Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 131/170 | < Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >

  • Debian: SSH: "PermitRootLogin=forced-commands-only" stopped working

    - by Brent
    I have several servers running Debian Lenny. Just recently I discovered the PermitRootLogin=forced-commands-only directive for ssh, which allows me to run a scripted rsync as root with an ssl key, without enabling more generalized root ssh access. However, last week this stopped working - it appears on all of my servers - and I can't figure out why. Everything continues to work fine with PermitRootLogin=yes, but I would prefer to block root logins - especially via passwords. The day it stopped working, we reconfigured some of the ports on one of our switches (which we later reverted), but I can't see that affecting this, since it still works with PermitRootLogin set to yes. How can I diagnose why the forced-commands-only directive has apparently stopped working?

    Read the article

  • PHP does not allow https connections

    - by FunkyChicken
    Hey guys im running PHP 5.4.0 and I cannot cURL nor files_get_content() https connections. Using curl in a PHP script shows: [root@ns1]# /opt/php/bin/php -q test.php * About to connect() to www.google.com port 443 * Trying 74.125.225.210... * connected * Connected to www.google.com (74.125.225.210) port 443 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none Segmentation fault Using file_get_contents() shows: Warning: file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in /test.php OpenSSL and OpenSSL-devel are installed, and PHP is also configured with cURL support for SSL connections. See: http://i.imgur.com/ExAIf.png Any idea what might be going wrong? Further info: CentOS 5.8(64) with Nginx 1.2.4

    Read the article

  • Remote Desktop Connection over VPN on mac

    - by Diego Faria
    I'm trying to connect to a Windows computer on over a VPN connection using Remote Desktop connection. I opened Network on mac and created a new connection. Interface: VPN. VPN Type: PPTP. I filled the inputs for server address, account name, password and applied. I connect the VPN and it connects. I open Remote Desktop Connection and put the IP of the machina i want to connect but it dont connect, a problem occurs saying that the machina may be turned off and etc. But in a windows machine I can connect there and the machine is up and running. On my mac I ping to the ip address that a want to connect and it has no response. I think that the vpn have a problem, is there a way for me to certificate that i am on the vpn network ? Whats going on?

    Read the article

  • Escape a ! in the password parameter of wget

    - by Dave
    I'm trying to execute something like this: wget --user=foo --password=bar! url The ! in the password is causing problems. I've tried escaping it with \, as in --password=bar\! I've tried encapsulating in single and double quotes. I put the password in a separate file and tried --password=cat pass.txt Each time, I get a 403 Forbidden. Using -d, I see that the SSL handshake is successful. On the Windows command line, the command works. My assumption is that I need to escape the ! differently, but I don't know how else.

    Read the article

  • Apache + plesk vhost problem: .htaccess ignored!

    - by DaNieL
    Hi guys, i have a problem with a simple apache configuration. When the user ask for https://mydomain.com i have to redirect it to https://www.mydomain.com, becose my https certificate is valid just for the domain with www. I create the vhost.conf into my /var/www/vhosts/mydomain.com/conf/ directory, with inside: <Directory /var/www/vhosts/mydomain.com/httpsdocs> AllowOverride All </Directory> And my .htaccess file into the /var/www/vhosts/mydomain.com/httpsdocs/ is: RewriteEngine on RewriteCond %{HTTPS_HOST} ^mydomain\.com RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] But seem like the .htaccess is completely ignored. Any idea?

    Read the article

  • vsftpd with pam_winbind.so

    - by David
    I'm trying to setup vsftpd to use logins from our domain. I want the ftp users to be able to login using their active directory username/password and have be able to have full access to /media/storage/ftp/username. I setup pptp using winbind and it is working fine, so I belive the issue is with vsftpd and pam. The ftp server runs and gives 530 for the login. I turned on debug for the pam module, but I see nothing in the syslog. Vsftp only logs a wrong login in its log. /etc/pam.d/vsftpd auth required pam_winbind.so debug /etc/vsftpd.conf listen=YES listen_ipv6=NO connect_from_port_20=YES anonymous_enable=NO local_enable=YES write_enable=YES xferlog_enable=YES idle_session_timeout=600 data_connection_timeout=120 nopriv_user=ftp ftpd_banner=Welcome to Scantiva! Authorized access only! local_umask=022 local_root=/media/storage/ftp/$USER user_sub_token=$USER chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd guest_enable=YES guest_username=ftp ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/etc/ssl/private/vsftpd.pem

    Read the article

  • Is it secure to store the cert/key on a private AMI?

