Search Results

Search found 2455 results on 99 pages for 'dbcontrol certificate expire'.

Page 22/99 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • Using a GoDaddy SSL certificate with Virtualmin (Webmin)

    - by Kevin
    A client of mine decided to go ahead and move from a self-signed certificate to a commercial one ("GoDaddy Standard SSL"). The first service I wanted to move to the commercial SSL cert was Webmin/Usermin... However, upon migrating to the new SSL cert and restarting Webmin, I got the following error: [21/Oct/2012:13:12:47 -0400] Restarting Failed to open SSL cert /etc/webmin/miniserv.cert at /usr/share/webmin/miniserv.pl line 4229. Error: Webmin server did not write new PID file And that's all it says. Here's Webmin's config file (/etc/webmin/miniserv.conf): port=10000 root=/usr/share/webmin mimetypes=/usr/share/webmin/mime.types addtype_cgi=internal/cgi realm=Webmin Server logfile=/var/webmin/miniserv.log errorlog=/var/webmin/miniserv.error pidfile=/var/webmin/miniserv.pid logtime=168 ppath= ssl=0 env_WEBMIN_CONFIG=/etc/webmin env_WEBMIN_VAR=/var/webmin atboot=1 logout=/etc/webmin/logout-flag listen=10000 denyfile=\.pl$ log=1 blockhost_failures=5 blockhost_time=60 syslog=1 session=1 server=MiniServ/1.600 userfile=/etc/webmin/miniserv.users keyfile=/etc/webmin/miniserv.pem passwd_file=/etc/shadow passwd_uindex=0 passwd_pindex=1 passwd_cindex=2 passwd_mindex=4 passwd_mode=0 preroot=virtual-server-theme passdelay=1 sudo=1 sessiononly=/virtual-server/remote.cgi preload=virtual-server=virtual-server/virtual-server-lib-funcs.pl virtual-server=virtual-server/feature-unix.pl virtual-server=virtual-server/feature-dir.pl virtual-server=virtual-server/feature-dns.pl virtual-server=virtual-server/feature-mail.pl virtual-server=virtual-server/feature-web.pl virtual-server=virtual-server/feature-webalizer.pl virtual-server=virtual-server/feature-ssl.pl virtual-server=virtual-server/feature-logrotate.pl virtual-server=virtual-server/feature-mysql.pl virtual-server=virtual-server/feature-postgres.pl virtual-server=virtual-server/feature-ftp.pl virtual-server=virtual-server/feature-spam.pl virtual-server=virtual-server/feature-virus.pl virtual-server=virtual-server/feature-webmin.pl virtual-server=virtual-server/feature-virt.pl virtual-server=virtual-server/feature-virt6.pl anonymous=/virtualmin-mailman/unauthenticated=anonymous premodules=WebminCore logouttimes= extracas=/etc/webmin/miniserv.chain certfile=/etc/webmin/miniserv.cert ssl_redirect=0 Here is a screen shot of the Webmin SSL config screen as well, for what it's worth: http://postimage.org/image/r472go7tf/ Edited Mon Oct 22 10:45:24 CDT 2012: When running the command openssl x509 -noout -text -in /etc/webmin/miniserv.cert as Falcon Momot suggested, I get the following error: unable to load certificate 139760808240800:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    Read the article

  • Cannot connect on TFS 2012 server through SSL with invalid certificate

    - by DaveWut
    I saw the problem on some forums and even here, but not as specific as mine. So here's the thing, So I've configured a TFS 2012 server, on one of my personnel server at home, and now, I'm trying to make it available through the internet, with the help of apache2 on a different UNIX based, physical server. The thing is working perfectly, I don't have any problem accessing the address https://tfs.something.com/tfs through my browser. The address can be pinged and I do have access to the TFS control panel through it. How does it work? Well, with apache2 you can set a virtual host and set up the ProxyPass and ProxyPassReserver setting, so the traffic can externally comes from a secure SSL connection, through a specified domain or sub-domain, but it can be locally redirect on a clear http session on a different port. This is my current setup. As I already said, I can access the web interface, but when I'm trying to connect with Visual Studio 2012, it can't be done. Here's the error I receive: http://i.imgur.com/TLQIn.png The technical information tells me: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. My SSL certificate is invalid and was automatically generated on my UNIX server. Even if I try to add it in the Trusted Root Certification Authorities either on my TFS server or on my local workstation, it doesn't work. I still receive the same error. Is there's a way to completely ignore certificate validation? If not, what's have I done? I mean, I've added the certificate in the trusted root certificates, it should works as mentioned on some forums... If you need more information, please ask me, I'll be pleased to provide you more. Dave

    Read the article

  • Trouble installing SSL Certificate on Apache

    - by jahufar
    We have a dedicated server with GoDaddy running Plesk that requires SSL. I've generated the certificate files and I created a vhost_ssl.conf (since I can't edit the default plesk apache configuration http.include, vhost_ssl.conf gets Included to httpd.include) that tells apache where to find the certificate files: SSLCertificateFile /usr/local/psa/var/certificates/domain.com.crt SSLCertificateKeyFile /usr/local/psa/var/certificates/domain.com.key SSLCertificateChainFile /usr/local/psa/var/certificates/sub.class1.server.ca.pem When I stop/start apache, it refuses to start up. The error_log does not have anything on it either (which is strange). Then I opened up httpd.include and found this bit: <VirtualHost 208.xxx.xxx.xxx:443> ServerName domain.com:443 ServerAlias www.domain.com UseCanonicalName Off SSLEngine on SSLVerifyClient none SSLCertificateFile /usr/local/psa/var/certificates/certagC9054 Include /var/www/vhosts/domain.com/conf/vhost_ssl.conf Then I commented out SSLCertificateFile /usr/local/psa/var/certificates/certagC9054 (which is plesk's SSL certificate) and restarted apache and it worked perfectly fine. It seems that Apache does not like multiple SSLCertificateFile within the same VirtualHost directive? As anyone who worked with plesk knows, I can't just remove SSLCertificateFile directive in httpd.include as plesk will overwrite my changes when someone uses it - which is why it's in vhost_ssl.conf. So I'm stuck and this is beyond my meager admin skills. Would appreciate someone who knows what (s)he's doing to tell me whats going on. Thanks in advance.

    Read the article

  • Verify client certificate CN in Tomcat(APR)

    - by Petter
    I'm running a tomcat installation with the APR libraries installed (with the OpenSSL HTTPS stack that comes with it). What I'm trying to do is to lock a specific HTTPS connector down to users of a specific certificate. Adding client certificate verification is no issue, but I can't get it to validate against a specific Common name only. I was perhaps a bit naïve and thought the mod_ssl attribute SSLRequire typically used in Apache Httpd would work, but that property is not recognized by the Tomcat implementation. (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL%20Support points to some mod_ssl docs, but the Tomcat implementation does not seem to cover all aspects of mod_ssl). I can get this to work by using the Java version of the connector instead of APR (losing some performance) and just add a trust store with that one certificate in it. However, using openssl without the SSLRequire expressions, I'm not sure how to do this with Tomcat7 (on Windows if that matters). <Connector protocol="HTTP/1.1" port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="mycert.pem" SSLCertificateKeyFile="privkey.pem" SSLCACertificateFile="CABundle.pem" SSLVerifyClient="require" SSLProtocol="TLSv1" SSLRequire="(%{SSL_CLIENT_S_DN_CN} eq &quot;host.example.com&quot;)"/> Can you suggest a way to make this work using Tomcat/APR/OpenSSL?

    Read the article

  • Client certificate based encryption

    - by Timo Willemsen
    I have a question about security of a file on a webserver. I have a file on my webserver which is used by my webapplication. It's a bitcoin wallet. Essentially it's a file with a private key in it used to decrypt messages. Now, my webapplication uses the file, because it's used to recieve transactions made trough the bitcoin network. I was looking into ways to secure it. Obviously if someone has root access to the server, he can do the same as my application. However, I need to find a way to encrypt it. I was thinking of something like this, but I have no clue if this is actually going to work: Client logs in with some sort of client certificate. Webapplication creates a wallet file. Webapplication encrypts file with client certificate. If the application wants to access the file, it has to use the client certificate. So basically, if someone gets root access to the site, they cannot access the wallet. Is this possible and does anyone know about an implementation of this? Are there any problems with this? And how safe would this be?

    Read the article

  • Share one ssl certificate between multiples vhost

    - by Cesar
    I have a setup like this: <VirtualHost 192.168.1.104:80> ServerName domain1 DocumentRoot /home/domain/public_html ... </VirtualHost> <VirtualHost 192.168.1.104:80> ServerName domain2 DocumentRoot /home/domain2/public_html ... </VirtualHost> <VirtualHost 192.168.1.104:80> DocumentRoot /home/domain3/public_html ServerName domain3 ... </VirtualHost> <VirtualHost 192.168.1.104:443> ServerName domain3 SSLCertificateFile /usr/share/ssl/certs/certificate.crt SSLCertificateKeyFile /usr/share/ssl/private/private.key SSLCACertificateFile /usr/share/ssl/certs/bundle.cabundle ... </VirtualHost> I want to use domain3 certificate in the other domains, preferably without having to repeat all the <VirtualHost 192.168.1.104:443> config. In other words I want something like this: If the vhost has no explicit ssl config use cert for domain3 (/usr/share/ssl/certs/certificate.crt) Notes: 1.- I for sure will be setting more vhosts in the future 2.- I know (and don't care) of the ssl warnings the browser will show (hostname mismatch) If this possible? how?

    Read the article

  • Configured MySQL for SSL , but SLL is still not in use..!

    - by Sunrays
    I configured SSL for MySQL using the following script. #!/bin/bash # mkdir -p /root/abc/ssl_certs cd /root/abc/ssl_certs # echo "--> 1. Create CA cert, private key" openssl genrsa 2048 > ca-key.pem echo "--> 2. Create CA cert, certificate" openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem echo "--> 3. Create Server certificate, key" openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem echo "--> 4. Create Server certificate, cert" openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem echo "" echo echo "" echo "--> 5. Create client certificate, key. Use DIFFERENT common name then server!!!!" echo "" openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem echo "6. Create client certificate, cert" openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem exit 0 The following files were created: ca-key.pem ca-cert.pem server-req.pem server-key.pem server-cert.pem client-req.pem client-key.pem client-cert.pem Then I combined server-cert.pem and client-cert.pem into ca.pem (I read in a post to do so..) I created a ssl user in MySQL: GRANT ALL ON *.* to sslsuer@hostname IDENTIFIED BY 'pwd' REQUIRE SSL; Next I added the following in my.cnf [mysqld] ssl-ca = /root/abc/ssl_certs/ca.pem ssl-cert = /root/abc/ssl_certs/server-cert.pem ssl-key = /root/abc/ssl_certs/server-key.pem After restarting the server,I connected to mysql but SSL was still not in use :( mysql -u ssluser -p SSL: Not in use Even the have_ssl parameter was still showing disabled.. :( mysql> show variables like '%ssl%'; +---------------+---------------------------------------------+ | Variable_name | Value | +---------------+---------------------------------------------+ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca | /root/abc/ssl_certs/ca.pem | | ssl_capath | | | ssl_cert | /root/abc/ssl_certs/server-cert.pem | | ssl_cipher | | | ssl_key | /root/abc/ssl_certs/server-key.pem | +---------------+---------------------------------------------+ Have I missed any step, or whats wrong.. Answers with missed steps in detail will be highly appreciated..

    Read the article

  • Expire Output Cache ASP.Net MVC

    - by Max Fraser
    I am using the standared outputcache tag in my MVC app which works great but I need to force it to be dumped at certain times. How do I achieve this? The page that gets cached is built from a very simple route {Controller}/{PageName} - so most pages are something like this: /Pages/About-Us Here is the output cache tag that is at the top of my .aspx v iew page just to be clear: <@ OutputCache Duration="100" VaryByParam="None" %> So in another action on the same controller where content is updated I need to dump this cache, or even all of it - it's a very small app so not a big deal deal to dump all cached items.

    Read the article

  • Software/IT security training and certificate

    - by 5YrsLaterDBA
    I am thinking about attending software security training and getting software security certificate. (or IT security in general.) I am in MA Boston area. I am new in software security field and need to know this field for current project and/or future job. Any suggestion about the training and certificate? thanks, EDIT: How about this course and certificate? http://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&from=courseprofile&certificateId=3575647#searchResults

    Read the article

  • HowTo: iPhone Web Service call to WCF Service with Certificate Authentication

    - by Maike9
    We are a .Net shop currently developing a iPhone app that requires the app to call a WCF web service. Our WCF Services are secured with a x509 certificate for authentication purposes. I have been searching the internet for an example on how to do the following: Deploy a certificate with an iPhone app. Use that certificate in a web service call to a WCF Service. Any insight on how this might be accomplished would be greatly appreciated.

    Read the article

  • HttpClient 4 SSL and client side certificates

    - by Luke
    Hi All, I am having trouble working out how I can get get HttpClient 4 to use SSL in the way I need. I have X https servers that I send requests to. One requires a client side certificate while the others have trusted certificates and therefore require no client side certificate. I have no issue connecting to the server requiring the client side certificate (its in my keystore), however every time I try to connect to the servers with trusted certificates, my client side certificate is offered by HttpClient and therefore fails authentication. My question is this: is there a way for HttpClient to offer the client side certificate only to the server requiring it and not to the others? Thanks in advance, Luke

    Read the article

  • How to create a certificate for signing a Silverlight xap

    - by jstawski
    Hello everyone, I have a silverlight app that will be installed OOB with full trust and hence i want to create a certificate to sign the app. Since I'm going to have full control of the clients where the app will be installed I don't need to buy a certificate, because I know that I can create one and install it in the Trusted Root Certification Authority. Can someone please post a step by step on how to create the certificate so it can be used to sign the XAP. Thanks...

    Read the article

  • [Ruby] OpenSSL verify certificate from own CA

    - by sardaukar
    Hello all and thanks for your time reading this. I need to verify certificates issued by my own CA, for which I have a certificate. How can I do the equivalent to openssl's openssl verify -CAfile in Ruby code? The RDoc for OpenSSL is not very helpful in this regard. I've tried: require 'openssl' ca = OpenSSL::X509::Certificate.new(File.read('ca-cert.pem')) lic = OpenSSL::X509::Certificate.new(File.read('cert.pem')) puts lic.verify( ca ) but I get: test.rb:7:in `verify': wrong argument (OpenSSL::X509::Certificate)! (Expected kind of OpenSSL::PKey::PKey) (TypeError) from test.rb:7 I can't even find "verify" in the OpenSSL Rdoc at http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/index.html. Any help is appreciated. Thanks again!

    Read the article

  • Can't send client certificate via SslStream

    - by Jonathan
    I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

    Read the article

  • Simple code to expire Drupal cookie?

    - by user310594
    With a single click this simple script will do a multi-logout of: Moodle Elgg 2 MyBB's and (not) Drupal. <?php setcookie( 'Elgg', '', -3600, '/', '.domain.com', false, false); setcookie( 'http_auth_ext_complete', '1', -3600, '/d/', '.domain.com', false, false); // setcookie( 'http_auth_ext_complete', '1', -3600, '/d/', 'domain.com', false, false); setcookie( 'mybbuser', '', -3600, '/', '.domain.com', false, false); setcookie( 'mybbuser', '', -3600, '/bb/', '.domain.com', false, false); // unset all 3 Moodle cookies, the lazy way if (isset($_SERVER['HTTP_COOKIE'])) { $cookies = explode(';', $_SERVER['HTTP_COOKIE']); foreach($cookies as $cookie) { $parts = explode('=', $cookie); $name = trim($parts[0]); setcookie($name, '', time()-1000); setcookie($name, '', time()-1000, '/'); } } ?> This works on four sites but the Drupal cookie won't quit. How can I do the same with Drupal? Note: Drupal uses 'host' instead of 'domain', neither with or without the '.' works so far. Thank you.

    Read the article

  • Can't connect to HTTPS using X509 client certificate

    - by wows
    Hi - I'm new to cryptography and I'm a bit stuck: I'm trying to connect (from my development environment) to a web service using HTTPS. The web service requires a client certificate - which I think I've installed correctly. They have supplied me with a .PFX file. In Windows 7, I double clicked the file to install it into my Current User - Personal certificate store. I then exported a X509 Base-64 encoded .cer file from the certificate entry in the store. It didn't have a private key associate with it. Then, in my app, I'm attempting to connect to the service like this: var certificate = X509Certificate.CreateFromCertFile("xyz.cer")); var serviceUrl = "https://xyz"; var request = (HttpWebRequest) WebRequest.Create(serviceUrl); request.ClientCertificates.Add(certificate); request.Method = WebRequestMethods.Http.Post; request.ContentType = "application/x-www-form-urlencoded"; I get a 502 Connection failed when I connect. Is there anything you can see wrong with this method? Our production environment seems to work with a similar configuration, but it's running Windows Server 2003. Thanks!

    Read the article

  • Django message doesn't expire

    - by ninja123
    My code in the view: from django.contrib import messages messages.add_message(request, messages.INFO, 'Hello world.') I don't want to show this code to the user the second time if he/she refreshes again. How do I go about doing that? Messages don't seem to have any sort of expiry setting. There is documentation here: http://docs.djangoproject.com/en/1.2/ref/contrib/messages/#expiration-of-messages

    Read the article

  • Problem generating APN SSL certificate after submitting to apple store

    - by MikeQ
    I'm having trouble getting Apple to generate an APN SSL certificate for my app ID. I've submitted the application to the Apple store, and it is pending review. I tested the application using an Ad Hoc app ID "${bundle_id}.adHoc" and everything went fine. I submitted to the Apple store with app ID "${bundle_id}.release". Now I want to generate my production APN SSL certificate for use with my release application ID - but the developer portal doesn't want to. When I upload my certificate request, it sits for about a minute before telling me: "We are not able to generate your Profile at this time. Please try again later or try using the Provisioning Portal" Is it impossible to generate your certificate while the application is under review or something? Should I have generated it prior to submission?

    Read the article

  • Is there only one distribution certificate per team leader or one per application?

    - by dbonneville
    I'm confused by the dev and dist cert. I got one app in the store, but I named my certs after my first app. Was this a mistake? I'm ready to go on my second app. But XCode is selected the dist cert with the old app name on it. It built without error. Though I named it wrong, will it still work? XCode is automatically picking this cert for me. Is this right? You need a new app ID for each app so you can 1) put in plist, 2) put in code signing section on Build tab of Target info, but you don't need a new dev and dist cert for each new app. Therefore is this right too? For each app you develop, you only need your original dev and dist cert, but a new app ID for each app. This is so obscure! I wish apple had done a better job!

    Read the article

  • Will client JVM for a web service(https) throw an SSL Exception when the server is having a valid ce

    - by ring bearer
    I have a web service deployed on tomcat hosted on a remote server. I have set it up such that it can be accessed only via HTTPS. For this, I generated a Certificate Signing Request (CSR) and used it to get a temporary certificate from VeriSign. My web service client is on my local machine. If I try to access the service it will throw a javax.net.ssl.SSLHandshakeException:unable to find valid certification path to requested target If I install the certificate in to local Java's keystore, the issue will be resolved. My question is if I install a valid SSL certificate from a CA in to my tomcat server, will I get this client-side error even if I do not import the certificate to local key store?

    Read the article

  • Godaddy's Code sign certificate and MIDlet

    - by abc
    i have developed an application in java (J2ME), and i want trusted domain for that application using goDaddy's certificate. can i obtain it ? let me re describe the full scenario. i have developed an application.in which i want FILE IO operations to be done without the permission of user (for every read write, it means user will be asked only once.) so to obtain that i want trusted domain for my application. for that i need to sign my application using code sign certificate. now go Daddy's certificate is not listed under Nokia 3110Classic, so i have externally added it in CA list. but still its showing app signing option disabled. so my question is can i obtain trusted domain using the goDaddy's code sign certificate ?

    Read the article

  • iPhone application not running with Distribution Certificate

    - by MN
    I have a problem regarding running my application with a Distribution certificate. The application will work fine with a Development certificate on my iPod Touch. Once I change the Code Signing Identity to a Distribution certificate and specify an Entitlements file, the application crashes on launch. Is there anything I can do to correct this? Thanks in advance!

    Read the article

  • Best way to sign data in web form with user certificate

    - by salgiza
    We have a C# web app where users will connect using a digital certificate stored in their browsers. From the examples that we have seen, verifying their identity will be easy once we enable SSL, as we can access the fields in the certificate, using Request.ClientCertificate, to check the user's name. We have also been requested, however, to sign the data sent by the user (a few simple fields and a binary file) so that we can prove, without doubt, which user entered each record in our database. Our first thought was creating a small text signature including the fields (and, if possible, the md5 of the file) and encrypt it with the private key of the certificate, but... As far as I know we can't access the private key of the certificate to sign the data, and I don't know if there is any way to sign the fields in the browser, or we have no other option than using a Java applet. And if it's the latter, how we would do it (Is there any open source applet we can use? Would it be better if we create one ourselves?) Of course, it would be better if there was any way to "sign" the fields received in the server, using the data that we can access from the user's certificate. But if not, any info on the best way to solve the problem would be appreciated.

    Read the article

  • Image expire time

    - by Jens
    The google page speed tool recommends me to set 'Expires' headers for images etc. But what is the most efficient way to set an Expires header for an image? In now redirect all image requests to an imagehandler.php using htaccess: /* HTTP/1.1 404 Not Found, HTTP/1.1 400 Bad Request and content type detection stuff ... */ header( "Content-Type: " . $content_type ); header( "Cache-Control: public" ); header( "Last-Modified: ".gmdate("D, d M Y H:i:s", filemtime($path))." GMT"); header( "Expires: ". date("r",time() + (60*60*24*30))); readfile( $path ); But of course this adds extra loading time for my images on first request, and I was wondering if there was a better solution for this.

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >