Search Results

Search found 8613 results on 345 pages for 'ssl keys'.

Page 35/345 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

• Using makecert for Development SSL

  - by John

  Here's my situation: I'm trying to create a SSL certificate that will be installed on all developer's machine's, along with two internal servers (everything is non-production). What do I need to do to create a certificate that can be installed in all of these places? Right now I've got something along these lines, using the makecert application in Microsoft Visual Studio 8\SDK\v2.0\Bin: makecert -r -pe -n "CN=MySite.com Dev" -b 01/01/2000 -e 01/01/2033 -eku 1.3.6.1.5.5.7.3.1 -ss Root -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 mycert.cer However, I'm not sure as to how to place this .cer file on the other computers, and when I install it on my local machine IIS, everytime I visit a page via https:, I get the security prompt (even after I've installed the certificate). Has anyone done this before?

  Read the article

• telling java to accept self-signed ssl certificate

  - by Nikita Rybak

  It looks like a standard question, but I couldn't find clear directions anywhere. I have java code trying to connect server with probably self-signed (or expired) certificate. It gives something like this [HttpMethodDirector] I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target As I understand, I have to play around with keytool and tell java that it's ok to allow this connection. But all comments I've found assume I'm fully proficient with keytool, like "generate private key for server and import it into keystore". And I'm not. Is there anybody who could post detailed instructions? I'm running unix, so bash script would be best. Not sure if it's important, but code executed in jboss. Thanks a lot!

  Read the article

• How to apply a free third party CA and set up Tomcat SSL with it

  - by lenny

  These days I tried to apply a free third pary CA ( www.cacert.org & www.freeca.cn ) and then set up Tomcat SSL with the CA. My purpose is to eliminate the "Certificate Error" page when accessing https://... from a client browser. But it's a little hard for me to get around it. My steps to apply a free CA, from www.freeca.cn I used keytool to generate a cer file with command: keytool -genkey ... // Generate a key keytool -certreq ... // Generate a cert file and then I got some code from the cert file, and paste onto www.freeca.cn to generate a cer file. Then I imported the cer file keytool -import -alias abc -file MyABC.cer -keystore mykeystorefile.store And then I set up the mykeystorefile.store into tomcat /conf/server.xml, but it didn't work, sill pop "Certificate Error" page when trying to access https://.... Can someone help me? Thanks

  Read the article

• Error while importing SSL into jboss 4.2 ?

  - by worldpython

  I've tried to setup .keystore on Jboss 4.2. due to this documentation from jboss community http://community.jboss.org/wiki/sslsetup but Jboss console generate this error LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.FileNotFoundException: C:\Documents and Settings\mebada\.keystore (The system cannot find the file specified) even I specify location of keystore in server.xml <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector" address="${jboss.bind.address}" port = "8443" protocol="HTTP/1.1" SSLEnabled="true" scheme = "https" secure = "true"> <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory" keystoreFile="D:/Projects/Demo/jboss-4.2.3.GA/jboss-4.2.3.GA/server/default/conf/server.keystore" keystorePass="tc-ssl" protocol = "TLS"></Factory> Any Help ? Thanks in advance

  Read the article

• How to change Arrow Keys Behavior?

  - by SO give me back my rep

  Hi, I am doing a cool menu (sorta XMB) to give a fresh touch to my app... I add all of the elements on the menu programatically via DB. the menu is designed for easy use with arrows keys but I have encountered a major problem!!! by default when I press the arrow keys they only change the focus based on the tabindex and what I need is to change focus based on position of the controls not on their tabindex hope it is clear... see pic!!! so, Is there any way to do this?

  Read the article

• mysql connector/net ssl shutsdown the server

  - by Simon

  Hello, when I try to connect my server throw connector/net using ssl with pfx certificate I had problem with establishing the connection. I get connection timeout. And the server probably fall down (I dont know it for sure, becouse I dont manage the server). On the Windows XP works all right, but on Windows 7 dont. Please, where is problem? In Windows 7 or on the server (mysql 5.0)? Sometimes I get "Calling interface SSPI Failed" error, but not everytime. Sometimes is only connection timeout error. Thank you a lot for any help. Regards, simon

  Read the article

• Amazon S3 - HTTPS/SSL - Is it possible?

  - by Kerry

  I saw a few other questions regarding this without any real answers or information (or so it appeared). I have an image here: http://furniture.retailcatalog.us/products/2061/6262u9665.jpg Which is redirecting to: http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg I need it to be: https://furniture.retailcatalog.us/products/2061/6262u9665.jpg So I installed a wildcard ssl on retailatalog.us (we have other subdomains), but it wasn't working. I went to check https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg And it wasn't working. How do I make this work?

  Read the article

• Chrome SSL Security Issue under Windows systems?

  - by fraido

  The Fortify.net website allows you to check what SSL Encryption key is used by your browser. I gave it a try with the browsers I've on my machine and these are the results Fedora 9 Firefox 3.0.8 = AES cipher, 256-bit key Chrome 4.0.249.30 = AES cipher, 256-bit key Windows XP SP3 IE 6.0.2x = RC4 cipher, 128-bit key Firefox = AES cipher, 256-bit key Chrome 4.1.249.1042 (42199) = RC4 cipher, 128-bit key .... WHAT!!?!! Chrome is using RC4 128-bit (as IE6 does) that is well known as been very weak! Chrome under Unix works fine... I'm wondering how is this possible? Do you have this issue or is there a way to change the default key to be AES 256bit? I'm using Chrome as the main browser under Windows and I'm really considering to switch back to Firefox

  Read the article

• PostgreSQL: How to index all foreign keys?

  - by biggusjimmus

  I am working with a large PostgreSQL database, and I are trying to tune it to get more performance. Our queries and updates seem to be doing a lot of lookups using foreign keys. What I would like is a relatively simple way to add Indexes to all of our foreign keys without having to go through every table (~140) and doing it manually. In researching this, I've come to find that there is no way to have Postgres do this for you automatically (like MySQL does), but I would be happy to hear otherwise there, too.

  Read the article

• SSL Certificated Validity

  - by Haluk

  Hi, I'm using an SSL certificate from geotrust. I just ordered and installed it this weekend. However when I try to access my website using https, firefox (and the other browsers as well) the browser warns that the certificate expired a few days ago. I guess there could be two reasons: I made a mistake during the installation of the certificate Geotrust did not sign the certificate properly. First I want to rule out the second reason considering my browser tells me the certificate expired a few days ago. This does not make sense at all. Is there a way to extract the expiration date from the certificate? Thanks!

  Read the article

• Storing API keys in Android, is obfustication enough?

  - by fredley

  I'm using the Dropbox API. In the sample app, it includes these lines: // Replace this with your consumer key and secret assigned by Dropbox. // Note that this is a really insecure way to do this, and you shouldn't // ship code which contains your key & secret in such an obvious way. // Obfuscation is good. final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE"; final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE"; I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?

  Read the article

• .htaccess url rewrite with ssl redirection

  - by Stuart McAlpine

  I'm having trouble combining a url query parameter rewrite (fancy-url) with a .htaccess ssl redirection. My .htaccess file is currently: Options +FollowSymLinks Options -Indexes ServerSignature Off RewriteEngine on RewriteBase / # in https: process secure.html in https RewriteCond %{server_port} =443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] # in https: force all other pages to http RewriteCond %{server_port} =443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ http://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: force secure.html to https RewriteCond %{server_port} !=443 RewriteCond $1 ^secure$ [NC] RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] # in http: process other pages as http RewriteCond %{server_port} !=443 RewriteCond $1 !^secure$ [NC] RewriteRule ^(.+).html$ index.php?page=$1 [QSA,L] The fancy-url rewriting is working fine but the redirection to/from https isn't working at all. If I replace the 2 lines containing RewriteRule ^(.+).html$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,N] with RewriteRule ^(.+).html$ https://%{HTTP_HOST}/index.php?page=$1 [QSA,L] then the https redirection works fine but the fancy-url rewriting doesn't work. Is it possible to combine these two?

  Read the article

• Communication between web applications, 1 SSL certificate, other has none

  - by Rickjaah

  This the situation: I have one webservice without SSL, which provides two pages for the other web application. When the user submits these pages, an XML file with private information is sent to the webservice. How can I provide the necessary privacy protection on the XML file? Is the one certificate good enough to give the appropriate security? I'm not sure about this one, and am in the preparation phase of a project... So need to know the involved work on this part...

  Read the article

• Run jsp in eclipse on specific port and ssl

  - by zealot452

  Hello, I have used Eclipse 3.4 to create a Dynamic Web Project. I have also configured my server to use port 8443 with ssl. If I start my server I can access my test.jsp by going to it's address https://localhost:8443/TestContext/test.jsp In eclipse, I have installed this server and added my project to the server. If I Run test.jsp it always launches as http://localhost:8080/TestContext/test.jsp My question is: How can I set up eclipse to run this on https://localhost:8443/ rather than the default 8080? Thanks in advance.

  Read the article

• Does stunnel prevent non ssl traffic to "the" specified port?

  - by user432024

  So say I have an arbitrary tcp port 12345 and it's non ssl and I want to put stunnel to secure traffic to it. When stunnel is in front of it does it mean that this port is now tls/ssl only? Or can you still connect to it unencrypted? Basically I want to make sure that this port can only be accessed through ssl/tls and stunel and no other way. Clarification I want to make sure only stunnel port is open. Which is answered in the comments that the unsecured port should be fire-walled but preferably bound to localhost.

  Read the article

• Is the decision to use SNI or IP based SSL made during cert purchase or cert installation?

  - by Neil Thompson

  It's time to renew an SSL cert - but the website will soon be moving from a dedicated machine with a fixed IP to a cloud based host behind a load balancer. When I renew or re-purchase my ssl cert do I make the decision about whether it should be an SNI / IP based SSL Cert at the point of purchase - or is a cert a cert and it's all about where and how it's installed? I'm hoping the renewed cert can continue to be IP based for now, and in a few months when the website (and it's domain ofc) moves to the cloud I can re-use the cert in 'SNI mode'

  Read the article

• Windows/global setting to allow only SSL when on public Wifi?

  - by hungry

  Rather than going through each of my apps and modifying settings, or tweaking individual browser settings (I use three different browsers) or just being careful not to type non-SSL URLs into the web address bar, is there a solution at the Windows level that will prevent anything from connecting to the web from my laptop unless it's using SSL? I also have mini apps installed like Gmail checker, etc that connect to the web of their own volition using my usernames, passwords and such, so it goes beyond just web browsers. The reason I'm asking is I want to work securely on the general Internet when on public Wifi (e.g. coffee shops) without a lot of hassle or having to remember everything that needs to be locked down. When I'm back home I want to go back to full access mode using any kind of protocol on the web. If a website doesn't support SSL when I'm out in public then I just don't surf it - that's not a worry to me.

  Read the article

• How to configure Apache to act as an SSL proxy to an application server?

  - by ripper234

  I have one physical server that runs: an Apache (httpd) server another web server (let's say Tomcat for sake of argument) on port 1234 Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL? What I imagine is: Traffic to http://myserevr.com/app is redirected to https://myserver.com/app Traffic to https://myserver.com/app is proxied to the application server. My SSL certificate is only installed on the Apache server, not on the Application server Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server What's the best setup to achieve this? (On Ubuntu, if that matters)

  Read the article

• Connecting to a Websphere MQ in Java with SSL/Keystore

  - by javaExpert

  I'd like to connect to a Websphere 6.0 MQ via Java. I have already working code for a "normal" queue, but now I need to access a new queue which is SSL encrypted (keystore). I have been sent a file called something.jks, which I assume is a certificate I need to store somewhere. I have been searching the net, but I can't find the right information. This is the code I use for the "normal" queue. I assume I need to set some property, but not sure which one. MQQueueConnectionFactory connectionFactory = new MQQueueConnectionFactory(); connectionFactory.setChannel(channel_); connectionFactory.setHostName(hostname_); connectionFactory.setPort(port_); connectionFactory.setQueueManager(queueManager_); connectionFactory.setTransportType(1); connectionFactory.setSSsetSSLCertStores(arg0) Connection connection = connectionFactory.createConnection(); connection.setExceptionListener(this); session_ = connection.createSession(DEFAULT_TRANSACTED, DEFAULT_ACKMODE); connection.start(); javax.jms.Queue fQueue = session_.createQueue(queue_); consumer = session_.createConsumer(fQueue);

  Read the article

• Trouble understanding SSL certificate chain verification

  - by Josh K

  My app uses SSL to communicate securely with a server and it's having trouble verifying the certificate chain. The chain looks like this: Entrust.net Secure Server Certification Authority - DigiCert Global CA - *.ourdomain.com We are using a certificate store pulled from Mozilla. It contains the Entrust.net certificate, but not the DigiCert Global CA one. My understanding is that an intermediate authority doesn't have to be trusted as long as the root authority is, but the verification fails: % openssl verify -CAfile mozilla-root-certs.crt ourdomain.com.crt error 20 at 0 depth lookup:unable to get local issuer certificate So do I need to explicitly trust the DigiCert Global CA in order for verification to pass? That seems wrong. But you tell me! EDIT: I now understand that the certificate file needs to be available to OpenSSL up front. Something like this works: % openssl verify -CAfile mozilla-root-certs.crt -untrusted digicert.crt ourdomain.com.crt ourdomain.com.crt: OK This allows me to provide a copy of the DigiCert CA without explicitly saying "I trust it", the whole chain still needs to be verified. But surely browsers like Firefox won't always ship with a copy of every single certificate it'll ever need. There's always going to be new CAs and the point is to use the security of the root certificate to make sure all intermediate CAs are valid. Right? So how does this work? Is it really as silly as it looks?

  Read the article

• Broken ssl, what to do

  - by TIT

  I have a site and i implemented ssl there. but when i browse it, the security seals dont come. i asked to godaddy, they replaid: Thank you for contacting online support. I cannot replicate the issue you have described. The error you described is caused by the way your site has been designed. If you receive this error, you have a combination of secure and non-secure objects on the page. For example, if your secure website was https://www.domain.tld and you added an object (an image, script, flash file, etc.) to that page that was located at http://www.domain.tld/image.jpg, you would break the seal. You will need to change your design to link to objects using https (ie https://www.domain.tld/image.jpg) or modify your site design to use relative paths (/image.jpg). This error can only be corrected by modifying your site design. Please contact your web designer or the manufacturer of your web design software if you require additional assistance modifying your site design. but the problem is i made everything,all my images javascripts are unders https, but the seal still not coming, saying: some content insecure. what is the problem.

  Read the article

• WebRequest using SSL

  - by pm_2

  I have the following code to retrieve a file using FTP (which works fine). FtpWebRequest request = (FtpWebRequest)WebRequest.Create(svrPath); request.KeepAlive = true; request.UsePassive = true; request.UseBinary = true; request.Method = WebRequestMethods.Ftp.DownloadFile; request.Credentials = new NetworkCredential(uname, passw); using (FtpWebResponse response = (FtpWebResponse)request.GetResponse()) using (Stream responseStream = response.GetResponseStream()) using (StreamReader reader = new StreamReader(responseStream)) using (StreamWriter destination = new StreamWriter(destinationFile)) { destination.Write(reader.ReadToEnd()); destination.Flush(); } However, when I try to do this using SSL, I am unable to access the file, as follows: FtpWebRequest request = (FtpWebRequest)WebRequest.Create(svrPath); request.KeepAlive = true; request.UsePassive = true; request.UseBinary = true; // The following line causes the download to fail request.EnableSsl = true; request.Method = WebRequestMethods.Ftp.DownloadFile; request.Credentials = new NetworkCredential(uname, passw); using (FtpWebResponse response = (FtpWebResponse)request.GetResponse()) using (Stream responseStream = response.GetResponseStream()) using (StreamReader reader = new StreamReader(responseStream)) using (StreamWriter destination = new StreamWriter(destinationFile)) { destination.Write(reader.ReadToEnd()); destination.Flush(); } Can anyone tell me why the latter would not work?

  Read the article

• SSL signed certificates for internal use

  - by rogueprocess

  I have a distributed application consisting of many components that communicate over TCP (for examle JMS) and HTTP. All components run on internal hardware, with internal IP addresses, and are not accessible to the public. I want to make the communication secure using SSL. Does it make sense to purchase signed certificates from a well-known certificate authority? Or should I just use self-signed certs? My understanding of the advantage of trusted certs is that the authority is an entity that can be trusted by the general public - but that is only an issue when the general public needs to be sure that the entity at a particular domain is who they say they are. Therefore, in my case, where the same organization is responsible for the components at both ends of the communication, and everything in between, a publicly trusted authority would be pointless. In other words, if I generate and sign a certificate for my own server, I know that it's trustworthy. And no one from outside the organization will ever be asked to trust this certificate. That is my reasoning - am I correct, or is there some potential advantage to using certs from a known authority?

  Read the article

• HTTP Handler error when downloading files - SSL

  - by Chiefy

  Ok big problem as this is affecting two projects on our new server. We have a file that is downloaded by users, the files are downloaded using a HTTPHandler. Since moving the site to the server and setting SSL the downloads have stopped working and we get an error message "Unable to download DownloadDocument.ashx" from site". DownloadDocument.ashx is the handler page that is set in the web.config and the button that goes there is a hyperlink with the id of the document as a querystring. Ive read the article on http://support.microsoft.com/kb/316431 and read a few other requests on this site but nothing seems to be working. This problem only happens in IE and works fine when I run it on the server in http instead of https. public override void HandleRequest(HttpContext context) { Guid guid = new Guid(context.Request.QueryString["ID"]); DataTable dt = Documents.GetDocument(guid); if (dt != null) { context.Response.Cache.SetCacheability(HttpCacheability.Private); context.Response.AddHeader("content-disposition", string.Format("attachment; filename={0}", dt.Rows[0]["DocumentName"].ToString())); context.Response.AddHeader("Content-Transfer-Encoding", "binary"); context.Response.AddHeader("Content-Length", ((byte[])dt.Rows[0]["Document"]).Length.ToString()); context.Response.ContentType = string.Format("application/{0}", dt.Rows[0]["Extension"].ToString().Remove(0, 1)); context.Response.Buffer = true; context.Response.BinaryWrite((byte[])dt.Rows[0]["Document"]); context.Response.Flush(); context.Response.End(); } } The above is my current code for the request. Ive used the base handler on http://haacked.com/archive/2005/03/17/AnAbstractBoilerplateHttpHandler.aspx. Any ideas on what this might be and how we can fix it. Thanks in advance for all responses.

  Read the article

• Test if Java trusts an SSL certificate

  - by Eric R. Rath

  My java web application uses the standard mail libraries to establish an IMAPS connection to a mail server under my control. The mail server used a valid SSL cert issued by a CA. When the cert expired, I renewed it from the same CA, and put the cert into use. But my web application wouldn't trust the new cert. We had never explicitly trusted the old cert, or managed any trust stores. I talked with someone from the CA, and we tracked it down to a difference in the intermediate certs between the old and new cert. The old one used multiple intermediates, including one tied to a root that must've been trusted by default by our version of Java. The new cert used only one intermediate cert, and it was tied to a root missing from our Java version's default trusted cert store. When we renew this cert again in the future, is there an easy way, given a new crt and intermediate crt file, test if Java will consider that cert valid? I didn't see anything in keytool that looked promising. A code solution is okay, but I'd prefer one based on the Java command-line tools.

  Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >