Search Results

Search found 2668 results on 107 pages for 'trusted certificate'.

Page 27/107 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

• Help me set up ssl.conf for multiple domains (name-based vhosts in ssl.conf?)

  - by mmattax

  In my httpd.conf: If I have my virtual host configured as: NameVirtualHost *:80 <VirtualHost *:80 ServerName foo.com ServerAlias www.foo.com Include conf.d/foo.conf </VirtualHost <VirtualHost *:80 ServerName bar.com ServerAlias www.bar.com Include conf.d/bar.conf </VirtualHost Can I get by with a single domain SSL certificate or must I purchase a wildcard SSL certificate to handle the www subdomain? I am now trying to configure the ssl.conf file, can I use name-based vhosts in my ssl.conf file like this: NameVirtualHost *:443 <VirtualHost *:443 ServerName foo.com ServerAlias www.foo.com ... Include conf.d/foo.conf </VirtualHost <VirtualHost *:443 ServerName bar.com ServerAlias www.bar.com ... Include conf.d/bar.conf </VirtualHost or do I need IP based vhosts? If this is possible, what kind of cert would I need in order to do this?

  Read the article

• Wildcard SSL Certificates with Exchange 2010?

  - by Hutch

  Is anyone using a Wildcard Cert with Exchange 2010 please? We currently have a bunch of individual whatever.domain.com SSL certificates and as several are expiring soon it would be an ideal opportunity to move to a wildcard certificate. At some point though we will be moving from Exchange 2003 to Exchange 2010, and I've read conflicting reports over whether wildcard certs work with Exchange 2010 as many guides seem to recommend a UCC/SAN certificate. Our internal DNS domain name is the same as our external domain name. Godaddy look like good VFM given they allow use on unlimited physical servers. Thanks in advance.

  Read the article

• Export SSL Cert from IIS and import into GlassFish keystore

  - by Tim H

  What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

  Read the article

• Create private key with CSR

  - by Daniel Schlieckmann

  I have a CSR file (as a text file) and the corresponding P7B certificate. My problem is that I have to create a P12 file on a machine where I do not have created the CSR. I have created the CSR in Firefox Key Manager. Before, I imported the P7B file into certificate store in msc, then exported a CER-file, imported it in Key Manager and then exported the P12 file. This doesn't work anymore because I have another machine now. If I try to import the CER file created by msc, Key Manager says that there is no private key. Is there a possibility to create a private key?

  Read the article

• Apache not using the right SSL certificate [on hold]

  - by user2420318

  In my apache2 setup, I have one VirtualHost for my main site, and another for a static content site, like downloads, css, etc. I have ssl certificates for both, and the static content one is under a subdomain of the main site. I have configured the four virtualhosts altogether, as both sites need SSL ones as well. When I only had 1 SSL site, everything was OK, but now with the second, the first site uses the second site's certificate, even though it is told specifically to use its own in the VirtualHost section. I honestly have no idea why apache would do this. Any ideas? I have a feeling there may be some default/global setting or something that are set for some odd reason. I am using different IPs for the Virtual hosts.

  Read the article

• Export SSL Cert from IIS and import into GlassFish keystore

  - by Tim H

  What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

  Read the article

• How to configure a trusted connection between IIS 7 and SQL Server 2005?

  - by user1180652

  How do configure a trusted connection between IIS 7 and SQL Server 2005? My webapp was working fine with Windows Authentication enabled in IIS. Now, in order to solve a problem, we need to use a trusted connection. Unfortunately, enabling the trusted connection in the web.config broke the webapp. Oddly enough, when I run this application with trusted connection from my local dev machine (using the Cassini web server) IIS (Windows Server 2008) is running on one machine. The database (SQL Server 2005 but could migrate to 2008) is running on another machine. We are on a Windows domain running AD. All traffic is within our own firewall - no public access. Beyond that, I can't provide much info but I can find it. We're very "compartmentalized" (we have server people, security people, oracle people, SQL Server people, etc.) Thanks! Update 02/14/2012 0902: The webapp is now functional (app no longer broken) but the main issue is still unresolved. Now I have the app's application pool running as a domain account with permissions on the SQL Server box and IIS box. We were using this account to run the application but, and here's the problem, we need to log the real user name that made a change. When using the service account, the name of that service account appeared in the audit tables, making the auditing quite useless. So, not I'm at least running again. The connection string in the web.config is using "Trusted_Connection=True", the appPool is using a domain account with access to both boxes, BUT when I make a change (logged in as me) the name of the service account (appPool identity) is still logged in the audit tables. I also manually granted full permissions to the service account on the webapp folder. What do I need to do in order to log my name, not the service account, in the audit tables? Everything I'm reading says I need to establish a trusted connection between the two servers.

  Read the article

• Installing SSL certs with nginx on Amazon EC2

  - by Ethan

  I finally got a cert from an authority and am struggling to get things working. I've created the appropriate combined certificate (personal + intermediate + root) and nginx is pointing to it. I got an elastic IP and connected it to my EC2 instance. My DNS records point to that IP. But when I point the browser to the hostname, I get the standard "Connection Untrusted" bit, with ssl_error_bad_cert_domain. Port 443 is open - I can get to the site over https if I ignore the warning. Weird thing is, under technical details, it lists the domain I tried to access as valid! When I try and diagnose with ssl testing sites, they don't even detect a certificate! What am I missing here? domain is yanlj.coinculture.info. Note I've got coinculture.info running on a home server without a dedicated IP and have the same problem, but I'll be moving that to the same EC2 instance as soon as I figure this thing out. I thought the elastic IP would solve things but it hasn't

  Read the article

• SSL Certificates, two-way authentication and loadbalancers

  - by 5arx

  We're looking to implement two-way authentication with client certificates for a privileged subset of our application users. The idea will be that if a certificate is detected the user will be asked for an additional password/PIN and that will be used to verify the certificate and user. Ordinary users will continue to authenticate themselves via the standard login mechanism. Our production environment (hosted by a well-known company) comprises load-balanced application servers and I'm unclear as to how this set-up will handle the certificates and I'm not certain if there are any pitfalls I should be aware of. I would very appreciate some thoughts, comments or real-world advice on the subject.

  Read the article

• Windows Advanced Firewall certificate based IPSEC

  - by Tim Brigham

  I'm working on migrating from using IPSEC settings stored under the 'IP Security Policies on Active Directory' to using the 'Windows Firewall with Advanced Security' for my 2008+ boxes. I have successfully been able to get this set up using Kerberos authentication, however my openswan implementation on my Linux boxes is using certificates. Whenever I try changing the authentication method to computer certificate (using RSA and my root CA) the connection is bombing out. I've made this change at both a connection request policy and on the IPSEC settings on the root Windows Firewall with Advanced Security node. The windows event log shows the authentication request is taking place but failing negotiating a mode. What am I missing here?

  Read the article

• All Tasks..Advanced Operations option missing from Certificaces MMC Snap-In

  - by JohnFx

  I am trying to follow the instructions in this article to create a custom certificate to support SSL on a web server. I'm stick on the following step: Click on Personal – All Tasks – Advanced Operations – Create Custom request The problem is that on the web server (Windows Server 2003 R2) I don't have an "Advanced Operations" option under "All Tasks". I do on my desktop machine (Windows 7), but not on the server. All the documentation I can find indicates that it should be available on WS-2003-R2, but it just isn't. Note: I'm going through this manual process because I need to specify a alternate host names in the CSR, which you can't do through the IIS 6.0 console certificate managment functionality. Any suggestions for how to make this option show up?

  Read the article

• Firefox cannot recognize certificates for well knows sites

  - by RCola

  When trying to connect to well known sites, for instance hotmail.com Firefox shows that This Connection in Untrusted. In the OptionsAdvancedCertificates it's configured to select one matching certificate automatically. Why Firefox does not trust current connection? Can it be Man-in-the-middle attack or it's something like broken certificate storage on my computer? UPDATE UPDATE2 Solved: the problem is Antivirus Web Access protection. It interferes with HTTPS connection. Similar to Man-in-the-middle? Why ESET cannot do it correctly?

  Read the article

• Multiple SSL on same IP [closed]

  - by kadourah

  Possible Duplicate: Multiple SSL domains on the same IP address and same port? I have the following situation: first domain: test.domain.com IP: 1.2.3.4 Port: 443 SSL: Purchased from godaddy and specific to that domain Works fine no issues. I would like to add another site: test2.domain.com IP: the same Port: can be different SSL: different since I can't use the SSL above because it's specific to the site above. Now, when I add the HTTPS binding to the second site with IP:Port combination it appears to always load the first SSL ignoring the second certificate. How can I add second SSL binding to the same IP using a "different" certificate? Can this be done?

  Read the article

• Safari, IIS and optional Client Certificates

  - by Philipp

  I've a ASP.Net Webapp running on IIS7.5. The Webserver is configured to accept Client Certifcates. Unfortunately Visitors with Safari Browser are unable to view the Page. Same Problem as described under the following link: http://www.mnxsolutions.com/apache/safari-providing-an-ssl-error-client-certificate-rejected%E2%80%9D-when-other-browsers-work.html Does anyone knows how to solve this? I'd really appreciate your help. edit: Seems to be the same problem: http://superuser.com/questions/231695/iis7-5-ssl-question-safari-users-get-a-prompt-of-certificate-to-select

  Read the article

• What URLs must be in IE's Trusted Sites list to allow Windows Update?

  - by ewall

  Particularly for servers in which IE Enhanced Security Configuration is enabled, you need to have all the Windows Update/Microsoft Update URLs in your "Trusted Sites" list in order to use the site. (Furthermore, for domain member servers where Group Policy enforces Internet Explorer's list of "Trusted Sites", you don't have the option to edit the Trusted Sites yourself... so all the necessary URLs should be listed in the GPO.) So, what is the full list of URLs I'll need in IE's Trusted Sites? So far I have the following: http(s)://*.update.microsoft.com http://download.windowsupdate.com http://windowsupdate.microsoft.com I seem to remember there being several more...

  Read the article

• Which SSL certificate to buy [closed]

  - by Sparsh Gupta

  I am reading several notes on SSL certificates and comparison. What matters to me the most is speed. I can read that encryption is same with all different certificates available but I was wondering if there is any difference in the performance of the website with different certificates involved. I am ofcourse interested in end to end response times and I wonder if the type of encryption or number of certificates required as Chain Certificates makes a difference in speed. I dont really care for cost but looking for a good SSL certificate which ideally gives me absolutely no pain and best performance. Recommendations?

  Read the article

• How to use chain.p7b with Apache?

  - by Debianuser

  I wanted to setup a SSL website on Apache and applied for a certificate from my local ISP. All they sent me was a single file named chain.p7b. I have always used certificates from other vendors without any issues but they usually provide two files to be configured as SSLCertificateFile and SSLCertificateChainFile in Apache. Following instructions from several online resources, I opened the p7b file in Windows and extracted 4 certificates from the file. I then tried configuring Apache with one of the files and it worked, but shows a warning: The certificate is not trusted because no issuer chain was provided. I though I have to use remaining 3 files as SSLCertificateChainFile and/or SSLCACertificateFile. I tried that but it didn't work so I am assuming it might be something completely different. Anyone faced this issue before? The following page http://www-01.ibm.com/support/docview.wss?uid=swg21458997 talks about using a keystore but is that relevant to Apache?

  Read the article

• Avoid access to www subdomain on secure server

  - by user44654

  I have an SSL certificate that is valid for mysite.co.uk but not www.mysite.co.uk it seems. If I use mod_rewrite or .htaccess to redirect from one to the other will this prevent browsers from displaying an invalid certificate security warning if someone tries to access www.mysite.co.uk? (I've tried redirection but still get the warning if I type https://www.mysite.co.uk directly into the address bar of my browser. I want to know if this is because the redirection isn't working or if the browser will display the warning anyway.) I hope that makes sense.

  Read the article

• using main domain as a mail server

  - by zensys

  I have a mail server set up as mail.mydomain.com like most people do. Now I find out that if I want to secure both mail.mydomain.com and mydomain.com with ssl I need two SSl certificates (or one more versatile but more expensive certificate). Does it make sense to run my mail server under mydomain.com (it is the same physical machine anyway) to save certificate expenses (I am Dutch) or is this being pound foolish? What is the rationale of separating the mail server from the 'www' server apart from the intuitive 'neatness' appeal?

  Read the article

• SSL signed certificates for internal use

  - by rogueprocess

  I have a distributed application consisting of many components that communicate over TCP (for examle JMS) and HTTP. All components run on internal hardware, with internal IP addresses, and are not accessible to the public. I want to make the communication secure using SSL. Does it make sense to purchase signed certificates from a well-known certificate authority? Or should I just use self-signed certs? My understanding of the advantage of trusted certs is that the authority is an entity that can be trusted by the general public - but that is only an issue when the general public needs to be sure that the entity at a particular domain is who they say they are. Therefore, in my case, where the same organization is responsible for the components at both ends of the communication, and everything in between, a publicly trusted authority would be pointless. In other words, if I generate and sign a certificate for my own server, I know that it's trustworthy. And no one from outside the organization will ever be asked to trust this certificate. That is my reasoning - am I correct, or is there some potential advantage to using certs from a known authority?

  Read the article

• perl Client-SSL-Warning: Peer certificate not verified

  - by Jeremey

  I am having trouble with a perl screenscraper to an HTTPS site. In debugging, I ran the following: print $res->headers_as_string; and in the output, I have the following line: Client-SSL-Warning: Peer certificate not verified Is there a way I can auto-accept this certificate, or is that not the problem? #!/usr/bin/perl use LWP::UserAgent; use Crypt::SSLeay::CTX; use Crypt::SSLeay::Conn; use Crypt::SSLeay::X509; use LWP::Simple qw(get); my $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(GET => 'https://vzw-cat.sun4.lightsurf.net/vzwcampaignadmin/'); my $res = $ua->request($req); print $res->headers_as_string; output: Cache-Control: no-cache Connection: close Date: Tue, 01 Jun 2010 19:28:08 GMT Pragma: No-cache Server: Apache Content-Type: text/html Expires: Wed, 31 Dec 1969 16:00:00 PST Client-Date: Tue, 01 Jun 2010 19:28:09 GMT Client-Peer: 64.152.68.114:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Client-SSL-Cert-Subject: /C=US/ST=Massachusetts/L=Boston/O=verizon wireless/OU=TERMS OF USE AT WWW.VERISIGN.COM/RPA (C)00/CN=PSMSADMIN.VZW.COM Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Client-Transfer-Encoding: chunked Link: <css/vtext_style.css>; rel="stylesheet"; type="text/css" Set-Cookie: JSESSIONID=DE6C99EA2F3DD1D4DF31456B94F16C90.vz3; Path=/vzwcampaignadmin; Secure Title: Verizon Wireless - Campaign Administrator

  Read the article

• Java - Trying to log into website with invalid ssl certificate using httpclient

  - by PCBEEF

  I'm trying to log into site with invalid ssl certificate and I have the following code. I bypass the the invalid cert by using my all certificate and then bypass the invalid Hostname by using hostnameverifier. However, the hostnameverifier does not seem to work and I still get the error message javax.net.ssl.SSLException: hostname in certificate didn't match: The code is: public static void main(String[] args) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { System.out.println("Warning: URL Host: "+urlHostName+" vs. "+session.getPeerHost()); return true; } }; try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(hv); } catch (Exception e) { } try { DefaultHttpClient httpclient = new DefaultHttpClient(); HttpContext localContext = new BasicHttpContext(); List<NameValuePair> formparams = new ArrayList<NameValuePair>(); formparams.add(new BasicNameValuePair("username", "user")); formparams.add(new BasicNameValuePair("password", "pword")); UrlEncodedFormEntity entity; entity = new UrlEncodedFormEntity(formparams, "UTF-8"); HttpPost httppost = new HttpPost("https://www.mysite.com/"); httppost.setEntity(entity); HttpResponse response = httpclient.execute(httppost, localContext); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } }

  Read the article

• How to import certificate for Apache + LDAPS?

  - by user101956

  I am trying to get ldaps to work through Apache 2.2.17 (Windows Server 2008). If I use ldap (plain text) my configuration works great. LDAPTrustedGlobalCert CA_DER C:/wamp/certs/Trusted_Root_Certificate.cer LDAPVerifyServerCert Off <Location /> AuthLDAPBindDN "CN=corpsvcatlas,OU=Service Accounts,OU=u00958,OU=00958,DC=hca,DC=corpad,DC=net" AuthLDAPBindPassword ..removed.. AuthLDAPURL "ldaps://gc-hca.corpad.net:3269/dc=hca,dc=corpad,dc=net?sAMAccountName?sub" AuthType Basic AuthName "USE YOUR WINDOWS ACCOUNT" AuthBasicProvider ldap AuthUserFile /dev/null require valid-user </Location> I also tried the other encryption choices besides CA_DER just to be safe, with no luck. Finally, I also needed this with Apache tomcat. For tomcat I used the tomcat JRE and ran a line like this: keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file Trusted_Root_Certificate.cer After doing the above line ldaps worked greate via tomcat. This lets me know that my certificate is a-ok. Update: Both ldap modules are turned on, since using ldap instead of ldaps works fine. When I run a git clone this is the error returned: C:\Tempgit clone http://eqb9718@localhost/git/Liferay.git Cloning into Liferay... Password: error: The requested URL returned error: 500 while accessing http://eqb9718@loca lhost/git/Liferay.git/info/refs fatal: HTTP request failed access.log has this: 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:12 -0600] "GET /git/Liferay.git/info/refs service=git-upload-pack HTTP/1.1" 500 535 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:33 -0600] "GET /git/Liferay.git/info/refs HTTP/1.1" 500 535 apache_error.log has nothing. Is there any more verbose logging I can turn on or better tests to do?

  Read the article

• Last (I think and hope) problems configuring SSL certificate with Apache and VirtualHosts

  - by user65567

  Finally I set apache2 to get a single certificate for all subdomains. [...] # Go ahead and accept connections for these vhosts # from non-SNI clients SSLStrictSNIVHostCheck off # Apache setup which will listen for and accept SSL connections on port 443. Listen 443 # Listen for virtual host requests on all IP addresses NameVirtualHost *:443 # Because this virtual host is defined first, it will # be used as the default if the hostname is not received # in the SSL handshake, e.g. if the browser doesn't support # SNI. <VirtualHost *:443> ServerName domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/domain/public" <Directory "/Users/<my_user_name>/Sites/domain/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> <VirtualHost *:443> ServerName subdomain1.domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/subdomain1/public" <Directory "/Users/<my_user_name>/Sites/subdomain1/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> <VirtualHost *:443> ServerName subdomain2.domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/subdomain2/public" <Directory "/Users/<my_user_name>/Sites/subdomain2/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> So, for example, I can correctly access https://subdomain1.domain.localhost https://subdomain2.domain.localhost ... Now, anyway, I have problems on accessing http://subdomain1.domain.localhost http://subdomain2.domain.localhost ... Since I use a Mac Os, on accessing the "http: version", I get a default page "Your website." (instead of a error). Why does it happen?

  Read the article

• Subversion Edge LDAP (require CAC Certificate not Username and Password)

  - by Frank Hale

  What I've Done: I've successfully installed and configured Subversion Edge 3.1.2 with LDAP support on a Windows 2008 server. I have configured LDAP users and am able to use LDAP credentials to work on repositories just fine. No issues whatsoever. Works great! What I Want To Do: I've been searching for several hours now in hopes to find some information on how to configure Subversion Edge server to require client certificates for user authentication against an LDAP environment. I have not found anything yet that gives me an indication of how to do it. I know there are SVN clients that are capable of prompting for CAC certificates but I cannot figure out how to set my server up to require it. NOTE: CAC authentication is already setup and working in the windows environment. Desired Outcome: When running svn commands that require authentication against my Subversion Edge Server I want it to prompt me for my CAC certificate instead of my Active Directory username and password. If anyone has any information on this I'd greatly appreciate it. EDIT: I'm still digging so if I find out anything I'll update this question with what I found.

  Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >