apache2 ssl - Page 183 - Developer IT

Which linux x86 hardware keystore?

- by byeo

I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

Read the article

Under what circumstances might an IIS6 website be automatically deleted?

- by E. Anderson

Late last week my colleagues did some hardware maintenance on one of our vmWare esxi servers. One of the guests is a Windows Server 2003 Web Edition system that runs our low-traffic web sites. We discovered this morning that one of those websites was no longer working with what appeared to be an SSL error. After logging in, I found that the web site in question had been deleted from IIS! Is it possible for this to happen without a user actually going in and deleting that single web site? All of the other sites were fine. The files for the site in question had not been touched. I just re-created the web site, assigned the SSL cert, and everything was working again. When I logged in, I did see the 'Unexpected Shutdown' dialog.

Read the article

SSRS report on SharePoint Web Part

- by MicroSumol

I have this configuration: DBK- SQL/SSRS/SSAS (includes SharePoint databases) SPK- SharePoint I created a SharePoint Site with an SSL certificate. Then on DBK I setup the SSRS with an SSL. Finaly went back to SharePoint and setup a webpart on a subsite to connect to the SSRS report. The problem comes that the user is asked 2 times to authenticate. Once when he logs into sharepoint, then when he wants to see the SSRS report. Since I am not an expert on SSRS, I am asking is there an easy way to pass the SharePoint credentials to the SSRS report. Would it be easier to install SSRS on SPK? Would that even work or solve my problem?

Read the article

What should a hosting company do to prepare for IPv6?

- by Josh

At the time of writing The IPv4 Depletion Site estimates there are 300 days remaining before all IPv4 addresses have been allocated. I've been following the depletion of IPv4 addresses for some time and realize the "crisis" has been going on for many years and IPv4 addresses have lasted longer than expected, however... As the systems administrator for a small SaaS / website hosting company, what steps should I be taking to prepare for IPv6? We run a handful of CentOS and Ubuntu Linux systems on managed hardware in a remote datacenter. All our servers have IPv6 addresses but they appear to be link local addresses. Our primary business function is website hosting on a proprietary website CMS system. One of my concerns is SSL certificates; at the moment every customer with an SSL certificate gets a dedicated IPv4 IP address. What else should I be concerned about / what action should I take to be prepared for IPv4 depletion?

Read the article

CentOS: OpsCenter does not see other node's agent

- by Alice

I'm new with Apache Cassandra. I am trying to install a little sample cluster using two CentOS server. I followed the documentation (Tarball installation) and the nodes are up. However, when I go to OpsCenter, the nodes cannot see each other's agent (there is always "1 of 2 agents connected"..I tried to fix, but nothing change). I tried both to disable and enable SSL, I tried to set the incoming_interface in opscenter.conf, I tried almost everything the network suggested to me, but the problem persisted. Now, I have SSL enabled, and agent log tell me: "There was an error when attempting to load stored rollups." Is there someone that could help me, please?

Read the article

Ubuntu 10.04/CURL: How do I fix/update the CA Bundle?

- by Nick

I recently upgraded our server from 8.04 to 10.04, and all the software along with it. From what I've found online, it seems that the new version of CURL doesn't include a CA bundle, and, as a result, fails to verify that the certificate of the server you're connecting to is signed by a valid authority. The actual error is: CURL error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE: certificate verify failed Some palces I've found suggest manually specifying a CA file or disabling the check altogether by setting an option when you call CURL, but I'd much rather fix the issue globally, rather than having to modify each application's CURL calls. Is there a way to fix CURL's CA problem server-wide so that all of the existing application code works as is without needing to be modified?

Read the article

Apache VirtualHost Blockhole (Eats All Requests on All Ports on an IP)

- by Synetech inc.

I’m exhausted. I just spent the last two hours chasing a goose that I have been after on-and-off for the past year. Here is the goal, put as succinctly as possible. Step 1: HOSTS File: 127.0.0.5 NastyAdServer.com 127.0.0.5 xssServer.com 127.0.0.5 SQLInjector.com 127.0.0.5 PornAds.com 127.0.0.5 OtherBadSites.com … Step 2: Apache httpd.conf <VirtualHost 127.0.0.5:80> ServerName adkiller DocumentRoot adkiller RewriteEngine On RewriteRule (\.(gif|jpg|png|jpeg)$) /p.png [L] RewriteRule (.*) /ad.htm [L] </VirtualHost> So basically what happens is that the HOSTS file redirects designated domains to the localhost, but to a specific loopback IP address. Apache listens for any requests on this address and serves either a transparent pixel graphic, or else an empty HTML file. Thus, any page or graphic on any of the bad sites is replaced with nothing (in other words an ad/malware/porn/etc. blocker). This works great as is (and has been for me for years now). The problem is that these bad things are no longer limited to just HTTP traffic. For example: <script src="http://NastyAdServer.com:99"> or <iframe src="https://PornAds.com/ad.html"> or a Trojan using ftp://spammaster.com/[email protected];[email protected];[email protected] or an app “phoning home” with private info in a crafted ICMP packet by pinging CardStealer.ru:99 Handling HTTPS is a relatively minor bump. I can create a separate VirtualHost just like the one above, replacing port 80 with 443, and adding in SSL directives. This leaves the other ports to be dealt with. I tried using * for the port, but then I get overlap errors. I tried redirecting all request to the HTTPS server and visa-versa but neither worked; either the SSL requests wouldn’t redirect correctly or else the HTTP requests gave the You’re speaking plain HTTP to an SSL-enabled server port… error. Further, I cannot figure out a way to test if other ports are being successfully redirected (I could try using a browser, but what about FTP, ICMP, etc.?) I realize that I could just use a port-blocker (eg ProtoWall, PeerBlock, etc.), but there’s two issues with that. First, I am blocking domains with this method, not IP addresses, so to use a port-blocker, I would have to get each and every domain’s IP, and update theme frequently. Second, using this method, I can have Apache keep logs of all the ad/malware/spam/etc. requests for future analysis (my current AdKiller logs are already 466MB right now). I appreciate any help in successfully setting up an Apache VirtualHost blackhole. Thanks.

Read the article

Able to send, but not receive from gmail.com within Outlook 2003 (0x800CCC0F)

- by matt_tm

In my home network, I'm able to access my @gmail.com and @otherdomain.com accounts via POP3 from Outlook 2003. When accessing from my office network, I'm not able to receive, but am able to send. I get the following error: Task '[email protected] - Receiving' reported error (0x800CCC0F) : 'The connection to the server was interrupted. If this problem continues, contact your server administrator or Internet service provider (ISP).' The POP3 is set to 995 (using SSL), SMTP to 465 (using SSL), Logon using SPA is NOT enabled. There is NO change I make on my system from the office to home network, except my local, internal IP address changes.

Read the article

Why is the System process listening on Port 443?

- by ClearsTheScreen

I am having problems starting my apache server, because port 443 is already in use. It turns out, the system process (PID 4) uses the port 443. I don't have IIS installed, the services.msc shows (predicatbly) no Exchange server running, nor WWW-Services, nor IIS. I have no idea how to find out what service uses that port short of just disabling each service one after the other, and I am not even sure that would help. I would be grateful if someone could point me towards how I can get my SSL port back, thank you :) P.S.: Of course "just switch apache to another port for SSL" would solve the problem of not being able to start apache. But I'd still like to know what is so insistent about hogging port 443. :)

Read the article

Does nginx auth_basic work over HTTPS?

- by monde_

I've been trying to setup a password protected directory in a SSL website as follows: /etc/nginx/sites-available/default server { listen 443: ssl on; ssl_certificate /usr/certs/server.crt; ssl_certificate_key /usr/certs/server.key; server_name server1.example.com; root /var/www/example.com/htdocs/; index index.html; location /secure/ { auth_basic "Restricted"; auth_basic_user_file /var/www/example.com/.htpasswd; } } The problem is when I try to access the URL https://server1.example.com/secure/, I get a "404: Not Found" error page. My error.log shows the following error: 011/11/26 03:09:06 [error] 10913#0: *1 no user/password was provided for basic authentication, client: 192.168.0.24, server: server1.example.com, request: "GET /secure/ HTTP/1.1", host: "server1.example.com" However, I was able to setup password protected directories for a normal HTTP virtual host without any problems. Is it a problem with the config or something else?

Read the article

Encrypting absolutely everything, even within the LAN

- by chris_l

Has anybody tried that approach already? I'm really considering it: Instead of relying on network based IDS etc., every packet must use encryption which was initiated by a certificate issued by my own CA. Every client gets a unique client certificate Every server gets a unique server certificate Every service additionally requires to login. Both SSL and SSH would be ok. Access to the internet would be done via an SSL tunnel to the gateway. Is it feasible? Does it create practical problems? How could it be done and enforced? What do you think?

Read the article

Redirecting a subdomain to subdomain/folder

- by Johnbritto

I have linux server with plesk panel. I am running sourceforge VM in NAT mode with static ip 172.16.63.XX. In my host i have configured subdomain's (vhost.conf) with proxypass to connect with VM machine.. I can access sourceforge VM with http. I am searching for http redirecting to https. http://xxx.mydomain.com -- https://xxx.mydomain.com/sf/sfmain/do/home/ . just need to know, If I own a SSL for mydomain.com. if i redirect a xxx.mydomain.com to mydomain.com/folder will the SSL will be applied to redirected domain? i.e mydomain.com/folder?

Read the article

Request exceeded the limit of 10

- by Webnet

My logs are FULL of [Tue Jan 11 10:20:45 2011] [error] [client 99.162.115.123] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.domain.com/vehicles/Chevrolet/Uplander/2006 The problem is when I enable LogLevel debug we get HUGE error logs because all of our traffic is SSL. From what I can tell the file doesn't record these errors anymore, either that or it's so buried in SSL logs that I just can't find them. Here's my .htaccess Options -indexes RewriteEngine On RewriteRule ^battery/([^/]+)$ /browser/product?sku=BATTERY+$1&type=battery RewriteRule ^vehicles/([^/]+)/([^/]+)/([^/]+)/product([0-9]+)$ /browser/index.php?make=$1&model=$2&id=$3&%{QUERY_STRING} [L,NC] RewriteRule ^vehicles/([^/]+)/([^/]+)/([^/]+)/([0-9]+)$ /browser/product.php?make=$1&model=$2&year=$3&id=$4&%{QUERY_STRING} [L,NC] RewriteRule ^vehicles/([^/]+)/([^/]+)/([^/]+)$ /store/product/list.php?make=$1&model=$2&year=$3&%{QUERY_STRING} [L,NC] RewriteRule ^vehicles/([^/]+)/([^/]+)$ /vehicle/make/model/year/list.php?make=$1&model=$2&%{QUERY_STRING} [L,NC] RewriteRule ^vehicles/([^/]+)$ /vehicle/make/model/list.php?make=$1&%{QUERY_STRING} [L,NC]

Read the article

Why is the System process listening on Port 443?

- by Cornelius

I am having problems starting my apache server, because port 443 is already in use. It turns out, the system process (PID 4) uses the port 443. I don't have IIS installed, the services.msc shows (predicatbly) no Exchange server running, nor WWW-Services, nor IIS. I have no idea how to find out what service uses that port short of just disabling each service one after the other, and I am not even sure that would help. I would be grateful if someone could point me towards how I can get my SSL port back, thank you :) P.S.: Of course "just switch apache to another port for SSL" would solve the problem of not being able to start apache. But I'd still like to know what is so insistent about hogging port 443. :) Edit: I by now took the 'hard route' and disabled services one after the other. It turned out that the "Routing and RAS" service was the culprit. Thank you all for the valuable input and the new tools in the combat against "WTF does my system do now".

Read the article

Ping or accessing WAN IP from LAN results in failure on only one box

- by ComputerUserGuy

Morning/evening gents. I purchased a radical domain name today to set up a name for my services and to set up SSL. I configured the SSL fine and all but when I went to my website I couldn't connect. I can connect to the site with any other device in my house and my friend can connect to it as well from outside of the LAN. I am hosting the services with my computer and I can't access the service. Whenever I ping it using the command prompt I get a result of "General Failure.". It saddens me that they couldn't make a better message as it kind of brings me down. I'm not sure what's the deal here as I have all of my firewalls down and my ports are forwarded. Running Windows 7. Thanks for the assistance chaps.

Read the article

Slow data transfer using SSH

- by Floste

The server is an ubuntu server 11.04 with sshd. SSH works fine for console programs. But data transfer is slow, which is very annoying when transferring large files. I tried two different client programs and changed the port, but the speed is always the same. I know the server can transfer data a lot faster over SSL, which afaik uses AES. I configured my SSH client to use AES, too, but no effect. Why is using SSH multiple times slower than SSL and is there a way to improve transfer speed of SSH?

Read the article

Changes to JBoss web.xml have no effect

- by sixtyfootersdude

I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas?  <security-constraint>  <web-resource-collection>   <web-resource-name> Entire Application </web-resource-name>  <url-pattern> /* </url-pattern> </web-resource-collection>  <user-data-constraint>          <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config>    <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

Read the article

Lots of mysql Sleep processes

- by user259284

Hello, I am still having trouble with my mysql server. It seems that since i optimize it, the tables were growing and now sometimes is very slow again. I have no idea of how to optimize more. mySQL server has 48GB of RAM and mysqld is using about 8, most of the tables are innoDB. Site has about 2000 users online. I also run explain on every query and every one of them is indexed. mySQL processes: http://www.pik.ba/mysqlStanje.php my.cnf: # The MySQL database server configuration file. # # You can copy this to one of: # - "/etc/mysql/my.cnf" to set global options, # - "~/.my.cnf" to set user-specific options. # # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes # escpecially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. [client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific programs # The following values assume you have at least 32M ram # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] # # * Basic Settings # user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/english skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 10.100.27.30 # # * Fine Tuning # key_buffer = 64M key_buffer_size = 512M max_allowed_packet = 16M thread_stack = 128K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP max_connections = 1000 table_cache = 1000 join_buffer_size = 2M tmp_table_size = 2G max_heap_table_size = 2G innodb_buffer_pool_size = 3G innodb_additional_mem_pool_size = 128M innodb_log_file_size = 100M log-slow-queries = /var/log/mysql/slow.log sort_buffer_size = 5M net_buffer_length = 5M read_buffer_size = 2M read_rnd_buffer_size = 12M thread_concurrency = 10 ft_min_word_len = 3 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 512M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. #log = /var/log/mysql/mysql.log # # Error logging goes to syslog. This is a Debian improvement :) # # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = include_database_name # # * BerkeleyDB # # Using BerkeleyDB is now discouraged as its support will cease in 5.1.12. skip-bdb # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # You might want to disable InnoDB to shrink the mysqld process by circa 100MB. #skip-innodb # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M # # * NDB Cluster # # See /usr/share/doc/mysql-server-*/README.Debian for more information. # # The following configuration is read by the NDB Data Nodes (ndbd processes) # not from the NDB Management Nodes (ndb_mgmd processes). # # [MYSQL_CLUSTER] # ndb-connectstring=127.0.0.1 # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/

Read the article

Thinktecture.IdentityServer Beta 1

- by Your DisplayName here!

I just upload beta 1 to codeplex. Please test this version and give me feedback. Some quick notes on setup Watch the intro screencast on the codeplex site. Use the setup tool to set the signing and SSL certificate. You can now also set the ACLs on the private key for your worker pool account. IIS is required . SSL for the IIS site the STS runs in is required. Users of the STS must be in the 'IdentityServerUsers' role. Admins of the STS must be in the 'IdentityServerAdministrators' roles. What’s new? Mainly smaller bits and pieces and some refactoring. The biggest under the cover change is a new authorization model for the STS itself. If, e.g. you don’t like the new roles I introduced, you can easily change the behavior in the claims authorization manager in the STS web site project. What’s missing? The big one is Azure support. Not that I ran into unforeseeable problems here, I just wanted to wait until the on-premise version is more stabilized. Now with B1 I can start adding Azure support back.

Read the article

Keep your Root Authorities up to date

- by John Breakwell

Originally posted on: http://geekswithblogs.net/Plumbersmate/archive/2013/06/20/keep-your-root-authorities-up-to-date.aspxBy default, Windows will automatically update it’s internal list of trusted root authorities as long as the Update Root Certificates function is installed. This should be enabled by default and takes manual intervention to remove it. With this component enabled, the following happens: If you are presented with a certificate issued by an untrusted root authority, your computer will contact the Windows Update Web site to see if Microsoft has added the CA to its list of trusted authorities. If it has been added to the Microsoft list of trusted authorities, its certificate will automatically be added to your trusted certificate store. If the component is not installed and a certificate from an untrusted CA is encountered then the following text will be seen: This is an inconvenience for the person browsing the site as they need to click to continue. Applications, though, will be unable to proceed and will throw an exception. Example: ERROR_WINHTTP_SECURE_FAILURE 12175 (0x00002F8F) One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. If you look at the certificate’s properties, you can see the “Issued by:” value: This must match a Trusted Root Certificate Authority in the current user’s certificate store. So turn on automatic updating of trusted root authority certificates. For Windows Vista and above, this option is controlled through Group Policy. See the “To Turn Off the Update Root Certificates Feature by Using Group Policy” section of the following Technet article: Certificate Support and Resulting Internet Communication in Windows Vista If Windows Update is a blocked site then download and deploy the latest pack of root certificates from Microsoft: Update for Root Certificates For Windows XP [May 2013] (KB931125) Failing that, find a machine that has the latest root certificates installed and export them from there: Open up the Certificates console. Right-click the required Trusted Root Certificate Authority certificate Choose Export from “All Tasks” to open up the Certificate Export Wizard Choose an export file format – DER should be fine Provide a file name and complete the export. Move the file to the machine that’s missing the certificate Right-click the file and choose “Install Certificate” to open up the Certificate Import Wizard Allow the wizard to automatically select the certificate store and complete the import On a side note, for troubleshooting certificate issues it can be helpful to clear the SSL state:

Read the article

Are You Using Facebook with an Encrypted Session Yet?

- by The Geek

If you’re geeky and keep up with all the tech news, you probably already know that Facebook added an SSL feature, but for everybody else: You can make your Facebook profile more secure by turning this option on, and here’s how to do it. All we’re going to do is head into the Facebook profile settings and then check a box that forces the use of SSL encryption whenever possible. Easy Latest Features How-To Geek ETC Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware How to Change the Default Application for Android Tasks Stop Believing TV’s Lies: The Real Truth About "Enhancing" Images The How-To Geek Valentine’s Day Gift Guide Inspire Geek Love with These Hilarious Geek Valentines RGB? CMYK? Alpha? What Are Image Channels and What Do They Mean? Project M Brings Classic Super Smash Bro Style Gameplay to the Wii Now Together and Complete – McBain: The Movie [Simpsons Video] Be Creative by Using Hex and RGB Codes for Crayola Crayon Colors on Your Next Web or Art Project [Geek Fun] Flash Updates; Finally Supports Full Screen Video on Multiple Monitors 22 Ways to Recycle an Altoids Mint Tin Make Your Desktop Go Native with the Tribal Arts Theme for Windows 7

Read the article

Internet Explorer will not open Office files

- by geekrutherford

An issue was brought to my attention today at work where certain users were unable to open Office files (specifically Excel) from Internet Explorer 7. The user would click on a button which simply generated an inline JS call to open a pop-up pointing to the .xlsx file on the server. IE would open the pop-up and then shortly thereafter the pop-up would disappear without the file ever opening. I tweaked the security settings in the users browser...added the site to the list of trusted sites and lowered the security settings to Medium-Low. This allowed IE to at least prompt with the Save or Open message. Clicking either open resulted in "Internet Explorer Could Not Open the Site...". Perturbed, I retreated back to Geek Central (aka my desk) and modified my application such that instead of simply pointing the browser to the file and now used Response.TransmitFile() to stream it to the browser instead. I thought to myself "this is perfect, it has to work!!!". Alas, no luck. Bewildered and confused and returned to the lone users computer and started looking around the various IE options. I stumbled upon "Clear SSL State" under the "Content" tab. This appears to clear out all SSL certificates on the client forcing it to refresh. Doing this in concert with resetting the security levels for all zones back to their defaults seemed to do the trick.

Read the article

Collabnet Subversion and Self Signed Certificates

- by Robert May

We installed Collabnet as our subversion server recently. This is the first time that we’ve used it. In general, it seems pretty good, but we ran into a problem with it. People were getting the following error in Tortoise: OPTIONS of ’https://xxxx.xxxxxxxx.xxxx/svn/xxxxx’: SSL handshake failed: SSL error code – 1/1/336032856 (https://xxxx.xxxxxxxx.xxxx) The odd thing is that for some people, it worked, for others, it didn’t! I also couldn’t find anything useful out on the internet. We had checked the Subversion Server should serve via https option in the settings, and all of the ports were open, etc. This option causes a self signed certificate to be used. What we discovered: Tortoise must use the same url as is in the Hostname field on the General settings for collabnet or you’ll get this error. Basically, some people were using https://svn.xxxxxxx.xxxxx and others were using https://computername.xxxxxxxx.xxxx. Because the host name said used the computer name version, the whole thing broke. By changing the host name to the svn version, which is what they should be using, the problem went away. The users do get the “Accept Certificate” prompt, but we can live with that! Technorati Tags: Subversion,Collabnet

Read the article

Implicit OAuth2 endpoint vs. cookies

- by Jamie

I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

Search Results

Search found 6253 results on 251 pages for 'apache2 ssl'.

Page 183/251 | < Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190 | Next Page >

- by byeo

- by E. Anderson

- by MicroSumol

- by Josh

- by Alice

- by Nick

- by Synetech inc.

- by matt_tm

- by ClearsTheScreen

- by monde_

- by chris_l

- by Johnbritto

- by Webnet

- by Cornelius

- by ComputerUserGuy

- by Floste

- by sixtyfootersdude

- by user259284

- by Your DisplayName here!

- by John Breakwell

- by The Geek

- by jhpierce -Oracle

- by geekrutherford

- by Robert May

- by Jamie

< Previous Page | 179 180 181 182 183 184 185 186 187 188 189 190 | Next Page >