Search Results

Search found 2668 results on 107 pages for 'trusted certificate'.

Page 26/107 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • How to securely connect to multiple different LDAPS servers (Debian)

    - by Pickle
    I'm trying to connect to multiple different LDAPS servers. A lot of the documentation I've seen recommends setting TLS_REQCERT never, but that strikes me as horribly unsecure to not verify the certificate. So I've set that to demand. All the documentation I've seen says I need to update ldap.conf with a TLS_CACERT directive pointing to a .pem file. I've got that .pem file set up with the certificate from LDAP Server #1, and ldaps connections are happening fine. I've now got to communicate securely with another LDAP server in another branch of my organization, that uses a different certificate. I've seen no documentation on how to do this, except 1 page that says I can simply put multiple (not chained) certificates in the same .pem file. I've done this and everything is working hunky dorey. However, when I told a colleague what I did, he sounded like the sky was falling - putting 2 non-chained certificates into one .pem file is apparently the worst thing since ... ever. Is there a more acceptable way to do this? Or is this the only accepted way?

    Read the article

  • How do digital certificates prove the identity of a device?

    - by StackedCrooked
    I understand how the relation between issuer and subject certificates enables verification of the subject's authenticity. If I connect to a networked device, and it sends me its certificate to identify itself, then I can verify that it was issued by a trusted party and that it has not been tampered with in any way. However, suppose I simply upload this certificate onto another device. Then what prevents me from having this device identify itself with the copied certificate?

    Read the article

  • Java AD Authentication across Trusted Domains

    - by benjiisnotcool
    I am trying to implement Active Directory authentication in Java which will be ran from a Linux machine. Our AD set-up will consist of multiple servers that share trust relationships with one another so for our test environment we have two domain controllers: test1.ad1.foo.com who trusts test2.ad2.bar.com. Using the code below I can successfully authenticate a user from test1 but not on test2: public class ADDetailsProvider implements ResultSetProvider { private String domain; private String user; private String password; public ADDetailsProvider(String user, String password) { //extract domain name if (user.contains("\\")) { this.user = user.substring((user.lastIndexOf("\\") + 1), user.length()); this.domain = user.substring(0, user.lastIndexOf("\\")); } else { this.user = user; this.domain = ""; } this.password = password; } /* Test from the command line */ public static void main (String[] argv) throws SQLException { ResultSetProvider res = processADLogin(argv[0], argv[1]); ResultSet results = null; res.assignRowValues(results, 0); System.out.println(argv[0] + " " + argv[1]); } public boolean assignRowValues(ResultSet results, int currentRow) throws SQLException { // Only want a single row if (currentRow >= 1) return false; try { ADAuthenticator adAuth = new ADAuthenticator(); LdapContext ldapCtx = adAuth.authenticate(this.domain, this.user, this.password); NamingEnumeration userDetails = adAuth.getUserDetails(ldapCtx, this.user); // Fill the result set (throws SQLException). while (userDetails.hasMoreElements()) { Attribute attr = (Attribute)userDetails.next(); results.updateString(attr.getID(), attr.get().toString()); } results.updateInt("authenticated", 1); return true; } catch (FileNotFoundException fnf) { Logger.getAnonymousLogger().log(Level.WARNING, "Caught File Not Found Exception trying to read cris_authentication.properties"); results.updateInt("authenticated", 0); return false; } catch (IOException ioe) { Logger.getAnonymousLogger().log(Level.WARNING, "Caught IO Excpetion processing login"); results.updateInt("authenticated", 0); return false; } catch (AuthenticationException aex) { Logger.getAnonymousLogger().log(Level.WARNING, "Caught Authentication Exception attempting to bind to LDAP for [{0}]", this.user); results.updateInt("authenticated", 0); return true; } catch (NamingException ne) { Logger.getAnonymousLogger().log(Level.WARNING, "Caught Naming Exception performing user search or LDAP bind for [{0}]", this.user); results.updateInt("authenticated", 0); return true; } } public void close() { // nothing needed here } /** * This method is called via a Postgres function binding to access the * functionality provided by this class. */ public static ResultSetProvider processADLogin(String user, String password) { return new ADDetailsProvider(user, password); } } public class ADAuthenticator { public ADAuthenticator() throws FileNotFoundException, IOException { Properties props = new Properties(); InputStream inStream = this.getClass().getClassLoader(). getResourceAsStream("com/bar/foo/ad/authentication.properties"); props.load(inStream); this.domain = props.getProperty("ldap.domain"); inStream.close(); } public LdapContext authenticate(String domain, String user, String pass) throws AuthenticationException, NamingException, IOException { Hashtable env = new Hashtable(); this.domain = domain; env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory); env.put(Context.PROVIDER_URL, "ldap://" + test1.ad1.foo.com + ":" + 3268); env.put(Context.SECURITY_AUTHENTICATION, simple); env.put(Context.REFERRAL, follow); env.put(Context.SECURITY_PRINCIPAL, (domain + "\\" + user)); env.put(Context.SECURITY_CREDENTIALS, pass); // Bind using specified username and password LdapContext ldapCtx = new InitialLdapContext(env, null); return ldapCtx; } public NamingEnumeration getUserDetails(LdapContext ldapCtx, String user) throws NamingException { // List of attributes to return from LDAP query String returnAttributes[] = {"ou", "sAMAccountName", "givenName", "sn", "memberOf"}; //Create the search controls SearchControls searchCtls = new SearchControls(); searchCtls.setReturningAttributes(returnAttributes); //Specify the search scope searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Specify the user to search against String searchFilter = "(&(objectClass=*)(sAMAccountName=" + user + "))"; //Perform the search NamingEnumeration answer = ldapCtx.search("dc=dev4,dc=dbt,dc=ukhealth,dc=local", searchFilter, searchCtls); // Only care about the first tuple Attributes userAttributes = ((SearchResult)answer.next()).getAttributes(); if (userAttributes.size() <= 0) throw new NamingException(); return (NamingEnumeration) userAttributes.getAll(); } From what I understand of the trust relationship, if trust1 receives a login attempt for a user in trust2, then it should forward the login attempt on to it and it works this out from the user's domain name. Is this correct or am I missing something or is this not possible using the method above? --EDIT-- The stack trace from the LDAP bind is {java.naming.provider.url=ldap://test1.ad1.foo.com:3268, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.authentication=simple, java.naming.referral=follow} 30-Oct-2012 13:16:02 ADDetailsProvider assignRowValues WARNING: Caught Authentication Exception attempting to bind to LDAP for [trusttest] Auth error is [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0]

    Read the article

  • Memcached in a trusted shared environment?

    - by John Kary
    We are a university IT organization that hosts all of the university's websites on several shared servers on our server room floor. We have several VMs, each running its own instance of Apache as a web server for each respective server. If we were going to setup a memcached server, is it feasible to use it as a shared instance? If shared by several servers, or even multiple web apps running on the same server, what's the best way to keep each app's cache stores separate? Prefix the key? Would each VM require its own instance of memcached, or could we setup 1 memcached server and allow our multiple VMs to read/write to it?

    Read the article

  • Server certificate was missing commonName attribute in subject name

    - by Webnet
    I'm trying to setup an SSL SVN server and when I try to checkout remotely I get the error Server certificate was missing commonName attribute in subject name I did some googling and from what I can tell I need to add the IP address of the URL I'm accessing to openss.cnf with the commonName attribute like below. I did that but I still get the error. commonName = xx.xxx.xx.xx commonName_max = 64

    Read the article

  • Mixing self signed certs with traditional SSL

    - by brentonstrine
    I have a traditional SSL cert going to a subdomain secure.mydomain.com on my domain. My host required me to have a dedicated IP in order to do this. I would also like to use HTTPS on my site for when I log into WordPress, etc. and since this is just for me, I don't mind self signing it and clicking through the scary messages. Is there a way to use a self signed cert for mydomain.com/wp-admin (just for me) when I already am on a dedicated IP that already has a traditional SSL cert for normal users on secure.mydomain.com? (FWIW, I'm on WHM without root access.)

    Read the article

  • MCSD Certification, any recommended study material?

    - by Dayan
    I wish to study for the new MCSD Certification For web applications: I headed over to Amazon in search of some books and had no luck with finding anything up to date, most books are outdated, such as the list provided by Amazon MCSD Books. Is this because the test is more based on experience rather than just an understanding of the subject? Any tips and/or recommended materials will be appreciated, thank you!

    Read the article

  • Is there a proven concept to website reverse certificate authentication?

    - by Tom
    We're looking at exposing some of our internal application data externally via a website. The actual details of the website aren't that interesting, it'll be built using ASP.NET/IIS etc, that might be relevant. With this, I'm essentially I'm looking for a mechanism to authenticate users viewing my website. This sounds trivial, a username/password is typically fine, but I want more. Now I've read plenty about SSL/x.509 to realise that the CA determines that we're alright, and that the user can trust us. But I want to trust the user, I want the user to be rejected if they don't have the correct credentials. I've seen a system for online banking whereby the bank issues a certificate which gets installed on the users' computer (it was actually smartcard based). If the website can't discover/utilise the key-pair then you are immediately rejected! This is brutal, but necessary. Is there a mechanism where I can do the following: Generate a certificate for a user Issue the certificate for them to install, it can be installed on 1 machine If their certificate is not accessible, they are denied all access A standard username/password scheme is then used after that SSL employed using their certificate once they're "in" This really must already exist, please point me in the right direction! Thanks for your help :)

    Read the article

  • stop apache from asking for SSL password each restart

    - by acidzombie24
    Using instructions from this site but varying them just a little i created a CA using -newca, i copied cacert.pem to my comp and imported as trusted issuer in IE. I then did -newreq and -sign (note: i do /full/path/CA.sh -cmd and not sh CA.sh -cmd) and moved the cert and key to apache. I visited the site in IE and using .NET code and it appears trusted, great (unless i write www. in front which is expected). But every time i restart apache i need to type in my password for the site(s?). How can i make it so i DO NOT need to type in the password?

    Read the article

  • Adding a Microsoft Exchange 2010 account to my Windows Phone 7.5 mobile (Nokia Lumia 800) without trusted certificate

    - by MAXE
    I have problems in creating an account on my Nokia Lumia 800 (OS version: 7.10.8773.98, of course with Windows Phone 7.1 mounted with all updates) to one of my company's Microsoft Exchange 2010 server, because it cannot provide a trusted certificate...but only when contacting it from outside my network (like https ://mail.(CompanyName).com). Accessing the server from inside my network (pointing directly to the machine name or internal IP address: https ://(MachineName) or https ://10.0.1.200) gives me NO PROBLEM AT ALL! Setting correctly (I guess) all the parameters for the account (accessing from outside my network), the connection (after correctly set my credentials as asked) will not be established. It gives the next error (translated from my language manually): Error of <CompanyName> There is a problem with the certificate of (Server Address). Please contact support or the provider. Last try: X minutes ago Error code: 80072F06 I've tried all possible configurations and parameters (including the check The server requires an encrypted (SSL) connection, of course), but no way. EDITED: As suggested by Oliver Salzburg, I also tried this way without any results. I tried so: I went to my OWA (Outlook Web Access) that gives me the same problem (problems the certificate, it's not trusted) After accepting to continue, I clicked on the Error in Certificate button of the Internet Explorer 9 address bar - Show Certificates - page Details, show: - Copy to file... button - in the exporting wizard: Next - Binary encoding DER X.509 (.cer) (but there was also Base binary 64 X.509 (.cer), no way) - Next - saved to a new file From my Google Mail Account, I sent a mail to myself the certificate as attachment I read the mail from my WP7 phone, saved the attachment and then ran it: answering Yes to Do you wany to install the certificate? of course... Closed any active program and rebooted the phone Re-tried in synchronizing my account....:(...SAME PROBLEM! EDITED 2: Thanks again to Oliver Salzburg, I tried the next solution: I went to the site https://www.testexchangeconnectivity.com/ I selected Exchange ActiveSync option, as suggested I setted all my parameters, as I made for my phone I also setted the option Ignore SSL attendibility (and in another test I didn't) I performed my test This is the complete log (I removed my parameters): Seems the same problem (machine name in the certificate is different from the external Exchange website domain name?)! It is possible to get rid of this annoying (I know by myself who is this server!) problem? Thank you very much.

    Read the article

  • C# Ignore certificate errors?

    - by JL
    I am getting the following error during a web service request to a remote web service: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. Is there anyway to ignore this error, and continue. It seems the remote certificate is not signed. The site I connect to is www.czebox.cz - so feel free to visit the site, and notice even browsers through security exceptions. Thanks

    Read the article

  • WCF custom certificate validation with BasicHttpBinding

    - by Sprklnh2o
    I have a WCF application hosted on IIS 6 that needs to Have 2-way SSL authentication Validate client certificate content with some client host information Validate client certificate is issued by the valid subCA. I was able to do 1) successfully. I am trying to achieve 2) and 3) by following this - basically creating a class that inherits X509CertificateValidator and overriding the Validate method with my own validation implementation(step 2 and 3). I followed the MSDN instructions exactly however, it seem that the Validate method is not being called. I purposely throw a SecurityAccessDeniedException in the overidden Validate method and no exception is thrown when I tried to access the service via my browser. I can still access my website with any client certificate. I also read this thread but it didn't really help. Any help would be greatly appreciated! Here's my configuration: <system.serviceModel> <services> <service behaviorConfiguration="SimpleServiceBehavior" name="SampleNameSpace.SampleClass"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="NewBinding0" contract="SampleNameSpace.ISampleClass" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="SimpleServiceBehavior"> <serviceMetadata httpsGetEnabled="true" policyVersion="Default" /> <serviceCredentials> <clientCertificate> <authentication certificateValidationMode="Custom" customCertificateValidatorType="SampleNameSpace.MyX509CertificateValidator, SampleAssembly"/> </clientCertificate> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="NewBinding0"> <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> </binding> </basicHttpBinding> </bindings>

    Read the article

  • authorizet.net local testing and ssl certificate

    - by Funky Dude
    hi i am integrating authorize.net AIM api into my shopping cart. i have a developer account from auth.net and i am working locally. when i do auth.net api call, i get SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed i assume it's because i dont have ssl on my local machine. how do i get over this so i can test on my local machine? thank you

    Read the article

  • Code Sign error after renewing my certificate

    - by thierryb
    Hello, my certificate has just expired. I renewed it on Team section, then renew provisioning profile, and reinstall them on my keychain and xcode, and then I get this error : Code Sign error: The identity 'iPhone Developer' doesn't match any valid certificate/private key pair in the login keychain What should I do ? Thanks a lot Thierry

    Read the article

  • Pass certificate to j2me

    - by user326096
    I created a certificate on apache server. x.509 public key certificate RSA created using the keytool I need to pass this to a J2me app, via http. So the J2me app can encrypt data How do I do this.

    Read the article

  • Websphere 5.1 add SSL certificate

    - by Mikhail
    Hi All. I have the following instruction: Import ++++ certificate (in order to allow SSL connections) – it is done in Administrative Console for the corresponding WAS profile (Security-SSL certificate and key management-Key stores and certificates-NodeDefaultTrustStore-Signer certificates). Here you can simply add the attached trkd_cert.cer (“Add” button) or get it from port (“Retrieve from port” button, host: ++++.com, port 443) But this is valid for Websphere 6.1. Do somebody know how this can be done in WebSphere 5.1?

    Read the article

  • Check in Javascript if a SSL Certificate is valid

    - by MB
    Hi. Is there a way to check in Javascript if given a host it's SSL certificate is valid? (non blocking) In my case I want to display: "you can also use https://.." if via javascript I can make a request to https://my_url without being asked to accept an untrusted certificate. Can this be done asynchonously? -- M.

    Read the article

  • Xcode / iPhone Enterprise Distribution Certificate Made By Other Person

    - by ort11
    There is an Enterprise Distribution Provision that was created by another person that is no longer here (before me). Getting the development provision / certificate was fine, by adding myself to the team, etc. But what is the best way to clear the "No Valid / Matching Certificate" for the Distribution Provision when building for release / distribution? Will we have to make another Distribution Provision?

    Read the article

  • IIS token based security, ssl certificate and https, proxy

    - by davidgshi
    I have developed a new web service. Now, I need to deal with security issue as we are intending to make it a secure service. In order to set up SSL and https, I need to obtain and install an SSL certificate. Who is the certificate authority? Do you know how to go about with this? Are there concise articles on this? Regards. David

    Read the article

  • Windows 7, IIS 7.5, Selfssl

    - by Steve
    The windows iis6 resource kit won't install on Windows 7 (Home Premium) so I copied it from another machine and selfssl.exe is giving me: Failed to generate the cryptographic key: 0x5 I tried the instructions here but am still getting the above error. I'm trying to set the common name of the certificate to a name other than the machine name so I can avoid the certificate errors in the browser. This is a test web application. I know I can just test with the browser errors, but I'd like to mimic real world conditions as much as possible. Is there any other way to generate your own ssl certificates for iis7.5?

    Read the article

  • Amazon EC2 - HTTPS - Certificate body is invalid. The body must not contain a private key

    - by Tam Minh
    I'm very new to Amazon EC2. I am trying to setup https for my website, I follow the offical instruction from amazon doc: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html When I Upload a Signed Certificate using AWS command aws iam upload-server-certificate --server-certificate-name dichcumga --certificate-body file://mycert.pem --private-key file://signedkey.pem --certificate-chain file://mychain.pem And I got error A client error (MalformedCertificate) occurred when calling the UploadServerCert ificate operation: Certificate body is invalid. The body must not contain a private key. mycert.pem is a combination of private.pem and signedkey.pem (which return by VeriSign) copy private.pem+signedkey.pem mycert.pem Please help to shed a light. Thank you in advance.

    Read the article

  • SSL cert issued to and SAN attribute

    - by Jai
    I have added a cert to my application cacerts file. The new cert is issued to one DNS(abc.com) and they have added few other DNS(XYZ.com, TEST.com) to the SAN attribute while creating. I tried accessing one of the DNS(XYZ.com) given in SAN attribute, it throws me the below mentioned error. <Certificate chain received from XYZ.com failed hostname verification check. Certificate contained abc.com but check expected XYZ.com> If we have more DNS for an application, Do we need to generate cert for every single DNS?

    Read the article

  • Generating SSL certificates

    - by user73483
    Hi, I was wondering if anyone has any idea in how to generate a signed CA cert and key using openssl? I have found this website (http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html) to generate the client and server certs for mysql server but the example is a self-signed certificate. I use the following command for running the server and client using openssl and the generated certs and keys: openssl s_server -accept 6502 -cert server-cert.pem -key server-key.pem -CAfile ca-cert.pem -www openssl s_client -connect 192.168.1.92:6502 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem The error output I get is "Verify return code: 18 (self signed certificate)". Paul

    Read the article

  • unable to get local issuer certificate - Ubuntu 11.04

    - by user1443867
    I'm facing a strange issue. My vps from Linode has no issue connecting to apple push server with following command. openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert Test_dev_apns_cert.pem -key Test_dev_apns_key.pem However, I was using the same pem files with above command testing from my another low budget vps and I'm getting this: Verify return code: 20 (unable to get local issuer certificate) Both are running Ubuntu 11.04 and installed LAMP as usual. No special configuration is done to both servers for SSL. Am I missing something here?

    Read the article

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >