Search Results

Search found 1094 results on 44 pages for 'ev certificates'.

Page 20/44 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • Redirect request from https domain to https subdomain with only one certificate

    - by Sean K.
    I'm trying to redirect users to a subdomain in server2 if they make an https request to server1. I only have one certificate, and that's installed on server2. So for instance, from (server1) https://www.example.com to (server2) https://ssl.example.com My best guess is that I will need a certificate for https://www.example.com as the hostname is encrypted inside the HTTP header so my server won't know to redirect until it's decrypted. However, I'm curious if this is possible without two certificates?

    Read the article

  • Problem Implementing SSL with WSUS

    - by JohnB
    I'm working on setting up SSL on our WSUS server using a self signed certificate, but I'm running into trouble. Specifially, after running selfssl /n:CN=server.domain.local /t /v:365, and ensuring that Require Client Certificates is selected in the following directories: SimpleAuthWebService ServerSyncWebService DssAuthWebService ClientWebService APIRemoting30 I am receiving Event 120[2-5]2 upon running wsusutil.exe checkhealth. Basically, each of the directories I require the certificate on fails to work. What am I missing?

    Read the article

  • HTTPS Stunnel and Haproxy

    - by panalbish
    I am trying to use stunnel infront of Haproxy for SSL support. SSL certificates are located according to stunnel configuration. I am also able to get the https connection, but every time I use https, session get lost. I am not using tomcat 8443 port to get the secure content. Is is possible to get the https connection only using stunnel and haproxy? And my requirement is to have https connection once user get logged in.

    Read the article

  • BES 5.0 SSL Certificate

    - by Superfly
    I have recently installed BES 5.0 on a Hyper-V (i know it's not officially supported) 64-bit Server 2008 box with a remote SQL 2005 database. I successfully installed and was able to access the Blackberry Administration Service but was getting untrusted certificate errors so I followed the documentation for importing CA and BAS certificates with the Java keytool. They imported successfully but now the BAS webpage shows a "page cannot be displayed" error. TSupport is no help at all. Any ideas?

    Read the article

  • Why is site serving different SSL certs to different browsers?

    - by TRiG
    The SSL certificate on menswearireland.com and on www.menswearireland.com works fine on Safari, Chrome, SeaMonkey, K-Meleon, QtWeb, Firefox, and Opera. However, Internet Explorer claims that there is an error: The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) Another site hosted on the same managed server shows no errors: achill-fieldschool.com and www.achill-fieldschool.com work fine on IE, even though as far as I can tell the certificate is set up identically. What am I doing wrong? This is a LAMPP server running Plesk. It looks like the server is showing different certificates to different clients. To some clients it shows a RapidSSL certificate made out to www.menswearireland.com with menswearireland.com as a valid alternative name. To other clients, it shows a Parallels Panel certificate, made out to Parallels Panel. Here are results from a few different online SSL checkers: most say it's fine, while two show errors. Three online checkers say it's valid Comodo SSL Check shows it as valid DigiCert SSL Check shows it as valid SSL Shopper SSL Check shows it as valid Common name: www.menswearireland.com SANs: www.menswearireland.com, menswearireland.com Valid from October 2, 2012 to November 4, 2013 Serial Number: 559425 (0x88941) Signature Algorithm: sha1WithRSAEncryption Issuer: RapidSSL CA Another online checker seems to see a completely different certificate GeoCerts SSL Check shows it as invalid Common name: Parallels Panel Organization: Parallels Valid from August 15, 2012 to August 15, 2013 Issuer: Parallels Panel Another online checker sees more than one certificate Symantic SSL Check shows it as invalid The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Incidentally, on both menswearireland.com and achill-fieldschool.com the homepage will redirect from HTTPS to HTTP. To see SSL details, visit the page /account on both (that page will redirect from HTTP to HTTPS). I’ve found more information in a more detailed online SSL checker. https://www.ssllabs.com/ssltest/analyze.html?d=menswearireland.com This site works only in browsers with SNI support My understanding is that SNI (RFC 6066) is a method for putting many SSL sites on one shared IP address and port. This does not work on Internet Explorer on older versions of Windows (this has to do with the version of Windows, not the version of Internet Explorer). However, all our SSL sites are on a unique IP address, so we shouldn’t need SNI.

    Read the article

  • solved: puppet master REST API returns 403 when running under passenger works when master runs from command line

    - by Anadi Misra
    I am using the standard auth.conf provided in puppet install for the puppet master which is running through passenger under Nginx. However for most of the catalog, files and certitifcate request I get a 403 response. ### Authenticated paths - these apply only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path ~ ^/certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # unconditionally allow access to all file services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * path /facts auth any method find, search allow * # this one is not stricly necessary, but it has the merit # of showing the default policy, which is deny everything else path / auth any Puppet master however does not seems to be following this as I get this error on client [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose --server bangvmpllda02.XXXXX.com [sudo] password for amisr1: Starting Puppet client version 3.0.1 Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /certificate_revocation_list/ca [find] at :110 Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [search] at :110 Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [find] at :110 Could not retrieve file metadata for puppet://devops.XXXXX.com/plugins: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [find] at :110 Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /catalog/blramisr195602.XXXXX.com [find] at :110 Using cached catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /report/blramisr195602.XXXXX.com [save] at :110 and the server logs show XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/certificate_revocation_list/ca? HTTP/1.1" 403 102 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/file_metadatas/plugins?links=manage&recurse=true&&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22&checksum_type=md5 HTTP/1.1" 403 95 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/file_metadata/plugins? HTTP/1.1" 403 93 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:53 +0530] "POST /production/catalog/blramisr195602.XXXXX.com HTTP/1.1" 403 106 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:53 +0530] "PUT /production/report/blramisr195602.XXXXX.com HTTP/1.1" 403 105 "-" "Ruby" thefile server conf file is as follows (and goin by what they say on puppet site, It is better to regulate access in auth.conf for reaching file server and then allow file server to server all) [files] path /apps/puppet/files allow * [private] path /apps/puppet/private/%H allow * [modules] allow * I am using server and client version 3 Nginx has been compiled using the following options nginx version: nginx/1.3.9 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/apps/nginx --conf-path=/apps/nginx/nginx.conf --pid-path=/apps/nginx/run/nginx.pid --error-log-path=/apps/nginx/logs/error.log --http-log-path=/apps/nginx/logs/access.log --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/nginx --add-module=/apps/Downloads/nginx/nginx-auth-ldap-master/ and the standard nginx puppet master conf server { ssl on; listen 8140 ssl; server_name _; passenger_enabled on; passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /apps/nginx/html/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } Puppet is picking up the correct settings from the files mentioned because config print command points to /etc/puppet [amisr1@bangvmpllDA02 puppet]$ sudo puppet config print | grep conf async_storeconfigs = false authconfig = /etc/puppet/namespaceauth.conf autosign = /etc/puppet/autosign.conf catalog_cache_terminus = store_configs confdir = /etc/puppet config = /etc/puppet/puppet.conf config_file_name = puppet.conf config_version = "" configprint = all configtimeout = 120 dblocation = /var/lib/puppet/state/clientconfigs.sqlite3 deviceconfig = /etc/puppet/device.conf fileserverconfig = /etc/puppet/fileserver.conf genconfig = false hiera_config = /etc/puppet/hiera.yaml localconfig = /var/lib/puppet/state/localconfig name = config rest_authconfig = /etc/puppet/auth.conf storeconfigs = true storeconfigs_backend = puppetdb tagmap = /etc/puppet/tagmail.conf thin_storeconfigs = false I checked the firewall rules on this VM; 80, 443, 8140, 3000 are allowed. Do I still have to tweak any specifics to auth.conf for getting this to work? Update I added verbose logging to the puppet master and restarted nginx; here's the additional info I see in logs Mon Dec 10 18:19:15 +0530 2012 Puppet (err): Could not resolve 10.209.47.31: no name for 10.209.47.31 Mon Dec 10 18:19:15 +0530 2012 access[/] (info): defaulting to no access for 10.209.47.31 Mon Dec 10 18:19:15 +0530 2012 Puppet (warning): Denying access: Forbidden request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] at :111 Mon Dec 10 18:19:15 +0530 2012 Puppet (err): Forbidden request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] at :111 10.209.47.31 - - [10/Dec/2012:18:19:15 +0530] "GET /production/file_metadata/plugins? HTTP/1.1" 403 93 "-" "Ruby" On the agent machine facter fqdn and hostname both return a fully qualified host name [amisr1@blramisr195602 ~]$ sudo facter fqdn blramisr195602.XXXXXXX.com I then updated the agent configuration to add dns_alt_names = 10.209.47.31 cleaned all certificates on master and agent and regenerated the certificates and signed them on master using the option --allow-dns-alt-names [amisr1@bangvmpllDA02 ~]$ sudo puppet cert sign blramisr195602.XXXXXX.com Error: CSR 'blramisr195602.XXXXXX.com' contains subject alternative names (DNS:10.209.47.31, DNS:blramisr195602.XXXXXX.com), which are disallowed. Use `puppet cert --allow-dns-alt-names sign blramisr195602.XXXXXX.com` to sign this request. [amisr1@bangvmpllDA02 ~]$ sudo puppet cert --allow-dns-alt-names sign blramisr195602.XXXXXX.com Signed certificate request for blramisr195602.XXXXXX.com Removing file Puppet::SSL::CertificateRequest blramisr195602.XXXXXX.com at '/var/lib/puppet/ssl/ca/requests/blramisr195602.XXXXXX.com.pem' however, that doesn't help either; I get same errors as before. Not sure why in the logs it shows comparing access rules by IP and not hostname. Is there any Nginx configuration to change this behavior?

    Read the article

  • Certificate Authentication

    - by steve.mccall1
    Hi, I am currently working on deploying a website for staff to use remotely and would like to make sure it is secure. I was thinking would it be possible to set up some kind of certificate authentication where I would generate a certificate and install it on their laptop so they could access the website? I don't really want them to generate the certificates themselves though as that could easily go wrong. How easy / possible is this and how do I go about doing it? Thanks, Steve

    Read the article

  • Failover Issuer CAs without Clustering

    - by James Santiago
    I am attempting to setup a Certificate Authority with some failover capabilities for the issuer CAs. I have an offline root CA and am attempting to setup two subordinate CAs on our domain which will handle issuing certificates. I'm trying to determine the architecture needed for these two CAs to allow one to go down and the other to take over without the use of failover clustering, as the two are in different geographic locales. Are there documents regarding this setup?

    Read the article

  • Can't upgrade my Ubuntu server, it gets stuck on openjdk-6-jre-headless

    - by Jean-Nicolas Boulay Desjardins
    I am using Ubuntu Server. When I do: apt-get upgrade it gets stuck on: Setting up openjdk-6-jre-headless (6b20-1.9.7-0ubuntu1) ... Why? And what can I do to stop it? I tried removing it with apt-get... I get this error: E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. So then I tried this: dpkg --purge openjdk-6-jre-headless I got this: dpkg: dependency problems prevent removal of openjdk-6-jre-headless: openjdk-6-jre-lib depends on openjdk-6-jre-headless (>= 6b17). ca-certificates-java depends on openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless; however: Package openjdk-6-jre-headless is to be removed. Package java6-runtime-headless is not installed. Package openjdk-6-jre-headless which provides java6-runtime-headless is to be removed. ca-certificates-java depends on openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless; however: Package openjdk-6-jre-headless is to be removed. Package java6-runtime-headless is not installed. Package openjdk-6-jre-headless which provides java6-runtime-headless is to be removed. dpkg: error processing openjdk-6-jre-headless (--purge): dependency problems - not removing Errors were encountered while processing: openjdk-6-jre-headless The thing is I think my DB is using it... Not sure... I am using Cassandra with Thrift... Yes, it's getting a bit more complex... # dpkg --configure -a I get: dpkg: dependency problems prevent configuration of openjdk-6-jre: openjdk-6-jre depends on openjdk-6-jre-headless (>= 6b20-1.9.7-0ubuntu1); however: Package openjdk-6-jre-headless is not configured yet. dpkg: error processing openjdk-6-jre (--configure): dependency problems - leaving unconfigured Processing triggers for libc-bin ... ldconfig deferred processing now taking place dpkg: dependency problems prevent configuration of libaccess-bridge-java: libaccess-bridge-java depends on default-jre | openjdk-6-jre | sun-java6-jre; however: Package default-jre is not installed. Package openjdk-6-jre is not configured yet. Package sun-java6-jre is not installed. dpkg: error processing libaccess-bridge-java (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of icedtea-6-jre-cacao: icedtea-6-jre-cacao depends on openjdk-6-jre-headless (= 6b20-1.9.7-0ubuntu1); however: Package openjdk-6-jre-headless is not configured yet. dpkg: error processing icedtea-6-jre-cacao (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of libaccess-bridge-java-jni: libaccess-bridge-java-jni depends on libaccess-bridge-java (>= 1.26.2-5); however: Package libaccess-bridge-java is not configured yet. dpkg: error processing libaccess-bridge-java-jni (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: openjdk-6-jre libaccess-bridge-java icedtea-6-jre-cacao libaccess-bridge-java-jni Thanks again for any help.

    Read the article

  • STARTTLS issues with sendmail

    - by Jim
    I just switch hosts and now have to configure sendmail with certificates in order to send mail. Is there anyone here that can point me to some solid documentation that is known to work? I'm on CentOS, using sendmail 8.13. I am currently trying to figure out why I am getting "Relaying denied. Proper authentication required". I'd be happy to post my mc file if someone thinks thay can help..

    Read the article

  • Could not evaluate: certificate verify failed while using ssl proxy

    - by Onitlikesonic
    One of our machines was recently put behind an SSL proxy and since then I can't connect to puppet with "Could not evaluate: certificate verify failed." I have checked that the dates match, regenerated the certificates but to no avail. Debugging the verification with "openssl s_client -showcerts -connect puppetmaster:puppetmasterport" shows "Verify return code: 0 (ok)" Initially the Proxy SSL Certificate was not recognized with a "Verify return code: 20 (unable to get local issuer certificate)" problem which was then fixed with the answer in the question: Adding root certificate to CentOS 5

    Read the article

  • SSL issue with emails

    - by JackWillDavis
    OK, so I have somebody hosting a site on my CentOS 5.8 Plesk 11 control panel. He has a EV SSL which is validating the site fine however he has failed the PCI check because it is saying his email servers (SMTP, IPAM, POP) have the wrong name on the servers. This is because his SSL certificate is not a wildcard certificate and the email servers are flagging the default Plesk SSL certificate. Is there a way to stop Plesk automatically connecting emails via the default SSL? I'm fairly new to things like this so I hope I've written everything I need, let me know if any more details are needed. Jack

    Read the article

  • generate exchange CSR , exchange 2007 UCC. SSL CERT

    - by Jeff
    I want to make sure I am going this correctly. machine name: win2k8ex1. certificate: common name: owa.x.com subject alternative domains: autodiscover.x.com mail.x.com WIN2K8EX1 WIN2K8EX1.x.LOCAL when generating the CSR, i want to: New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=x Inc., cn=owa.x.com" -DomainName mail.x.com,WIN2K8EX1,WIN2K8EX!.x.local,autodiscover.x.com -privatekeyexportable $true -Path c:\certificates\mcert.txt does this look correct? thanks!

    Read the article

  • Digital signatures and encryption in GMail

    - by Antonio
    I just wonder if there is a way to use SSL certificates or PGP keys for signing my email. At the moment I have to setup S/MIME in Outlook (or another thick client) to send signed messages via SMTP. It works for me, but I'm looking for a way to do the same using GMail's web interface.

    Read the article

  • Pros and Cons of Creating an Internal Cerificate Authority

    - by Chad
    What are the pros and cons of spinning up an internal certificate authority (primarily Windows 2003 CA)? We have the need to encypt server-server traffic on a project that has 20+ certificates. We could buy certs from Verisign, but I was thinking that an internal CA might be a better long term solution. So I was looking to the community to provide a pros/cons list of what we might gain (or lose) by hosting our own CA? Thanks in advance for the help.

    Read the article

  • Utilize two gateways on the same network same interface with load balancing

    - by RushPL
    My setup is two ISPs on a single interface and single network. I can either set my default gateway to 192.168.0.1 or 192.168.1.250 and either work. My desire is to utilize both of them with some load balancing. I have tried to follow the advice given in here http://serverfault.com/a/96586 #!/bin/sh ip route show table main | grep -Ev '^default' \ | while read ROUTE ; do ip route add table ISP1 $ROUTE done ip route add default via 192.168.1.250 table ISP1 ip route add default via 192.168.0.1 table ISP2 iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING -j MARK --set-mark 10 iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.5 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -j CONNMARK --save-mark Now then I do "traceroute somehost" repeatedly I can only get route through my default route which is 192.168.1.250. Shouldn't the packets change routes in a random manner? How to debug it?

    Read the article

  • Buying a certificate - what to spend and where

    - by bergin
    Hi there My boss wants to buy a certificate for his SBS so external connection can be made. they access on an IP number. What should he spend on the certificate? Where should he buy from? Verisign seems like overkill as its not an ecommerce site, just needs some security. Ive seen some cheap ones at $20 / yr - are there any problems with getting cheap certificates?

    Read the article

  • Network interface selection

    - by Antonino
    Hello. Suppose I have more than a network interfaces and I want to selectively use them per application. eth0 is the standard interface with the standard gateway in the main routing table eth1 is another interface with a different gateway. Suppose I launch an application as a user "user_eth1". I used the following set of rules for iptables / ip rules. IPTABLES: iptables -t mangle -A OUTPUT -m user --uid-owner user_eth1 -j MARK --set-mark 100 iptables -t nat -A POSTROUTING -m user -uid-owner -o eth1 user_eth1 -j SNAT --to-source <eth_ipaddress> IPRULE: ip rule add fwmark 100 lookup table100 and i build "table100" as follows (no doubts on that) ip route show table main | grep -Ev ^default | while read ROUTE; do ip route add table table100 $ROUTE; done ip route add default via <default_gateway> table table100 It doesn't work at all. What's wrong with this? Thank you in advance!

    Read the article

  • SubjectAltNames supported on IIS 5 ?

    - by traff
    I just generated a certificate with a CN and two subject alternative names (3 differents fqdn) and i always get a handshake failure, whatever the ssl version i use: 14177:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: 14176:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: I'm now asking myself if IIS 5 on win2000 does really support those certificates, any ideas ? Thanks in advance.

    Read the article

  • Really remove non-permanent certificate exception in firefox

    - by user1719315
    I visited japan.indymedia.org and firefox gave me the "Invalid certificate" screen. I added an exception, but did not click "Store this exception permanently." But now firefox still happily visits the same site without giving any warnings, even after a restart of the browser. I tried going to the Options-Advanced-Encryption-View Certificates-Servers to remove the certificate but I did not find it there. How to remove this exception and make firefox give me the warning when visiting the site?

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >