IV)/salt are required. One might assume that the key is a manipulation of the "backup password" that users are prompted to enter by iTunes and passed to "AppleMobileBackup.exe", padded in a fashion dictated by CBC. However, given the reference to the iPhone keychain, I wonder whether the "backup password" might not be used as a password on an X509 certificate or symmetric private key, and that the certificate or private key itself might be used as the key. (AES and the iTunes encrypt/decrypt process is symmetric.) The IV is another matter, and it could be a few things. Perhaps it's one of the keys hard-coded into iTunes, or into the devices themselves. Although Apple's comment above suggests the key is present on the device's keychain, I think this isn't that important. One can restore an encrypted backup to a different device, which suggests all information relevant to the decryption is present in the backup and iTunes configuration, and that anything solely on the device is irrelevant and replacable in this context. So where might be the key be? I've listed paths below from a Windows machine but it's much of a muchness whichever OS we use. The "\appdata\Roaming\Apple Computer\iTunes\itunesprefs.xml" contains a PList with a "Keychain" dict entry in it. The "\programdata\apple\Lockdown\09037027da8f4bdefdea97d706703ca034c88bab.plist" contains a PList with "DeviceCertificate", "HostCertificate", and "RootCertificate", all of which appear to be valid X509 certs. The same file also appears to contain asymmetric keys "RootPrivateKey" and "HostPrivateKey" (my reading suggests these might be PKCS #7-enveloped). Also, within each backup there are "AuthSignature" and "AuthData" values in the Manifest.plist file, although these appear to be rotated as each file gets incrementally backed up, suggested they're not that useful as a key, unless something really quite involved is being done. There's a lot of misleading stuff out there suggesting getting data from encrypted backups is easy. It's not, and to my knowledge it hasn't been done. Bypassing or disabling the backup encryption is another matter entirely, and is not what I'm looking to do. This isn't about hacking apart the iPhone or anything like that. All I'm after here is a means to extract data (photos, contacts, etc.) from encrypted iTunes backups as I can unencrypted ones. I've tried all sorts of permutations with the information I've put down above but got nowhere. I'd appreciate any thoughts or techniques I might have missed.

Read the article
windows authentication vs sql server authentication for asp.net forms authentication site

- by Brij

I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due to permission. SQL server is based on windows authentication. What is the best approach to manage user to connect sql server? Should I enable sql server authentication? Let me know what to do so that it makes the production feel and there wouldn't be any problem during deployment. Note: Sql server is installed on domain server.

Read the article
Start a process as LocalSystem using ProcessStartInfo

- by auhorn

I am trying to start a process as the LocalSystem account using this code ProcessStartInfo _startInfo = new ProcessStartInfo(commandName); _startInfo.UseShellExecute = false; _startInfo.UserName = @"NT AUTHORITY\SYSTEM"; _startInfo.CreateNoWindow = true; _startInfo.Arguments = argument; _startInfo.RedirectStandardOutput = true; using (Process _p = Process.Start(_startInfo)) { _retVal = _p.StandardOutput.ReadToEnd(); _p.WaitForExit(); } But I am getting always the same error message saying "Logon failure: unknown user name or bad password". The user calling the function is a local admin and should be able to start a process with local system privilege. I also tried different combination but no luck. I would appreciate any help. Thanks

Read the article
Stumped by "The remote server returned an error: (403) Forbidden" with WCF Service in https

- by RJ

I have a WCF Service that I have boiled down to next to nothing because of this error. It is driving me up the wall. Here's what I have now. A very simple WCF service with one method that returns a string with the value, "test". A very simple Web app that uses the service and puts the value of the string into a label. A web server running IIS 6 on Win 2003 with a SSL certificate. Other WCF services on the same server that work. I publish the WCF service to it's https location I run the web app in debug mode in VS and it works perfectly. I publish the web app to it's https location on the same server the WCF service resides under the same SSL certificate I get, "The remote server returned an error: (403) Forbidden" I have changed almost every setting in IIS as well as the WCF and Web apps to no avail. I have compared setting in the WCF services that work and everything is the same. Below are the setting in the web.config for the WCF Service and the WEB app: It appears the problem has to do with the Web app but I am out of ideas. Any ideas: WCF Service: <system.serviceModel> <bindings> <client /> <services> <service behaviorConfiguration="Ucf.Smtp.Wcf.SmtpServiceBehavior" name="Ucf.Smtp.Wcf.SmtpService"> <host> <baseAddresses> <add baseAddress="https://test.net.ucf.edu/webservices/Smtp/" /> </baseAddresses> </host> <endpoint address="" binding="wsHttpBinding" contract="Ucf.Smtp.Wcf.ISmtpService" bindingConfiguration="SSLBinding"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Ucf.Smtp.Wcf.SmtpServiceBehavior"> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" httpsHelpPageEnabled="True"/> </behavior> </serviceBehaviors> </behaviors> Web App: <system.serviceModel> <bindings><wsHttpBinding> <binding name="WSHttpBinding_ISmtpService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /> </security> </binding> <client> <endpoint address="https://net228.net.ucf.edu/webservices/smtp/SmtpService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISmtpService" contract="SmtpService.ISmtpService" name="WSHttpBinding_ISmtpService"> <identity> <dns value="localhost" /> </identity> </client> </system.serviceModel>

Read the article
ASP.NET 4 - IIS 7 - Request timed out - Request timed out

- by sharru

My website is running on Asp.net v4 , IIS 7 , Windows server 2008. My cpu is running on 20-30% and the site is responding quickly. Every 2-5 mins i'm receiving the following error: Event code: 3001 Event message: The request has been aborted. Exception type: HttpException Exception message: Request timed out. , Request information: Request URL: http://www.xxxx.com/Services/AxRefresh.asmx/AxUpdate Request path: /Services/AxRefresh.asmx/AxUpdate User host address: 84.110.251.198 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE i read that the error is related to the maximum concurrent requests limit http://support.microsoft.com/kb/821268 but then i found out that on IIS 7 this limitation is changed and not relevant. http://msdn.microsoft.com/en-us/library/dd560842(VS.100).aspx Any other ideas what can be the problem or where to start looking ? Thx!

Read the article
the best way to connect sql server (Windows authentication vs SQL Server authentication) for asp.net

- by Brij

I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due to permission. SQL server is based on windows authentication. What is the best approach to manage user to connect SQL Server? Should I enable SQL Server authentication? Let me know what to do so that it makes the production feel and there wouldn't be any problem during deployment. Note: SQL Server is installed on domain server.

Read the article
Changes to JBoss web.xml have no effect

- by sixtyfootersdude

I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas?  <security-constraint>  <web-resource-collection>   <web-resource-name> Entire Application </web-resource-name>  <url-pattern> /* </url-pattern> </web-resource-collection>  <user-data-constraint>          <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config>    <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

Read the article
Get-WMIObject fails when run AsJob

- by codepoke

It's a simple question, but it's stumped me. $cred = Get-Credential $jobs = @() $jobs += Get-WmiObject ` -Authentication 6 ` -ComputerName 'serverName' ` -Query 'Select * From IISWebServerSetting' ` -Namespace 'root/microsoftiisv2' ` -EnableAllPrivileges ` -Credential $cred ` -Impersonation 4 ` -AsJob $joblist = Wait-Job -Job $jobs -Timeout 60 foreach ($job in $jobs) { if ($job.State -eq "Completed") { $app = Receive-Job -Job $job $app } else { ("Job not completed: " + $job.Name + "@" + $job.State + ". Reason:" + $job.ChildJobs[0].JobStateInfo.Reason) Remove-Job -Job $job -Force } } The query succeeds when run directly and fails when run -AsJob. Reason:System.UnauthorizedAccessException: Access is denied. I've jiggered with -Impersonation, -Credentials, -Authority, and -EnableAllPrivileges to no useful effect. It appears I'm overlooking something fundamental. Why is my Powershell prompt allowed to connect to the remote server, but my child process denied?

Read the article
show all tables in DB2 using the LIST command

- by Robert

This is embarrassing, but I can't seem to find a way to list the names of the tables in our DB2 database. Here is what I tried: root@VO11555:~# su - db2inst1 root@VO11555:~# . ~db2inst1/sqllib/db2profile root@VO11555:~# LIST ACTIVE DATABASES We receive this error: SQL1092N "ROOT" does not have the authority to perform the requested command or operation. The DB2 version number follows. root@VO11555:~# db2level DB21085I Instance "db2inst1" uses "64" bits and DB2 code release "SQL09071" with level identifier "08020107". Informational tokens are "DB2 v9.7.0.1", "s091114", "IP23034", and Fix Pack "1". Product is installed at "/opt/db2V9.7".

Read the article

< Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116 | Next Page >