    - by Phillip Oldham
    Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

    Read the article

  • Aventail VPN connection doesn't work

    - by Warlax
    I installed the Aventail VPN client on both the Mac and a Windows 7 machine, both on my home network. When I try to connect one or the other (I make sure one is disconnected before connecting through the other machine), I get a connection and view the correct certificate - accept it and Aventail tells me that I am connected. However, accessing any page inside my company's network is only possible on Windows. On the Mac I get this page: It looks like my ISP doesn't know how to redirect me? Maybe something about my DNS being set incorrectly on the Mac? Our helpdesk has been completely useless.

    Read the article

  • ASP.NET directories blocked from VisualSVN Server behind reverse proxy in IIS 6

    - by user143344
    I’ve got VisualSVN Server running behind a reverse proxy in IIS 6, Windows Server 2003. This isn’t ideal, but for the main web app on the server I’ve only got one IP address and SSL certificate available. Everything works except for when trying to commit to or browse the default ASP.NET directories (App_Browsers, App_Code, App_Data). SVN commits fail for these directories – which I believe is because IIS will never serve them by default. The reverse proxy uses a virtual directory in IIS – is there a change I can make in the web.config for this virtual directory to get around the issue?

    Read the article

  • Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

    - by Howiecamp
    I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

    Read the article

  • Password Self-serve Active Directory via LAMP environment

    - by keithosu
    I would like to be able to change active directory passwords via a Linux/Apache based webpage. This would be a self serve web page for the user. I have SSL-LDAP setup on the Active Directory to make this happen. Is there any project or code out there that will do this? I've looked at this phpadadmin and I cannot get it to work. I think this is for IIS/php/mySQL Another thing to note is I would like the user to authenticate to change their own password. The product/service should not need a privileged account to run. Thanks Keith

    Read the article

  • Tools to manage large network of heterogeneous web applications?

    - by Andrew
    I recently started a new job where I've been tasked with managing a global network of heterogenous web applications. There's very little documentation. My first order of business is to create an inventory of all of the web applications. Are there any tools out there to manage a large group of web apps? I'd like to collect a large dataset for each website including: logins for web based control panels logins to FTP/ssh accounts Google analytics tracking code for each site 3rd party libraries used SSL certs, issuers, and expiration dates etc I know I could keep the information in Excel or build a custom database, but I'm hoping there's already a tool out there to help me with this.

    Read the article

  • Domain Controller Placement

    - by Matt
    I've been working through some Exchange training documentation (the official MS e-learning package) and all of the design scenarios allude to placing at least one DC from your forest root domain in every site. I'm not sure whether this just relates to Exchange, but I can think of a number of issues we experience in our forest that would be resolved by this. For example, a Microsoft support engineer has stated that EVERY client in a child domain (i.e. all workstations and member servers) need access to a forest root DC to check certificate/template permissions, even on a subordinate CA. I have attempted to locate documentation or guidelines from Microsoft on this, but have not been able to find anything. I found the Domain Controller Placement guide, but it's only a form - you would use it to document where you will place your DCs, but it doesn't give any guidance on where you should deploy them. Does anyone know where, or if, I can find any such documentation?

    Read the article

  • How to suppress "Not collecting exported resources without storeconfigs"?

    - by Andy Shinn
    I'm getting the following in my Puppet master syslog over and over: Sep 27 11:52:05 puppet1 puppet-master: Not collecting exported resources without storeconfigs Sep 27 11:52:06 puppet1 puppet-master: Not collecting exported resources without storeconfigs Sep 27 11:52:06 puppet1 puppet-master: Not collecting exported resources without storeconfigs I'm not actually using storeconfigs: [ashinn@puppet1 ~]$ cat /etc/puppet/puppet.conf [agent] server = puppet.mydomain.com environment = production report = true [main] logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = /var/lib/puppet/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter pluginsync = true certname = puppet1.mydomain.com [master] modulepath = $confdir/environments/$environment/modules manifest = $confdir/environments/$environment/manifests/site.pp templatedir = $confdir/templates autosign = $confdir/autosign.conf ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY report = true reports = hipchat Any way I can suppress these messages? What do they actually come from?

    Read the article

  • Installing php(suexec) for Apache

    - by John
    I've got Apache installed and running but how do i install and run PHP as fastcgi so it runs as its own user? here is my apache config: ./configure --prefix=/usr/local/apache2 --enable-rewrite=shared --enable-so --enable-suexec --disable-asis --disable-autoindex --enable-cache --enable-deflate --enable-disk-cache --enable-expires --enable-file-cache --enable-mem-cache --enable-ssl --enable-vhost-alias --with-mpm=prefork --with-port=8080 here is my php config: ./configure prefix=/usr/local/php --without-pear --enable-safe-mode --enable-magic-quotes --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --disable-cgi --enable-force-cgi-redirect --enable-fastcgi --with-mysql --with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib --enable-calendar --with-curl --enable-mbstring --with-mcrypt

    Read the article

  • Filtering attachment types in Google Apps (free Google Business)

    - by Ernest
    We have Google apps in our company for mail delivery, our business can't pay the business version yet, however, we need to control the attachment types that employees download. We recently switched from another hosting provider who recomended us to plug Google Apps for mail when we moved the domain, we had a firewall before which was able to prevent certain file types to be downloaded. I know the business version has section for filtering mail (postini services). Is there a hack around my problem? Anyone ever had this problem? Thank you! UPDATE: The main problem is gmail apps uses ssl connection, can this be changed ? how can i get the firewall to filter files only allowing *.doc, *.xls y *.pdf.

    Read the article

  • How to convert non key, value java arguments to applet params? (args like -Xmx64m)

    - by bwizzy
    I'm trying to use xvpviewer (based on TightVNC) to VNC into my VMs running on Citirx XenServer. There are a couple of caveats required with trusting the certificate from XenServer which I've got working. Essentially I'm trying to convert the java command below (which works on the command line to launch VncViewer) for use in an applet that can be accessed via HTML page. java -Djavax.net.ssl.trustStore=/tmp/kimo.jks -Xmx64m -jar VncViewer.jar HOST "/console?ref=OpaqueRef:141f4204-2240-4627-69c6-a0c7d9898e6a&session_id=OpaqueRef:91a483c4-bc40-3bb0-121c-93f2f89acc3c" PORT 443 PROXYHOST1 192.168.0.5 PROXYPORT1 443 SocketFactory "HTTPSConnectSocketFactory" I know I can put the HOST, PORT etc arguments into param tags for the applet but I'm not sure how to apply the two initial argments.

    Read the article

  • Is it possible to use a static IP assigned by my ISP for an offsite web server on a VPS (different ISP)?

    - by NightOwl888
    I have a web server on a Virtual Private Server with a hosting provider. Unfortunately, they are really stingy with IP addresses and I need to run several SSL certificates on my server, so I will need a few more than I have. I have a block of 5 static IP addresses on a business package through a different ISP and I am only using 1 of them for connectivity in the office. What I am wondering is if it is possible to use the 4 unused static IP addresses from this ISP on my VPS, which is hosted by another ISP? The VPS (web server) is running Windows Server 2008 R2 Web Edition. If this can be done, please let me know how to configure it.

    Read the article

  • Should `keepalive_timeout` be removed from Nginx config?

    - by Bryson
    Which is the better configuration/optimization: to explicitly limit the keepalive_timeout or to allow Nginx to kill keepalive connections on its own? I have seen two conflicting recommendations regarding the keepalive_timeout directive for Nginx. They are as follows: # How long to allow each connection to stay idle; longer values are better # for each individual client, particularly for SSL, but means that worker # connections are tied up longer. (Default: 65) keepalive_timeout 20; and # You should remove keepalive_timeout from your formula. # Nginx closes keepalive connections when the # worker_connections limit is reached. The Nginx documentation for keepalive_timeout makes no mention of the automatic killing, and I have only seen this recommendation once, but it intrigues me. This server serves exclusively TLS-secured connections, and all non-encrypted connections are immediately rerouted to the https:// version of the same URL.

    Read the article

  • How to limit access to Exchange 2003 Mobile Actviesync server by user?

    - by micilin
    So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it. By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms. So I've got the following in IIS: Exadmin Exchange EchWeb Microsoft-SErver-ActiveSync MobileAdmin OMA And a couple of others that I dont think are relevant. Can I change the permissions on one of these to restrict who can connect to Activesync? As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access? Thanks in Advance!!

    Read the article

  • Postfix configuration w.r.t. port 25

    - by Monkey Boson
    After a considerable amount of research, I have configured my postfix server to use dovecot to accept SMTPS connections over port 465 and everything works swimmingly. Unfortunately, I forgot that, unless I listen to port 25, I'm not going to receive any e-mail from the net. I'm hoping somebody knows off the top of their head how to open up port 25 on Postfix for anonymous users, but disallow relaying and any other bad things on that port. And to leave the port 465 the way it is. As to my current configuration, I changed the master.cf file: smtps inet n - n - - smtpd and the main.cf file: # Use our SSL certificates smtpd_tls_cert_file = .....cer smtpd_tls_key_file = .....key smtpd_tls_security_level = may # Use Dovecot for SASL authentication smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination Any help is appreciated!

    Read the article

  • Iptables REDIRECT + openvpn problem

    - by Emilio
    I want to redirect connection to port 22 to my openvpn binded port, on 60001. Openvpn is running on server on 60001 server:~$ sudo netstat -apn | grep openvpn udp 0 0 67.xx.xx.137:60001 0.0.0.0:* 4301/openvpn I redirect on server port 22 to 60001 server:~$ sudo iptables -F -t nat server:~$ sudo iptables -A PREROUTING -t nat -p udp --dport 22 -j REDIRECT --to-ports 60001 I start openvpn client (openvpn.conf is correct, it works with remote IP 22 replaced with remote IP 60001) client:~$ ./openvpn openvpn.conf Tue Apr 27 00:42:50 2010 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [EPOLL] built on Mar 23 2010 Tue Apr 27 00:42:50 2010 UDPv4 link local (bound): [undef]:1194 Tue Apr 27 00:42:50 2010 UDPv4 link remote: 67.xx.xx.137:22 Tue Apr 27 00:42:52 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Tue Apr 27 00:42:55 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) ... It doesn't connect. iptables shows requests from client to server but no answers. What's wrong with it?

    Read the article

  • Can I optimize this mod_wsgi / apache file better?

    - by tomwolber
    I am new to Django/Python/ mod_wsgi, and I was wondering if I could optimize this file to reduce memory usage: ServerRoot "/home/<foo>/webapps/django_wsgi/apache2" LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule wsgi_module modules/mod_wsgi.so LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog /home/<foo>/logs/user/access_django_wsgi.log combined ErrorLog /home/<foo>/logs/user/error_django_wsgi.log KeepAlive Off Listen 12345 MaxSpareThreads 3 MinSpareThreads 1 MaxClients 5 MaxRequestsPerChild 300 ServerLimit 4 HostnameLookups Off SetEnvIf X-Forwarded-SSL on HTTPS=1 ThreadsPerChild 5 WSGIDaemonProcess django_wsgi processes=5 python-path=/home/<foo>/webapps/django_wsgi:/home/<foo>/webapps/django_wsgi/lib/python2.6 threads=1 WSGIPythonPath /home/<foo>/webapps/django_wsgi:/home/<foo>/webapps/django_wsgi/lib/python2.6 WSGIScriptAlias /auctions /home/<foo>/webapps/django_wsgi/auctions.wsgi WSGIScriptAlias /achievers /home/<foo>/webapps/django_wsgi/achievers.wsgi

    Read the article

  • HTTPS vs. VPN for communication between business partners?

    - by Andrew H
    A business partner has asked to set up a site-to-site VPN just so that a few servers can communicate with each other over HTTPS. I'm convinced this isn't necessary, or even desirable. To be fair it must be part of a wider policy, potentially even a legal requirement. However I'd like to convince them to simply offer an IP to us (and us only) and a port of their choosing for HTTPS. Has anyone had a similar experience, or had to come up with a cast-iron argument against a VPN? Allow me to expand a little - we have a web service that initiates a connection to the partner's corresponding service using an encrypted HTTP connection. The connection uses a client certificate to authenticate. The connection is firewalled so only our IPs can contact the service. So why is a VPN necessary?

    Read the article

  • Problem accessing the remote working space on my new SBS 2008 box

    - by Dabblernl
    This supposedly easy to install OS is starting to drive me nuts... SYMPTOMS: When trying to connect to the remote workplace I get (and ignore) the security warning because I am currently testing with the self issued certificate. After loggin in the remote workplace's main screen displays but the images on it do not load. When I try to click the email link I am thrown back to the login screen. If I try the login to exchange directly by typing in the remote.mydomain.com/owa address I get a 403 error that I am denied access. The problem occurs on both a vista and a win 7 machine. It seems that some security setting is playing tricks with me. How can I troubleshoot this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >