Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 117/216 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >

  • How to create X509 self signed certificate for use in Apache Tomcat

    - by DaveJohnston
    I have a Java application that runs on Windows Mobile devices using a 3rd Party JVM. The application communicates with an Apache Tomcat server over HTTP. We have also used HTTPS for some connections and the certificates were created using the Sun keytool utility. First a keystore was created using genkey, then the certificate exported using export and finally that was imported into another keystore using import. The file created by genkey was loaded into the Apache server and the keystore created using import was loaded into the JVM on the PDA. Everything works as expected. I am now working with a new JVM on the PDA and (for whatever reason) I have established that this JVM requires the keystore to be in X509 (DER) format. I started working on this about a month ago and had it working, but stupidly never wrote down the steps I took, and now I can't for the life of me remember what I did. I seem to remember using openssl but other than that I am totally lost. Anything I create now using openssl and try to load into Apache causes an error at startup (Invalid Keystore Format) so I am probably missing something out entirely. Does anyone have any ideas how I should be going about creating this self-signed X509 certificate that can be loaded into Apache server and JVM running on a PDA?

    Read the article

  • SSLsample in NSS

    - by karikari
    Since the latest version of NSS does not provide the SSLSample program, I copied the folder SSLSample from the older version of NSS (3.9, 3.12) to the /security/nss/cmd folder inside nss-3.12.4 . When I run make nss_build_all in my 3.12.4, the other programs generated its own binary but not my SSLSample folder. I would like to know why?

    Read the article

  • Internet Explorer blocked this website from displaying content with security certificate errors

    - by Tabrez
    I have a security certificate linked to a CDN's server. The main website is https:www.connect4fitness.com When I pull the site up in firefox or chrome, everything works fine. But in IE I get the following error: "Internet Explorer blocked this website from displaying content with security certificate errors." On IE 9 it shows the button "Display Content" and you can get past the error by clicking on the button. On older versions on I the error message is much more cryptic and is confusing users. Please note that I don't have the option of asking end users to add the site to Trusted Sources as some folks use the site from their work computers and do not have that access. Also, some people don't bother to call once they hit the error. I have looked at the content and all my links are "https" only. I had one namespace link and I got rid of it. Any idea about how I can find what is triggering this message?

    Read the article

  • CFHTTP and IIS 7 Connection Failture (NOT SSL)

    - by Dave Quested
    I'm trying to do a very simple CFHTTP GET call to a local website running on IIS7, however it throws a 408 Connection Failure. I've done all the obvious things: The site is listed in the hosts file locally I've added the CFHTTPPARAM tags for IIS compression issues (deflate;q=0) Surfing to the URL in the browser works fine Doing a CFHTTP to google.com works fine, no local sites work at all. When searching on Google there are others that have had this, but no solutions. Anyone successfully got through this issue?

    Read the article

  • SSL Certificate without host name in it

    - by Sinuhe
    I have implemented a web service with server and client authentication using keytool. The problem is that this authentication doesn't work if I don't include the name of the host in it. For example: keytool -genkey -alias myAlias -keyalg RSA -keypass myPassword -storepass myPassword -keystore my.keystore -dname "CN=myhost" But I don't need and I don't like validation by host or by IP. Is there any way of avoiding it? Thanks.

    Read the article

  • Security for ASP.NET application running on intranet / VPN

    - by Ryan
    Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

    Read the article

  • How to ignore expired certificates from outside a Java application?

    - by Creepy Gnome
    We have a Java application that we need to ignore an expired self-signed cert, however we cannot modify the code to do this. I wondering if there was a System Property or environment variable that we could provide at start up that would allow us to have all expired cert's ignored for now, or even be more specific and provide externally the specific cert that we would like to have the expiration ignored. Anyone have any ideas that would work?

    Read the article

  • IE8 error with Certificate

    - by Jon B
    I have installed a certificate with multiple Common Names on a Red Hat server in the jks format. The web page can be accessed with Firefox and the certificate gets imported. However, IE8 gives the error "Internet Explorer cannot display the webpage". I added the cert with MMC and its properties shows "This certificate has an nonvalid digital signature.". Also the cert doesn't have the URL of the web page in it. The cert does have a valid signature in Firefox and the URL mismatch is ignored. How can I get IE8 to accept it. This cert is required for another Application (where it works fine) and cannot be changed except to change the format. I already have it in PKCS12, jks and pem formats.

    Read the article

  • Web site aggregation with twitter widget SSL issue

    - by AB
    Hello! I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone). First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side). Thank you for attention.

    Read the article

  • WCF Service in Azure with ClaimsIdentity over SSL

    - by Sunil Ramu
    Hello , Created a WCF service as a WebRole using Azure and a client windows application which refers to this service. The Cloud Service is refered to a certificate which is created using the "Hands On Lab" given in windows identity foundation. The Web Service is hosted in IIS and it works perfect when executed. I've created a client windows app which refers to this web service. Since WIF Claims identity is used, I have a claimsAuthorizationManager Class, and also a Policy class with set of defilned policies. The Claims is set in the web.config file. When I execute the windows app as the start up project, the app prompts for authentication, and when the account credentials are given as in the config file, it opens a new "Windows Card Space" Window and Says "Incoming Policy Failed". When I close the window the System throws and Exception The incoming policy could not be validated. For more information, please see the event log. Event Log Details Incoming policy failed validation. No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs) Details: System Provider [ Name] CardSpace 3.0.0.0 EventID 267 [ Qualifiers] 49157 Level 2 Task 1 Keywords 0x80000000000000 EventRecordID 6996 Channel Application EventData No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

    Read the article

  • Avoid Internet Explorer Warning when embedding Youtube on HTTPS site?

    - by pellepim
    On a HTTPS site embedding youtube clips works great in all browser, except Internet Explorer where I get this famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy?

    Read the article

  • How to generate a certificate request with SubjectAltNames on IIS 6.0 ?

    - by Gumble
    I'm looking for a way to add a Subject Alternative Name in my certificate request in the IIS 6.0 certificate creation wizard. It seems I can only fill the Subject field and not the Subject Alternative Name. Trying to follow this guide (http://support.microsoft.com/kb/931351) using certreq.exe doesn't help, it fails without any hint except that it prints its manual. Any suggestions appreciated, I hope I won't have to export my public key and generate the csr with openssl :/

    Read the article

  • asp:Login control requests

    - by Dean
    Hi All, ran into an issue, we are using webforms with a site with this dir structure: root: / secure : /securepages/ we only want users who are logged in to access /securepages/. currently we are using the login control, 3.5, forms auth, all is working ok but know we have thrown assl cert into the mix and the issue is that the login control is requesting WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 from the non secure url e.g. ht tp://www.mysite.com/WebResource.axd?d=XukT0PE1PS-iOKw3RT8Z6g2&t=633834231612265882 . This causes the browser to prompt the user to download unsecure content. I am using some redirecting in the global.asax to handle redirection to https://xx xxxlogin.aspx if login.aspx it requested from http://. thanks

    Read the article

  • Browser security when calling HTTP assets via a SWF on a HTTPS site

    - by Mark Ursino
    We have a site that runs on HTTPS and needs to pull in various JS assets to run a video player on the page. We get a browser security warning on this page because the JS files we are externally calling are being accessed via HTTP, not HTTPS. E.g. // HTTP reference on a HTTPS site <script src="http://the-cdn.tld/player.js"></script> Simply accessing this one JS assets via HTTP and not HTTPS will cause the browser security warning which we need to get rid of. The provider of the JS file does not support an HTTPS equivalent (like Google Analytics does). We would ideally love to just do the following, but the provider does not have this: // HTTPS reference on a HTTPS site <script src="https://the-cdn.tld/player.js"></script> One option we had was to just download a copy of the JS file and serve it on the HTTPS site, however we have concerns with this as it is not recommended by the provider and will not include updates from them. Assuming we cannot do that, we were thinking a possible other option would be to use a SWF file as a proxy. We were thinking that we could have one of our flash guys create a SWF that loads in the HTTP-served JS file to the page. We were wondering that if this SWF makes the request, would that prevent the browser from showing the security warning or not? I assumed that we would still see the warning since the SWF is still making the request through the browser, but I wanted to see what the hive mind thinks.

    Read the article

  • Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security

    - by feniix
    I have a single installation of java in a system that runs 2 or 3 applications. All the applications use the same runtime. Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is there an option to specify an "extra" keystore that is loaded and added to the certs loaded from java_home/jre/lib/security/cacerts? What I want to avoid is having to re-import our local ca every time I upgrade the jdk in the box.

    Read the article

  • Can't connect to HTTPS using X509 client certificate

    - by wows
    Hi - I'm new to cryptography and I'm a bit stuck: I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly. They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store. I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it. Then, in my app, I'm attempting to connect to the service like this: var certificate = X509Certificate.CreateFromCertFile("xyz.cer")); var serviceUrl = "https://xyz"; var request = (HttpWebRequest) WebRequest.Create(serviceUrl); request.ClientCertificates.Add(certificate); request.Method = WebRequestMethods.Http.Post; request.ContentType = "application/x-www-form-urlencoded"; I get a 502 Connection failed when I connect. Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003. Thanks!

    Read the article

  • Securely persist session between https://secure.yourname.com and http://www.yourname.com on rails ap

    - by Matt
    My rails site posts to a secure host (e.g. 'https://secure.yourname.com') when the user logs into the site. Session data is stored in the database, with the cookie containing only the session ID. The problem is that when the user returns to a non-https page, such as the home page (e.g. 'http://www.yourname.com') the user appears to have logged out. I believe the reason for this is that a separate cookie is stored for each host (www vs. secure). Is this correct? What is the best secure way to persist the session between both the http and https sections of the site? Does anyone know of any plugins that address this problem? The site runs on Heroku.

    Read the article

  • Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

    - by justinhj
    I've been testing some that works with a bunch of https servers with different keys, some of which are invalid and all of them are not in the local key store for my JVM. I am really only testing things out, so I don't care about the security at this stage. Is there a good way to make POST calls to the server and tell Java not to worry about the security certificates? My google searches for this have brought up some code examples that make a class to do the validation, that always works, but I cannot get it to connect to any of the servers.

    Read the article

  • Testing PayPal certificate on a different domain

    - by PHP thinker
    I have a PP-enabled site that needs to be tested. I've already tested it with Sandbox credentials and it works ok. The next step is to test it with live PayPal credentials on test server. Here I hit a wall, because using real credentials from liveserver.com on test.liveserver.com gives me error of "malformed url" (which as I read stands for "invalid credentials"). And here is the question: are PayPal credentials domain-bound? Can I get error message because I am using live api credentials on a subdomain(different domain)?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >