Search Results

Search found 3358 results on 135 pages for 'ssl'.

Page 26/135 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • https not working... binding set, certificate installed

    - by rksprst
    I've installed the certificate and set the https bindings. However, when I load the site on https it does not load. I've looked at all the settings but everything seems correct. I've restarted the site numerous times. The certificate is stored on the local computer under personal-certificates... I have the private key for the certificate. The port (443) is open. If I try https://localhost on the server, the site loads... but with a domain error (i.e. it's localhost and not thedomain.com). But https://thedomain.com doesn't load. I really don't know why the https url isn't loading... anyone have any ideas? Thanks!

    Read the article

  • Juniper SSL-VPN Application Data encoding

    - by bong0
    Hi, I want to know how the request & response from the VPN server on e.g.: https://host.tld/dana/jw?con=1234567890&seqno=7 is encoded, the output seems to be binary. I assume it is the application data which gets exchanged with this request, am I right in this? If not, what else gets transferred over this, what is contained in the response? I'm pretty new to this product and want to understand how it works in deep. Thanks in advance folks.

    Read the article

  • SSL certificate fail apache

    - by Murkin
    Hello, I have setup a certificate on Apache server. When I access my site's https pages, I see the certificate flashing (in FireFox's url tab) and disappearing immediately. The browser stays in the same windows (https) but now certificate info is not displayed and the connection is not encrypted. Can anyone recommend on how I can even start checking what is wrong ? (Certificate fail ? Bad config ?) Thanks

    Read the article

  • Jenkins: Use it with SSL / https

    - by Tim
    I have a Fedora server running Jenkins which I install via yum. Everything is okay, I can access it with http://ci.mydomain.com. But now, I want to access it with https://ci.mydomain.com, so the login with username and password is encrypted. How can I do this? Best Regards Tim Update My /etc/sysconfig/jenkins file. Starting Jenkins works, but I can not access Jenkins with the webbrowser with https://ci.mydomain.com or http://ci.mydomain.com:443, ... ## Path: Development/Jenkins ## Description: Configuration for the Jenkins continuous build server ## Type: string ## Default: "/var/lib/jenkins" ## ServiceRestart: jenkins # # Directory where Jenkins store its configuration and working # files (checkouts, build reports, artifacts, ...). # JENKINS_HOME="/var/lib/jenkins" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Java executable to run Jenkins # When left empty, we'll try to find the suitable Java. # JENKINS_JAVA_CMD="" ## Type: string ## Default: "jenkins" ## ServiceRestart: jenkins # # Unix user account that runs the Jenkins daemon # Be careful when you change this, as you need to update # permissions of $JENKINS_HOME and /var/log/jenkins. # JENKINS_USER="jenkins" ## Type: string ## Default: "-Djava.awt.headless=true" ## ServiceRestart: jenkins # # Options to pass to java when running Jenkins. # JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" ## Type: integer(0:65535) ## Default: 8080 ## ServiceRestart: jenkins # # Port Jenkins is listening on. # JENKINS_PORT="8080" ## Type: integer(1:9) ## Default: 5 ## ServiceRestart: jenkins # # Debug level for logs -- the higher the value, the more verbose. # 5 is INFO. # JENKINS_DEBUG_LEVEL="5" ## Type: yesno ## Default: no ## ServiceRestart: jenkins # # Whether to enable access logging or not. # JENKINS_ENABLE_ACCESS_LOG="no" ## Type: integer ## Default: 100 ## ServiceRestart: jenkins # # Maximum number of HTTP worker threads. # JENKINS_HANDLER_MAX="100" ## Type: integer ## Default: 20 ## ServiceRestart: jenkins # # Maximum number of idle HTTP worker threads. # JENKINS_HANDLER_IDLE="20" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Pass arbitrary arguments to Jenkins. # Full option list: java -jar jenkins.war --help # JENKINS_ARGS="--httpsPort=443 --httpsKeyStore=/root/.keystore --httpsKeyStorePassword=MYPASSWORD"

    Read the article

  • Redmine subversion won't ignore certificate error even if told

    - by Pekka
    I have set up a copy of Redmine through the Bitnami Redmine Stack and am having trouble accessing a remote SVN repository through https. The trouble seems to be related to the fact that I don't have a signed certificate, and the certificate provided doesn't match the host name (I am accessing the same server through a number of host names). I am new to Ruby, Mongrel, Rails and Redmine. Following the advice in this forum thread, I changed the path Redmine uses to invoke the svn client in \apps\redmine\lib\ redmine\scm\adapters\subversion_adapter.rb from SVN_BIN = "svn" to SVN_BIN = "svn --trust-server-cert --non-interactive --config-dir c:/user/temp" I was hoping that the --trust-server-cert option would fix the certificate problem. However, I am still getting the following error message in mongrel.log: svn: OPTIONS of 'https://server.xyz:8443/svn/reponame': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://server.xyz:8443) Does anybody know what to do about this? Additional info: I re-started the mongrel service after each change I am sure the configuration change has taken effect because subversion has created a full configuration directory in c:\user\temp I can access the remote repository using command line svn no problem The remote repository runs on a Windows box with VisualSVN

    Read the article

  • Exchange 2003 Outlook Anywhere - Changed certificate, not working

    - by JohnyD
    I have a single Exchange 2003 installation which for the past 2 years has been set up for Outlook Anywhere access by means of a self-signed certificate. Just this past week I updated that certificate to a Go Daddy wildcard certificate to allow for use of our web services over https. I've updated the web listener on our ISA 2006 firewall and I can successfully use our services over https. However, my Outlook Anywhere access is now not functioning. I've installed the new wildcard certificate on my XP notebook into the Trusted Root Certificate Store but I keep getting prompted that the password is incorrect. To make things even more confusing I also have OWA set up and this works fine with the new certificate. Any ideas as to what I'm doing wrong?

    Read the article

  • Does any Certificate Authority support both SAN and wildcards?

    - by nicholas a. evans
    My basic quandry is that wildcard certificates don't support subdomains of subdomains, nor do they help with alternate domain names. Basically, if my CN is example.com, I want a Subject Alternative Name field that looks roughly like so: DNS:example.com DNS*.example.com DNS:*.beta.example.com DNS:example.net DNS:*.example.net DNS:*.beta.example.net Using a self-signed cert, I verified that the browsers will work just fine with this. Unfortunately, none of the Certificate Authorities that I looked into (Thawte, GoDaddy, Verisign, Digicert) seemed to support both wildcard certs and Subject Alternative Name (sometimes referred to as "Multiple Domain UCC"). I even called up GoDaddy tech support to confirm. Is there a CA (trusted by 99% of browsers) that supports wildcards for the Subject Alternative Name? One little restriction: I'm saddled with Amazon EC2's single Elastic IP per instance limitation. Here are what I see as my backup plans: set up three extra EC2 instances, each configured for a different IP address and cert, and nginx reverse proxy from three of them into the app server(s) introduces latency(?), and even the cheapest EC2 instance isn't that cheap instead of dedicated reverse proxy instances, setup the four or more almost identical EC2 app servers, with nginx using the port to determine which cert to deliver, and use haproxy to distribute the traffic amongst themselves. complicated to configure and manage? I'm not using the cheapest EC2 instance type for my app servers. If I don't need 4+ app servers for the load, it raises the cost. set up an external server (outside of EC2) that doesn't have EC2's Elastic IP address restrictions, setup all of the alternate IP addresses and certificates on that server, and nginx reverse proxy from that server into the EC2 app servers. extra IP addresses are almost free (still need to pay for the server of course), but don't come with the robust "elasticity" that Amazon's Elastic IPs provide. even more latency than in the first scenario. Are these approaches crazy or reasonable? Do you have another one to suggest?

    Read the article

  • ISA Server 2006 SSL Certificate Dilemma

    - by JohnyD
    I'm making so great headway in offering our services over https with help from a Go Daddy certificate, later to be upgraded to Thawte SSL123 certs. But, I've just run into one whopper of a problem. Here's my setup: I run an ISA 2006 firewall. Our web services are distributed over 2 servers. One is Windows 2000 (www.domain.com) and the other is Windows 2003 (services.domain.com). So, I'll need to purchase 2 certs for both www and services, import them into IIS6 on their respective machines, then export them with the primary key (making sure to Include all certificates in the certification path if possible... that had me stumped for a while), and then to finally import them into ISA's local computer Personal store. The problem I've just run into is that I have separate firewall rules for services.domain.com and www.domain.com... because requests need to be forwarded to different web servers. Each of these firewall rules use the same httplistener. I have just found out that you can only use 1 certificate per httplistener. To make matters worse you can only have a single httplistener per ip / port. Is this correct? I can only use a single certificate for a single ip address? This would seem to be a severe limitation. Am I wrong? If I'm not then I've got a whole lot more work ahead of me as I'll have to set up extra ip's, add them to the firewall's network interface, create new listeners using that ip, etc... Can someone please confirm that I'm doing this correctly / incorrectly? Once I got my head wrapped around it all it seemed easy... then this. Thanks in advance.

    Read the article

  • BES 5.0 SSL Certificate

    - by Superfly
    I have recently installed BES 5.0 on a Hyper-V (i know it's not officially supported) 64-bit Server 2008 box with a remote SQL 2005 database. I successfully installed and was able to access the Blackberry Administration Service but was getting untrusted certificate errors so I followed the documentation for importing CA and BAS certificates with the Java keytool. They imported successfully but now the BAS webpage shows a "page cannot be displayed" error. TSupport is no help at all. Any ideas?

    Read the article

  • Force SSL on one page via .htaccess without looping

    - by Will Martin
    Okay, I have this code: RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/borrowing/ill/request\.php$ RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] The way I would expect this to work is: A request for /borrowing/ill/request.php comes in on HTTP. The rule matches. The server redirects to HTTPS. The rule does not match, because HTTPS is now on. The way it actually works is: A request for /borrowing/ill/request.php comes in on HTTP. The rule matches. The server redirects to HTTPS. The rule matches. The server redirects to HTTPS. The rule matches. The server redirects to HTTPS ... And so on. I know that the second condition (matching the file name) is working, because the redirect loop only hits that specific page. The question is, why isn't the switch to HTTPS causing the first condition to not match? EDIT: I put the exact same .htaccess rules into a test area on another server -- same file and path info. And they worked just fine. There's got to be something wrong with the server configuration elsewhere.

    Read the article

  • SSL TurnKey Linux

    - by ralexandru
    Hi there. I have a TurnKey Mantis linux appliance and I want to make the connection secure.I've bought from GlobeHost a certificate and got the following files :sub-domain_domain_net.ca-bundle and sub-domain_domain_net.crt.I've got the Sftp connection to work.How can I install the certificate ?

    Read the article

  • UFW blocks SSL connections Varnish/Apache2 on Ubuntu 12.04

    - by user1383815
    I have installed Virtualmin on a Ubuntu 12.04 server and I'm using LAMP stack with Varnish (:80) in front of Apache (:8000). However, I cannot access https when UFW is enabled. When I disable UFW, all works fine. Here is what UFW logging shows when I attempt to access a website via https: Dec 14 05:42:29 localhost kernel: [64491.327263] [UFW BLOCK] IN=eth0 OUT= MAC=e4:11:5b:e5:ef:8c:00:d0:02:8f:f0:00:08:00 SRC=MY_IP_ADDRESS DST=SERVER_IP_ADDRESS LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=2524 DF PROTO=TCP SPT=56430 DPT=20000 WINDOW=8192 RES=0x00 SYN URGP=0 Here is my UFW ruleset: $ ufw status Status: active To Action From -- ------ ---- 2221 ALLOW Anywhere 10000 ALLOW Anywhere 80 ALLOW Anywhere 21 ALLOW Anywhere 8000 ALLOW Anywhere Apache Secure ALLOW Anywhere 2221 ALLOW Anywhere (v6) 10000 ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6) 21 ALLOW Anywhere (v6) 8000 ALLOW Anywhere (v6) Apache Secure (v6) ALLOW Anywhere (v6) Does anyone have any pointers how to fix this problem? Thank you for your time.

    Read the article

  • ssl certificate for www.domain.com and domain.com

    - by user12145
    I used make-dummmy-cert that comes with apache 2.2 and ssl_mod to make a self-signed certificate, I tried www.domain.com domain.com *.domain.com, none of them would work for both www.domain.com and domain.com. The browser would say The certificate is only valid for domain.com( or www.domain.com or *.domain.com respectively) how do I make a self-signed cert that would work for both cases?

    Read the article

  • SSL certificate for ISAPI redirected Web Site

    - by Daniel
    I have a Win 2003 server and I'm using Ionics Isapi Rewrite Filter to redirect requests made to a Web Site configured in IIS to another Apache2 Server in a server not exposed to the Internet. The Web Site has its host headers configured to catch requests for the specific site, and the redirection is being done with the ProxyPass directive. This is working OK. So far the scenario, my question is: I'd like to add a server certificate to the Apache server, but I don´t know if I need to add the certificate to both Apache and IIS sites. I think I still don´t get the theory behind this and would like to know from someone with expertise in the field the right way to implement this. Thank you in advance.

    Read the article

  • Configuring IIS 7.5 to be FIPS 140.2 compliant

    - by tomfanning
    I need to configure IIS 7.5 (Server 2008 R2) to be FIPS 140.2 compliant. Specifically, this involves disabling all SSL protocols other than TLS 1.0. I have set the following registry keys: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server to Enabled(DWORD) = 0 as per this KB, but SSL Labs' checker says "SSL 2.0+ Upgrade Support" is enabled. (Everything other than that and TLS 1.0 is not available, so we're getting somewhere). It also says "FIPS ready - no" - presumably because SSL 2.0+ Upgrade Support is still enabled. serversniff.net says SSL 2.0 is turned off, and doesn't say anything about SSL 2.0+ Upgrade Support. Could this be an anomaly with SSL Labs' checker?

    Read the article

  • Apache SSL configuration testing

    - by jldugger
    When I run configtest on our Apache server, I get the following: `Syntax error on line 1023 of /www/conf/httpd.conf: Invalid command 'SSLEnable', perhaps mis-spelled or defined by a module not included in the server configuration` I know this part of the configuration works. Is there a trick to make configtest mod_ssl aware?

    Read the article

  • vsFTPD mixed SSL and plain text mode

    - by stan31337
    Is it possible to configure vsFTPD to use Explicit FTP over TLS for all connections except those coming from 127.0.0.1? Joomla website is being hosted on a server, and it's unable to use FTPES, so I had to set: force_local_data_ssl=NO force_local_logins_ssl=NO But I want to force content managers to use FTPES, and I am unable to control whether they have chosen FTP or FTPES in their client's connection properties. Thank you!

    Read the article

  • apache and SSL certificate

    - by user12145
    [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) When connecting to https://www.xxx.com, it just says connecting, then timed out. ServerAdmin [email protected] ServerName www.xxx.com:443 DocumentRoot /var/www/vhosts/xxx SSLCertificateFile /etc/pki/tls/certs/xx.com.crt

    Read the article

  • Chrome - SSL Security issue on Windows platforms?

    - by al nik
    Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is RC4 cipher, 128-bit key This encryption is weak, and it's the one used by old browsers like IE6. Chrome works fine on Fedora9 and it uses AES cipher, 256-bit key as more modern browsers do (i.e.Firefox) I consider this a security issue. I'm considering to switch back to Firefox in Windows. Do you know if it's possible to change the default encryption key in Chrome?

    Read the article

  • Do any well-known CAs issue Elliptic Curve certificates?

    - by erickson
    Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it? I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications. Bounty Criteria To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion. Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

    Read the article

  • generate exchange CSR , exchange 2007 UCC. SSL CERT

    - by Jeff
    I want to make sure I am going this correctly. machine name: win2k8ex1. certificate: common name: owa.x.com subject alternative domains: autodiscover.x.com mail.x.com WIN2K8EX1 WIN2K8EX1.x.LOCAL when generating the CSR, i want to: New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=x Inc., cn=owa.x.com" -DomainName mail.x.com,WIN2K8EX1,WIN2K8EX!.x.local,autodiscover.x.com -privatekeyexportable $true -Path c:\certificates\mcert.txt does this look correct? thanks!

    Read the article

  • Is there a way to change the string format for an existing CSR "Country Code" field from UTF8 to Printable String?

    - by Mike B
    CentOS 5.x The short version: Is there a way to change the encoding format for an existing CSR "Country Code" field from UTF8 to Printable String? The long version: I've got a CSR generated from a product using standard java security providers (jsse/jce). Some of the information in the CSR uses UTF8 Strings (which I understand is the preferred encoding requirement as of December 31, 2003 - RF 3280). The certificate authority I'm submitting the CSR to explicitly requires the Country Code to be specified as a PrintableString. My CSR has it listed as a UTF8 string. I went back to the latest RFC - http://www.ietf.org/rfc/rfc5280.txt. It seems to conflict specifically on countryName. Here's where it gets a little messy... The countryName is part of the relative DN. The relative DN is defined to be of type DirectoryString, which is defined as a choice of teletexString, printableString, universalString, utf8String, or bmpString. It also more specifically defines countryName as being either alpha (upper bound 2 bytes) or numeric (upper bound 3 bytes). Furthermore, in the appendix, it refers to the X520countryName, which is limited to be only a PrintableString of size 2. So, it is clear why it doesn't work. It appears that the certificate authority and Sun/Java do not agree on their interpretation of the requirements for the countryName. Is there anything I can do to modify the CSR to be compatible with the CA?

    Read the article

  • Intermittent 400 bad request header field is missing ':' with Apache and SSL

    - by David Tinker
    Apache is returning rare intermittent 400 "bad request header field is missing ':' olhuaqv3o1t29flvr0 (random string)" errors. This seems to be related to https access and happens from Firefox, IE, Chrome etc. I am using a certificate from rapidssl. Apache/2.2.14 (Ubuntu) DAV/2 SVN/1.6.6 mod_jk/1.2.28 PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.14 OpenSSL/0.9.8k Anyone know how to fix this?

    Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >