Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

Page 28/170 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35 | Next Page >

Mod_rewrite display subdomain.domain.com and call domain.com/subdomain/ for SSL

- by Jeff H.

I have a website secured by a standard SSL certificate, securing a few different shops under different subdirectories. Ex. domain.com/shop1/ The shops are also accessible via a subdomain e.g. shop1.domain.com. What I'm trying to accomplish: display shop1.domain.com to the user, while keeping all of the actual server calls as domain.com/shop1, so that the secure pages will continue to work properly. (Not sure if I'm using the proper language, exactly, I hope my point is clear.) To be clear: my SSL is working fine, and I don't need help with that, and I don't need or want to purchase a UCC cert. It can't be that difficult for anyone with experience with Apache. (I've spent 3 hours trying to learn about mod_rewrite. It's just not clicking.) I'm on a GoDaddy secure shared server, so please keep in mind that I'm not able to reset the server or anything.

Read the article
LDAP over SSL/TLS working for everything but login on Ubuntu

- by Oliver Nelson

I have gotten OpenLDAP with SSL working on a test box with a signed certificate. I can use an LDAP tool on a Windows box to view the LDAP over SSL (port 636). But when I run dpkg-reconfigure ldap-auth-config to setup my local login to use ldaps, my login under a username in the directory doesn't work. If I change the config to use just plain ldap (port 389) it works just fine (I can login under a username in the directory). When its setup for ldaps I get Auth.log shows: Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: reconnecting to LDAP server... Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server I will provide whatever are needed. I'm not sure what else to include. Thanx for any insights... OLIVER

Read the article
Resolve a many-SSL-to-one IP for clients browsers that doesn't support SNI

- by Emile

Whoa, acronyms :) So according to this question you can have multiple SSL subdomains on one IP address as long as your server supports TLS (which Apache 2.2x does). Another answer to that question points out that the client browser must have SNI support to work, which IE doesn't have on Windows XP. So, what happens to people with that browser is a warning message saying that the SSL cert doesn't match the domain. Can one resolve this issue for those client browsers without SNI support? Does a wildcard (for subdomains) do the trick? Are there other (cheaper) options?

Read the article
MySQL query (over SSL) fails in IIS 7 using default AppPool identity

- by Jon Tackabury

I am trying to run a website locally in Windows 7 under IIS 7. I have the AppPool configured to use "Classic" mode, but connecting to a MySQL DB that requires SSL fails. If I change the identity to my user account it works perfectly. It fails when using the default "ApplicationPoolIdentity" account. Is there something I'm missing somewhere? Why would running a MySQL query over SSL fail for certain user accounts? Update: This is the exception that the MySQL Connector is throwing: "Reading from the stream has failed. Attempted to read past the end of the stream."

Read the article
What program should I use for SSL stripping and re-encrypting

- by Sparksis

I'm trying to strip a HTTP over SSL connection down to SSL and then re-encrypt the channel (with a signed certificate(s) I can provide). Of course I want to be able to store captures of all the un-encrypted data. The purpose of this is to reverse engineer a HTTP handshake that is used by a SIP program on my machine. I've tried SSLstrip but it doesn't support what I need it too. Edit: I want something to this effect https://github.com/applidium/Cracking-Siri/blob/master/tcpProxy.rb only more generic and able to write to a pcap stream that wireshark will understand (I'm not sure if this does that). Edit2: upon further inspection this does not create pcap streams. I guess if need be I can write a compatible version but that is not the desired choice.

Read the article
Nginx $scheme doesn't always work while using SSL for one specific page

- by jjiceman

I read and followed this question in order to configure nginx to force SSL for one page (admin.php for XenForo), and it is working well for a few of the site administrators but is not for myself. I was wondering if anyone has any advice on how to improve this configuration: ... ssl_certificate example.net.crt; ssl_certificate_key example.key; server { listen 80 default; listen 443 ssl; server_name www.example.net example.net; access_log /srv/www/example.net/logs/access.log; error_log /srv/www/example.net/logs/error.log; root /srv/www/example.net/public_html; index index.php index.html; location / { if ( $scheme = https ){ rewrite ^ http://example.net$request_uri? permanent; } try_files $uri $uri/ /index.php?$uri&$args; index index.php index.html; } location ^~ /admin.php { if ( $scheme = http ) { rewrite ^ https://example.net$request_uri? permanent; } try_files $uri /index.php; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; } location ~ \.php$ { try_files $uri /index.php; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS off; } } ... It seems that the extra information in the location ^~ /admin.php block is unecessary, does anyone know of an easy way to avoid duplicate code? Without it it skips the php block and just returns the php files. Currently it applies https correctly in Firefox when I navigate to admin.php. In Chrome, it downloads the admin.php page. When returning to the non-https website in Firefox, it does not correctly return to http but stays as SSL. Like I said earlier, this only happens for me, the other admins can go back and forth without a problem. Is this an issue on my end that I can fix? And does anyone know of any ways I could reduce duplicate configuration options in the configuration? Thanks in advance!

Read the article
Hot to get XChat to trust CA certificate?

- by Silvio

I have created an SSL certificate authority including a sub-authority to issue certificates. I have copied the root certificate to /usr/share/ca-certificates/extra and added it to /etc/ca-certificates, then ran dpkg-reconfigure ca-certificates and update-ca-certificates. After it said "Adding debian:.pem done." I am now fairly convinced that Ubuntu knows about my CA. Now I issued a certificate for the ZNC irc bouncer from the subca, installed it onto znc, but XChat will not trust the certificate despite all the above. I also issued a certificate to use with apache2 and that one works fine after adding the root ca to chromium. Does someone know how I can get XChat to trust the certificate?

Read the article
SSL Proxy: Forwarding without the encryption

- by John

I have a python application listening on port 9001 for HTTP traffic. I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I'm not doing anything crazy with the site names and SSL certs, I have one public IP, one hostname, and one SSL cert. Stripping the encryption at the proxy doesn't seem to be a common requirement. Is what I'm asking for a normal requirement? Are there other concerns with this sort of configuration?

Read the article
LDAP over SSL/TLS working for everything but login on Ubuntu

- by Oliver Nelson

I have gotten OpenLDAP with SSL working on a test box with a signed certificate. I can use an LDAP tool on a Windows box to view the LDAP over SSL (port 636). But when I run dpkg-reconfigure ldap-auth-config to setup my local login to use ldaps, my login under a username in the directory doesn't work. If I change the config to use just plain ldap (port 389) it works just fine (I can login under a username in the directory). When its setup for ldaps I get Auth.log shows: Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: reconnecting to LDAP server... Sep 5 13:48:27 boromir sshd[13453]: pam_ldap: ldap_simple_bind Can't contact LDAP server I will provide whatever are needed. I'm not sure what else to include. Thanx for any insights... OLIVER

Read the article
Azure VM with many IPs or SSL certificates

- by timmah.faase

I am looking to move our hosting environment to Azure and by doing so have created a sandpit VM to figure things out. We host around 300-400 websites in IIS and about 2% of these sites have unique, non wildcard certificates all requiring a unique public IP in our current setup. Can you get a range of IPs pointing to 1 VM/Endpoint? Or is it possible to create an SSL proxy? I've never created an SSL proxy but like the idea of it. I'd need advise here on how to proceed if this is the best option. Sorry if this has been answered! Sorry also if my question isn't worded eloquently.

Read the article
Prevent IIS7 HTTPS from binding to all SSL IP addresses

- by robpaveza

I've had this interesting problem with IIS7. I have a number of HTTPS sites in IIS7. That hasn't been a problem, until I wanted to go and set up VisualSVN Server using an SSL certificate. The installer had trouble starting the service. When I looked in the event log, the error was that "the file is already in use by another process." I figured that the "file" was really a socket, and checked with netstat - even though IIS was only bound to three specific IP addresses (.160, .156, and .168) with port 443, it was consuming *:443. I could stop the World Wide Web Publishing Service, start VisualSVN, and then start IIS, but then none of my SSL servers would start. Any helpful hints about how I could make IIS not try to default-bind to *:443? Thanks!!

Read the article
What will be the impact on SEO if we remove our SSL certificate (url become http instead of https)?

- by pixeline

For some weird reason, our domain's content is returned for any https request set to any of our server's hosted domain names. https://domain.com leads to our website, with a proper SSL certificate (so, no warning). https://domain2.com, also hosted on our server but without SSL certificate, leads to a warning, and if accepted, to our website's content! The problem is that any search for our keywords in Google shows "fake websites" on top of ours, with the warning et al. It seems unsolvable so we are thinking about switching back ton nonsecure http . I'm just afraid of losing whatever indexing we have. How can i avoid that? Thanks, a.

Read the article
SSL FTP fails on Windows 7 but not Windows XP clients

- by Andrew Neely

We currently use a free SSL-FTP client called Move-It-Freely to transmit data from a custom data entry program at over forty facilities scattered around the state to our central server. Under XP, it works flawlessly. Some facilities have upgraded to Windows 7. On these machines, uploads (transfers to us) work, downloads (transfers from us to them) fail. Replacing the Windows 7 machine with an XP machine solves the problem. We have also verified that the network firewall settings have not changed. This problem persists even if Windows firewall is not running. We were able to remote into one of the Windows 7 machines to verify that the Windows firewall was indeed turned off. We cannot replicate the problem on our own Windows 7 machines, and are at a loss of how to fix this feature for our customers. The data contain health-related information, and needs to be encrypted (hence SSL-FTP.) Despite hours spent on Google, we cannot find a solution.

Read the article
Elastic Load Balancer & SSL termination

- by Aaron Scruggs

I am setting up a Rails app on AWS that: 1) all traffic must ssl encrypted 2) will highly fluctuate in traffic on a weekly basis 3) will by maintained by someone that is a stronger coder than sysadmin, but will be responsible for both I am thinking that SSL termination on an elastic load balancer backed by small ec2 instances running nginx and unicorn A small subset of the requests will take longer than 10s, because of this I am also debating using 'thin' instead of 'unicorn'. My question is this: Is this sane? I am stepping into a quagmire of cost, maintainability, security or performance problems?

Read the article
Passenger not working with SSL on Apache 2

- by Zak

I have a Rails app running on Passenger; It works as expected over unencrypted connections. I also have a working Apache SSL setup; I can access any static file available via http with https. When I try to access the Rails app via https, I get a 403 error (Directory index forbidden by rule). Turning on indexes for the directory simply causes Apache to display an index. I do have +ExecCGI set for the appropriate directory in the SSL version of the VirtualHost directive. I'm sure there's something obvious I'm overlooking. I'm just not sure where I need to be looking.

Read the article
Force users to access SSL site using specific host header

- by mwillmott

Hi, So i am running IIS7 with one SSL site on it. I have a few different domains and subdomains that all point to my external IP. When using http they all direct to their respective sites using host headers. Whenever someone uses https on any of the domains they all point to my SSL site. I only want people who type in https://sub.domain.com (for example) to end up at my secure site and for anything else to just not go there, it can throw an error or direct to the http version, it doesn't matter. Is there a way of getting IIS7 to check the host header and throw an error if it doesn't match my specific subdomain? Thanks, Michael

Read the article
SSL Certificates, two-way authentication and loadbalancers

- by 5arx

We're looking to implement two-way authentication with client certificates for a privileged subset of our application users. The idea will be that if a certificate is detected the user will be asked for an additional password/PIN and that will be used to verify the certificate and user. Ordinary users will continue to authenticate themselves via the standard login mechanism. Our production environment (hosted by a well-known company) comprises load-balanced application servers and I'm unclear as to how this set-up will handle the certificates and I'm not certain if there are any pitfalls I should be aware of. I would very appreciate some thoughts, comments or real-world advice on the subject.

Read the article
apache, shibboleth, load balancing aliase, ssl

- by Nikolaidis Fotis

Good morning folks Could you give me a bit of help with the following problem ? I have a dns load balancing mechanism and an alias (hostAlias) which may point to host01, or host02 I want to configure apache and shibboleth to work with that alias. What happens is ... User types : https://hostAlias (it points to host01) apache host01 : redirect to shibboleth shibboleth host01 : redirect to **https://hostAlias.cern.ch/Shibboleth.sso/ADFS** Now, there are two cases. Either this time hostAlias will point again to host01 , or it will point to host02. If it points to host02, host01 will not get the anwser and the authentication fails. Also, about ssl certificates, I guess that each host will need its own certificate. right ? Should I need a certificate with DNS aliases ? Thanks in advance !

Read the article
Creating self-signed SSL certificate - Access denied?

- by Shaul

I'm trying to create a Self-Signed Certificate in IIS 7 (Win7 Ultimate x64), and getting the following error: I found this question on SF, which says I should set permissions on the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder to allow rights - but that's also not working. Firstly, note that "Everyone" has "Full Control" rights: And when I try to delete and recreate rights, look what comes up: I am logged in as a user with admin privileges, and I've even tried running Explorer with Admin rights... nothing seems to help. What do I do to get this right?

Read the article
SSL client auth in nginx with multiple server section

- by Bastien974

I want to implement ssl_verify_client in nginx. This works perfectly when I only have one server section, which listen to 443. In my case I have multiple, all listening on 443 but to different server_name. For one particular server (proxy.mydomain.com), I'm adding the SSL client verify, but when I test the connectivity with openssl s_client -connect proxy.mydomain.com:443 -cert xxx.crt -key xxx.key and then do a GET / HTTP/1.1 host: proxy.mydomain.com It's not working, 400 No required SSL certificate was sent I think nginx is not receiving the proper server_name and is directing it to the first server listening to 443. So I tried to listen on another port and it worked right away. What's the issue and how can I fix it ?

Read the article
Backing up Windows 2003 Server that has Certificate Authority

- by Dina

I want to export and migrate a Certificate Authority CA role from a Windows 2003 machine to a new copy of Windows 2008 R2 virtual machine. I was told that I cannot have 2 CA roles on the same network at the same time. Therefore, I must first export the certificates on the older machine, delete the CA role, then add the CA role on the new machine and import the certificates into it. As a safety precaution, I am tasked to find a backup solution in case this does not work and I need to revert back to the old Windows 2003 CA. My question is: What is the best software for doing this type of backup? I am currently trying out Symantec Backup Exec 2012. Which I hope will allow me to create a backup prior to removing CA role on Windows 2003. If this CA migration fails, the backup will allow me to revert the old machine to a time before I removed its CA role.

Read the article
CentOS - Apache and SSL?

- by NeoNmaN

Hei all i have problem for my SSL setup, when i put SSL Engine to on my Apache will not start up, if i remove it, its work fine. i can't finde the Apache log, so i can find out of whats happen here, can sommen maby tell me the problem or link to the defualt log-path for Apache? here is my vhost config file. <VirtualHost *:443> # SSLEngine On SSLProtocol all SSLCertificateFile "/etc/pki/tls/schemecloud.co.uk.csr" SSLCertificateKeyFile "/etc/pki/tls/schemecloud.co.uk.key" SSLCACertificateFile "/etc/pki/tls/rapidssl.crt" ErrorLog "/var/www/error_ssl_log" <Directory /var/www/html> AllowOverride All </Directory> DocumentRoot /var/www/html/ ServerName schemecloud.co.uk </VirtualHost>

Read the article
SSL Certificate Expiry: Does the expiry time make any difference at all?

- by CYMR0

I need to know when an SSL certificate actually expires. Does it just look at the expiry date, or does it also take into account the expiry time? Let's say a certificate expired on 1/1/2013 at 11am. Does that certificate expire at 11:01am or is it only the following day that the certificate expires? I have been told both are true. Hope that makes sense! Our suppliers messed up and let our certificate expire, and I'm trying to figure out how much compensation we're owed. I found this question Details on exact expiration datetime of an SSL certificate? but it didn't quite answer what I need (and I didn't like to revive a dead question).

Read the article
Installing the Apple Root Certificate Authority on CentOS CLI

- by Daniel Hollands

I could be barking up the wrong tree here, but I'm looking for help on installing Apple's Root certificate (http://www.apple.com/certificateauthority/) on a CentOS server via the command line - which I need to send messages to their APNS system. The code I'm using for this purpose is a variation on this: https://github.com/jPaolantonio/SimplePush/blob/master/simplepush.php - which works perfectly well on a Windows server, but as soon as we try to use it on a CentOS one, it falls over. We're lead to believe this has something to do with not having the CA installed on our CentOS box - but all efforts to do so have failed. As the CentOS server is headless, we need the ability to do this via the commandline. Can someone help?

Read the article
Reverse proxy with SSL and IP passthrough?

- by Paul

Turns out that the IP of a much-needed new website is blocked from inside our organization's network for reasons that will take weeks to fix. In the meantime, could we set up a reverse proxy on an Internet-based server which will forward SSL traffic and perhaps client IPs to the external site? Load will be light. No need to terminate SSL on the proxy. We may be able to poison DNS so original URL can work. How do I learn if I need URL rewriting? Squid/apache/nginx/something else? Setup would be fastest on Win 2000, but other OSes are OK if that would help. Simple and quick are good since it's a temporary solution. Thanks for your thoughts!

Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35 | Next Page >