Search Results

Search found 3358 results on 135 pages for 'ssl'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 38/135 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Is there a way of using HTTPS with Amazon's CloudFront CDN and CNAMEs?

    - by Metalshark
    We use Amazon's CloudFront CDN with custom CNAMEs hanging under the main domain (static1.example.com). Although we can break this uniform appearance and use the original whatever123wigglyw00.cloudfront.net URLs to utilise HTTPS, is there another way? Do Amazon or any other similar provider offer HTTPS CDN hosting? Is TLS and its selective encryption available for use somewhere (SNI: Server Name Indication)? Foot note: assuming that the answer is no, but just in the hope someone knows. EDIT: Now using Google App Engine https://developers.google.com/appengine/docs/ssl for CDN hosting with SSL support.

    Read the article

  • nut (UPS) and SSL certificates

    - by Mausy5043
    Today I installed nut on my Ubuntu server (14.03). $ uname -a Linux boson 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux The UPS is connected to another server (called neutron), so I use nut-client to keep tabs on the UPS state. When I do sudo upsc [email protected] I get: Init SSL without certificate database battery.charge: 15 battery.charge.low: 10 battery.charge.warning: 50 battery.date: not set battery.mfr.date: 2012/11/27 : The first line of the output concerns me. I've not seen this on other installations of nut on Debian-based servers. What can I do to get rid of that line? EDIT: This "Init SSL without certificate database" is extra annoying because it is not part of the output of upsc and therefore I cannot grep it out.

    Read the article

  • IIS 7.5 FTPS external access - 534 Policy requires SSL

    - by markmnl
    I have setup a FTP site that requires SSL but when I try connect to it externally I get the error: 220 Microsoft FTP Service 534 Policy requires SSL. I know - I set it so! Why doesnt it fetch the SSL cert from the site and allow me to logon?! (Incidentally beware of all the tutorials that Allow but do not Require SSL - while that will solve the problem it will be because SSL is not being used!). I suspect it may be I need a client that supports FTPS (FTP over SSL) and Windows explorer just uses IE which does not. But trying FileZilla and WinSCP I get a little further but then it hangs on TLS/SSL negotiation expecting a response from the server.... UPDATE: I have tried (from: http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/): Configure the Passive Port Range for the FTP Service. Configure the external IPv4 Address for a Specific FTP Site. Configure the firewall to allow the FTP service to listen on all ports that it opens. Disabling stateful FTP filtering so that Windows Firewall will not block FTP traffic. And still I get (in FileZilla trying both Active and Passive): Status: Connecting to 203.x.x.x:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Error: Connection timed out Error: Could not connect to server The Windows firewall logs unhelpfully have nothing to say.. UPDATE2: Turning the firewall off does not resolve the problem. I cannot believe how difficult it is to get something so simple to work and even once following the documentation it does not work. UPDATE3: Running FileZilla locally connecting through the loopback works in Active mode, in Passive mode I get up to: Command: LIST Response: 150 Opening BINARY mode data connection. Error: GnuTLS error -53: Error in the push function. Turning the firewall off at both ends I can still not connect the client and get the same error as above.

    Read the article

  • Why can't I get my Azure, WCF, REST, SSL project working? What am I doing wrong?

    - by Mark E
    I'm trying to get SSL, WCF and REST under Azure, but the page won't even load. Here are the steps I followed: 1) I mapped the www.mydomain.com CNAME to my azuresite.cloudapp.net 2) I procured an SSL certificate for www.mydomain.com and properly installed it at my azuresite.cloudapp.net hosted service project 3) I deployed my WCF REST service to Azure and started it. Below is my web.config configuration. The http (non-https) binding version worked correctly. My service URL, http: //www.mydomain .com/service.svc/sessions worked just fine. When I deployed the project with the web.config below, enabling SSL, https: //www.mydomain .com/service.svc/sessions does not even pull up at all. What am I doing wrong? <system.serviceModel> <services> <service name="Service"> <!-- non-https worked just fine --> <!-- <endpoint address="" binding="webHttpBinding" contract="IService" behaviorConfiguration="RestFriendly"> </endpoint> --> <!-- This does not work, what am I doing wrong? --> <endpoint address="" binding="webHttpBinding" bindingConfiguration="TransportSecurity" contract="IService" behaviorConfiguration="RestFriendly"> </endpoint> </service> </services> <behaviors> <endpointBehaviors> <behavior name="RestFriendly"> <webHttp></webHttp> </behavior> </endpointBehaviors> </behaviors> <bindings> <webHttpBinding> <binding name="TransportSecurity"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </webHttpBinding> </bindings> </system.serviceModel>

    Read the article

  • How does "Require SSL" affect ASP.NET MVC application lifecycle?

    - by Ragesh
    I have an application that taps into BeginRequest and EndRequest to set up and tear down NHibernate sessions like this: BeginRequest += delegate { CurrentSessionContext.Bind(SessionFactory.OpenSession()); }; EndRequest += delegate { var session = CurrentSessionContext.Unbind(SessionFactory); session.Dispose(); Container.Release(session); }; This works fine when deployed in IIS, until I check the "Require SSL" box. Once I do this, I get a NullReferenceException at session.Dispose(). I haven't debugged this yet and, yes, the fix is trivial, but I'm just curious about how "Require SSL" affects the lifecycle of a request. Is a session not set up on the server in these cases?

    Read the article

  • phpmyadmin login redirect fails with custom ssl port

    - by baraboom
    The server is running Ubuntu 10.10, Apache 2.2.16, PHP 5.3.3-1ubuntu9.3, phpMyAdmin 3.3.7deb5build0.10.10.1. Since this same server is also running Zimbra on port 443, I've configured apache to serve SSL on port 81. So far, I have one CMS script running on this virtual host successfully. However, when I access /phpmyadmin (set up with the default alias) on my custom ssl port and submit the login form, I am redirected to http://vhost.domain.com:81/index.php?TOKEN=foo (note the http:// instead of the https:// that the login url was using). This generates an Error 400 Bad Request complaining about "speaking plain HTTP to an SSL-enabled server port." I can then manually change the http:// to https:// in the URL and use phpmyadmin as expected. I was annoyed enough to spend an hour trying to fix it and now even more annoyed that I cannot figure it out. I've tried various things, including: Adding $cfg['PmaAbsoluteUri'] = 'https://vhost.domain.com:81/phpmyadmin/'; to the /usr/share/phpmyadmin/config.inc.php file but this did not correct the problem (even though /usr/share/phpmyadmin/libraries/auth/cookie.auth.lib.php looks like it should honor it and use it as the redirect). Adding $cfg['ForceSSL'] = 1; to the same config.inc.php but then apache spirals into an infinite redirect. Adding a rewrite rule to the vhost-ssl conf file in apache but I was unable to figure out the condition to use when http:// was present along with the correct ssl port of :81. Lots of googling. Here are the relevant Apache configuration pieces: /etc/apache2/ports.conf <IfModule mod_ssl.c> NameVirtualHost *:81 Listen 81 </IfModule> /etc/apache2/sites-enabled/vhost-nonssl <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName vhost.domain.com DocumentRoot /home/xxx/sites/vhost/html RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}:81%{REQUEST_URI} </Virtualhost> /etc/apache2/sites-enabled/vhost-ssl <VirtualHost *:81> ServerAdmin webmaster@localhost ServerName vhost.domain.com DocumentRoot /home/xxx/sites/vhost/html <Directory /> Options FollowSymLinks AllowOverride None AuthType Basic AuthName "Restricted Vhost" AuthUserFile /home/xxx/sites/vhost/.users Require valid-user </Directory> <Directory /home/xxx/sites/vhost/html/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> /etc/apache2/conf.d/phpmyadmin.conf Alias /phpmyadmin /usr/share/phpmyadmin (The rest of the default .conf truncated.) Everything in the apache config seems to work ok - the rewrite from non-ssl to ssl, the http authentication, the problem only happens when I am submitting the login form for phpmyadmin from https://vhost.domain.com:81/index.php. Other configs: The phpmyadmin config is completely default and the php.ini has only had some minor changes to memory and timeout limits. These seem to work fine, as mentioned, another php script runs with no problem and phpmyadmin works great once I manually enter in the correct schema after login. I'm looking for either a bandaid I can add to save me the trouble of manually entering in the https:// after login, a real fix that will make phpmyadmin behave as I think it should or some greater understanding of why my desired config is not possible.

    Read the article

  • How to add a Web Reference to a SSL web service?

    - by Matt W
    Hi, I have a web service in a C#/3.5 project which has been running fine. This is until I set the "SSL port" in IIS to 443 and set the "IIS - Directory Security - Secure Communications - Require secure channel (SSL)" option to true. Now, the web reference cannot be updated and I cannot add a new web reference to the web service in that site. When I try to view the service in a browse using just HTTP I get the "This page must be viewed over a secure channel" and when viewed with HTTPS on the front I get "This web page not available." Could someone tell me how to get a Web Reference added using Visual Studio to this secure web service, please? Thanks, Matt.

    Read the article

  • Serving files over HTTPS dynamically based on request.ssl? with Attachment_fu

    - by Marston A.
    I see there is a :user_ssl option in attachment_fu which checks the amazon_s3.yml file in order to serve files via https:// In the s3_backend.rb you have this method: def self.protocol @protocol ||= s3_config[:use_ssl] ? 'https://' : 'http://' end But this then makes it serve ALL s3 attachments with SSL. I'd like to make it dynamic depending if the current request was made with https:// i.e: if request.ssl? @protocol = "https://" else @protocol = "http://" end How can I make it work in this way? I've tried modifying the method and then get the NameError: undefined local variable or method `request' for Technoweenie::AttachmentFu::Backends::S3Backend:Module error

    Read the article

  • Will client JVM for a web service(https) throw an SSL Exception when the server is having a valid ce

    - by ring bearer
    I have a web service deployed on tomcat hosted on a remote server. I have set it up such that it can be accessed only via HTTPS. For this, I generated a Certificate Signing Request (CSR) and used it to get a temporary certificate from VeriSign. My web service client is on my local machine. If I try to access the service it will throw a javax.net.ssl.SSLHandshakeException:unable to find valid certification path to requested target If I install the certificate in to local Java's keystore, the issue will be resolved. My question is if I install a valid SSL certificate from a CA in to my tomcat server, will I get this client-side error even if I do not import the certificate to local key store?

    Read the article

  • ScriptAlias makes requests match too many Location blocks. What is going on?

    - by brain99
    We wish to restrict access on our development server to those users who have a valid SSL Client certificate. We are running Apache 2.2.16 on Debian 6. However, for some sections (mainly git-http, setup with gitolite on https://my.server/git/) we need an exception since many git clients don't support SSL client certificates. I have succeeded in requiring client cert authentication for the server, and in adding exceptions for some locations. However, it seems this does not work for git. The current setup is as follows: SSLCACertificateFile ssl-certs/client-ca-certs.crt <Location /> SSLVerifyClient require SSLVerifyDepth 2 </Location> # this works <Location /foo> SSLVerifyClient none </Location> # this does not <Location /git> SSLVerifyClient none </Location> I have also tried an alternative solution, with the same results: # require authentication everywhere except /git and /foo <LocationMatch "^/(?!git|foo)"> SSLVerifyClient require SSLVerifyDepth 2 </LocationMatch> In both these cases, a user without client certificate can perfectly access my.server/foo/, but not my.server/git/ (access is refused because no valid client certificate is given). If I disable SSL client certificate authentication completely, my.server/git/ works ok. The ScriptAlias problem Gitolite is setup using the ScriptAlias directive. I have found that the problem occurs with any similar ScriptAlias: # Gitolite ScriptAlias /git/ /path/to/gitolite-shell/ ScriptAlias /gitmob/ /path/to/gitolite-shell/ # My test ScriptAlias /test/ /path/to/test/script/ Note that /path/to/test/script is a file, not a directory, the same goes for /path/to/gitolite-shell/ My test script simply prints out the environment, super simple: #!/usr/bin/perl print "Content-type:text/plain\n\n"; print "TEST\n"; @keys = sort(keys %ENV); foreach (@keys) { print "$_ => $ENV{$_}\n"; } It seems that if I go to https://my.server/test/someLocation, that any SSLVerifyClient directives are being applied which are in Location blocks that match /test/someLocation or just /someLocation. If I have the following config: <LocationMatch "^/f"> SSLVerifyClient require SSLVerifyDepth 2 </LocationMatch> Then, the following URL requires a client certificate: https://my.server/test/foo. However, the following URL does not: https://my.server/test/somethingElse/foo Note that this only seems to apply for SSL configuration. The following has no effect whatsoever on https://my.server/test/foo: <LocationMatch "^/f"> Order allow,deny Deny from all </LocationMatch> However, it does block access to https://my.server/foo. This presents a major problem for cases where I have some project running at https://my.server/project (which has to require SSL client certificate authorization), and there is a git repository for that project at https://my.server/git/project which cannot require a SSL client certificate. Since the /git/project URL also gets matched agains /project Location blocks, such a configuration seems impossible given my current findings. Question: Why is this happening, and how do I solve my problem? In the end, I want to require SSL Client certificate authorization for the whole server except for /git and /someLocation, with as minimal configuration as possible (so I don't have to modify the configuration each time something new is deployed or a new git repository is added). Note: I rewrote my question (instead of just adding more updates at the bottom) to take into account my new findings and hopefully make this more clear.

    Read the article

  • Visual Studio Publish using Web Deploy gives SSL Exception?

    - by user1267778
    Im trying to use Web Deploy with arvixe hosting. I enabled Publishing with the host but I get SSL exception when I hit publish. Is anybody familiar with the following exception: Error 59 Web deployment task failed.(Could not complete the request to remote agent URL 'https://yew.arvixe.com:8172/msdeploy.axd?site=mywebsite.com'.) Could not complete the request to remote agent URL 'https://yew.arvixe.com:8172/msdeploy.axd?site=mywebsite.com'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 0 0 myapplication_MVC4 Thanks

    Read the article

  • Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

    - by Damian Hickey
    Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

    Read the article

  • Sonicwall SSL VPN Login : I need help with a NetExtender initialization error.

    - by jacke672
    I receive the error message: "Server is busy now, please try it later!" after logging into our Sonicwall successfully and attempting to initialize NetExtender for the "virtual office" function. It was set up yesterday and I am able to log in without any issues, but I keep getting hung up on the installation and/or initialization of NetExtender. I have attempted to connect remotely on XP and 7 using both FireFox and IE. I am using a Sonicwall NSA-240 with load balancing active (1 ISP and 2 different connections)- I have tried turning off load balancing and disabling the secondary connection but still receive the same error. I've been in contact with SonicWall support but I haven't heard from them as of yet so I'm asking the Server Fault community in the meantime... Does anyone have any ideas as per what could be the issue? Thanks -Jack

    Read the article

  • How can I use VirtualDocumentRoot to serve the www subdomain with SSL enabled?

    - by mdgreenwald
    I am able to serve http://www.domain.com and http://domain.com. Also https://domain.com works fine too. But not https://www.domain.com for some reason this doesn't work. I even created a www.domain.com in my sites-availible folder and also enabled it. I reloaded the configuration and yet it still doesn't work. I have a wildcard certificate so that is NOT the problem. <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] ServerName *.domain.com:443 ServerAlias www.domain.com VirtualDocumentRoot /var/www/%0 Thanks for any help.

    Read the article

  • How do I enable mutual SSL in IIS7 with a self-signed certificate?

    - by Kant
    I've created a self-signed certificate in IIS7. Then I exported this certificate to a .pfx and then installed it on the client machine's IE browser. Then I set "Require Client Certificate" on the server's IIS configuration. When I try to visit the site with IE, a dialog box comes up for me to choose a certificate, however, there are no certs in that dialog box. When I click "OK" without choosing any certs, I get a 403 forbidden error. How can I make this work? Appreciate the help in advance.

    Read the article

  • How can I configure apache2 to use a non - exportable ssl certificate managed by windows?

    - by Samuel Rossille
    On Windows Server 2008 R2, my IT administrator has installed a certificate using the windows certificate management tool. The certificate is for *.thedomain.com. He set it up as not exportable for security reasons: I'm not suposed to be able to put my hands on the certificate. This configuration would allow me to use the certificate with microsoft products, but not to go away with the certificate. Q: It there a way to configure Apache 2 to use this certificate "the windows way"?

    Read the article

  • Apache VirtualHost, multiple sites. 1 ssl with redirect and 1 regular http

    - by pedalpete
    I've got a server with one site which I am redirecting to https via <VirtualHost *:80> DocumentRoot /var/www/html/secure ServerName secure.com Redirect / https://secure.com </VirtualHost> That works no problem. Now I'm trying to add another non-secure site <VirtualHost *:80> DocumentRoot /var/www/html/notsecure ServerName notsecure.com </VirtualHost> of course, because the redirect is on '/', all sites are getting redicted. I've tried changing the Redirect to the full document root, but no luck.

    Read the article

  • SunTlsRsaPremasterSecret KeyGenerator not available

    - by Jill
    Hi, I encountered an error when my application tries to load a RSA Algorithm provider class from JAVA. The exception stack is as follow: javax.jms.JMSException: RSA premaster secret error at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49) at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255) at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350) at org.apache.activemq.ActiveMQConnection.setClientID(ActiveMQConnection.java:388) at com.trendmicro.tmsm.TMSMAgent.open(TMSMAgent.java:63) Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:97) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:634) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115) at java.io.DataOutputStream.flush(DataOutputStream.java:106) at org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:167) at org.apache.activemq.transport.InactivityMonitor.oneway(InactivityMonitor.java:237) at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:168) at org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84) at org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74) at org.apache.activemq.transport.failover.FailoverTransport.doReconnect(FailoverTransport.java:715) at org.apache.activemq.transport.failover.FailoverTransport$2.iterate(FailoverTransport.java:115) at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122) at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:637) Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available at javax.crypto.KeyGenerator.<init>(DashoA13*..) at javax.crypto.KeyGenerator.getInstance(DashoA13*..) at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223) at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:89) ... 22 more I've googled the error message and most of posts says it's because JVM cannot find sunjce_provider.jar. However, I can find the file in /Library/Java/Home/lib/ext folder. The platform is Mac OS X 10.6 and Java version is 1.6.0_17. My questions are: Why JVM does not search /Library/Java/Home/lib/ext for jar files? Can we change CLASSPATH or java.ext.dirs property by modify any config file? Any suggestion to solve this problem? Thanks in advance.

    Read the article

  • Where to place web.xml outside WAR file for secure redirect?

    - by Silverhalide
    I am running Tomcat 7 and am deploying a bunch of applications delivered to me by a third party as WAR files. I'd like to force some of those apps to always use SSL. (All the "SSL" apps are in one service; other apps outside this discussion are in another service.) I've figured out how to use conf\web.xml to redirect apps from HTTP to HTTPS, but that applies to all applications hosted by Tomcat. I've also figured out how to put web.xml in an unpacked app's web-inf directory; that does the trick for that specific app, but runs the risk of being overwritten if our vendor gives us a new war file to deploy. I've also tried placing the web.xml file in various places under conf\service\host, or under appbase, but none seem to work. Is it possible to redirect some apps to SSL without forcing all apps to redirect, or to put the web.xml file inside the extracted WAR file? Here's my server.xml: <Service name="secure"> <Connector port="80" connectionTimeout="20000" redirectPort="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css"/> <Connector port="443" URIEncoding="UTF-8" enableLookups="false" compression="on" protocol="org.apache.coyote.http11.Http11Protocol" compressableMimeType="text/html,text/xml,text/plain,text/javascript,application/json,text/css" scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS" keystoreFile="..." keystorePass="..." keystoreType="PKCS12" truststoreFile="..." truststorePass="..." truststoreType="JKS" clientAuth="false" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"/> <Engine name="secure" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> </Host> </Engine> </Service> <Service name="mutual-secure"> ... </Service> The content of the web.xml files I'm playing with is: <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="true"> <security-constraint> <web-resource-collection> <web-resource-name>All applications</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <description>Redirect all requests to HTTPS</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> (For conf\web.xml the security-constraint is added just before the end of the existing file, rather than create a new file.) My webapps directory (currently) contains only the WAR files.

    Read the article

  • Windows Azure Root CAs and SSL Client Certificates

    - by Your DisplayName here!
    I ran into some problems while trying to make SSL client certificates work for StarterSTS 1.5. In theory you have to do two things (via startup tasks): Unlock the SSL section in IIS Install all the root certificates for the client certs you want to accept I did that. But it still does not work. While inspecting the event log, I stumbled over an schannel error message that I’ve never seen before: “When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.” WTF? And indeed standard Azure (web role) VMs trust 275 root CAs (see attached list). Including kinda obscure ones. I don’t really know why MS made this design decision. It seems just wrong (including breaking the SSL client cert functionality). Deleting like 60% of them made SSL client certs from my CA work. So I guess I now have to find an automated way to attach CTLs to my site…joy. Exported list of trusted CA (as of 30th Dec 2010) AC Raíz Certicámara S.A. (4/2/2030 9:42:02 PM) AC RAIZ FNMT-RCM (1/1/2030 12:00:00 AM) A-CERT ADVANCED (10/23/2011 2:14:14 PM) Actalis Authentication CA G1 (6/25/2022 2:06:00 PM) Agence Nationale de Certification Electronique (8/12/2037 9:03:17 AM) Agence Nationale de Certification Electronique (8/12/2037 9:58:14 AM) Agencia Catalana de Certificacio (NIF Q-0801176-I) (1/7/2031 10:59:59 PM) America Online Root Certification Authority 1 (11/19/2037 8:43:00 PM) America Online Root Certification Authority 2 (9/29/2037 2:08:00 PM) ANCERT Certificados CGN (2/11/2024 5:27:12 PM) ANCERT Certificados Notariales (2/11/2024 3:58:26 PM) ANCERT Corporaciones de Derecho Publico (2/11/2024 5:22:45 PM) A-Trust-nQual-01 (11/30/2014 11:00:00 PM) A-Trust-nQual-03 (8/17/2015 10:00:00 PM) A-Trust-Qual-01 (11/30/2014 11:00:00 PM) A-Trust-Qual-02 (12/2/2014 11:00:00 PM) A-Trust-Qual-03a (4/24/2018 10:00:00 PM) Austria Telekom-Control Kommission (9/24/2005 12:40:00 PM) Austrian Society for Data Protection (2/12/2009 11:30:30 AM) Austrian Society for Data Protection GLOBALTRUST Certification Service (9/18/2036 2:12:35 PM) Autoridad Certificadora Raiz de la Secretaria de Economia (5/9/2025 12:00:00 AM) Autoridad de Certificacion de la Abogacia (6/13/2030 10:00:00 PM) Autoridad de Certificacion Firmaprofesional CIF A62634068 (10/24/2013 10:00:00 PM) Autoridade Certificadora Raiz Brasileira (11/30/2011 11:59:00 PM) Baltimore CyberTrust Root (5/12/2025 11:59:00 PM) BIT AdminCA-CD-T01 (1/25/2016 12:36:19 PM) BIT Admin-Root-CA (11/10/2021 7:51:07 AM) Buypass Class 2 CA 1 (10/13/2016 10:25:09 AM) Buypass Class 3 CA 1 (5/9/2015 2:13:03 PM) CA Disig (3/22/2016 1:39:34 AM) CertEurope (3/27/2037 11:00:00 PM) CERTICAMARA S.A. (2/23/2015 5:10:37 PM) Certicámara S.A. (5/23/2011 10:00:00 PM) Certigna (6/29/2027 3:13:05 PM) Certipost E-Trust Primary Normalised CA (7/26/2020 10:00:00 AM) Certipost E-Trust Primary Qualified CA (7/26/2020 10:00:00 AM) Certipost E-Trust Primary TOP Root CA (7/26/2025 10:00:00 AM) Certisign Autoridade Certificadora AC1S (6/27/2018 12:00:00 AM) Certisign Autoridade Certificadora AC2 (6/27/2018 12:00:00 AM) Certisign Autoridade Certificadora AC3S (7/9/2018 8:56:32 PM) Certisign Autoridade Certificadora AC4 (6/27/2018 12:00:00 AM) CertPlus Class 1 Primary CA (7/6/2020 11:59:59 PM) CertPlus Class 2 Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3 Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3P Primary CA (7/6/2019 11:59:59 PM) CertPlus Class 3TS Primary CA (7/6/2019 11:59:59 PM) CertRSA01 (3/3/2010 2:59:59 PM) certSIGN Root CA (7/4/2031 5:20:04 PM) Certum (6/11/2027 10:46:39 AM) Certum Trusted Network CA (12/31/2029 12:07:37 PM) Chambers of Commerce Root - 2008 (7/31/2038 12:29:50 PM) Chambersign Chambers of Commerce Root (9/30/2037 4:13:44 PM) Chambersign Global Root (9/30/2037 4:14:18 PM) Chambersign Public Notary Root (9/30/2037 4:14:49 PM) Chunghwa Telecom Co. Ltd. (12/20/2034 2:31:27 AM) Cisco Systems (5/14/2029 8:25:42 PM) CNNIC Root (4/16/2027 7:09:14 AM) Common Policy (10/15/2027 4:08:00 PM) COMODO (12/31/2028 11:59:59 PM) COMODO (1/18/2038 11:59:59 PM) COMODO (12/31/2029 11:59:59 PM) ComSign Advanced Security CA (3/24/2029 9:55:55 PM) ComSign CA (3/19/2029 3:02:18 PM) ComSign Secured CA (3/16/2029 3:04:56 PM) Correo Uruguayo - Root CA (12/31/2030 2:59:59 AM) Cybertrust Global Root (12/15/2021 8:00:00 AM) DanID (2/11/2037 9:09:30 AM) DanID (4/5/2021 5:03:17 PM) Deutsche Telekom Root CA 2 (7/9/2019 11:59:00 PM) DigiCert (11/10/2031 12:00:00 AM) DigiCert (11/10/2031 12:00:00 AM) DigiCert (11/10/2031 12:00:00 AM) DigiNotar Root CA (3/31/2025 6:19:21 PM) DIRECCION GENERAL DE LA POLICIA (2/8/2036 10:59:59 PM) DST (ABA.ECOM) CA (7/9/2009 5:33:53 PM) DST (ANX Network) CA (12/9/2018 4:16:48 PM) DST (Baltimore EZ) CA (7/3/2009 7:56:53 PM) DST (National Retail Federation) RootCA (12/8/2008 4:14:16 PM) DST (United Parcel Service) RootCA (12/7/2008 12:25:46 AM) DST ACES CA X6 (11/20/2017 9:19:58 PM) DST Root CA X3 (9/30/2021 2:01:15 PM) DST RootCA X1 (11/28/2008 6:18:55 PM) DST RootCA X2 (11/27/2008 10:46:16 PM) DSTCA E1 (12/10/2018 6:40:23 PM) DSTCA E2 (12/9/2018 7:47:26 PM) DST-Entrust GTI CA (12/9/2018 12:32:24 AM) D-TRUST GmbH (5/16/2022 5:20:47 AM) D-TRUST GmbH (6/8/2012 11:47:46 AM) D-TRUST GmbH (5/16/2022 5:20:47 AM) EBG Elektronik Sertifika Hizmet Saglayicisi (8/14/2016 12:31:09 AM) E-Certchile (9/5/2028 7:39:41 PM) Echoworx Root CA2 (10/7/2030 10:49:13 AM) ECRaizEstado (6/23/2030 1:41:27 PM) EDICOM (4/13/2028 4:24:22 PM) E-GÜVEN Elektronik Sertifika Hizmet Saglayicisi (1/4/2017 11:32:48 AM) E-ME SSI (RCA) (5/19/2027 8:48:15 AM) Entrust (11/27/2026 8:53:42 PM) Entrust (5/25/2019 4:39:40 PM) Entrust.net (12/7/2030 5:55:54 PM) Equifax Secure eBusiness CA-1 (6/21/2020 4:00:00 AM) Equifax Secure eBusiness CA-2 (6/23/2019 12:14:45 PM) Equifax Secure Global eBusiness CA-1 (6/21/2020 4:00:00 AM) eSign Australia: eSign Imperito Primary Root CA (5/23/2012 11:59:59 PM) eSign Australia: Gatekeeper Root CA (5/23/2014 11:59:59 PM) eSign Australia: Primary Utility Root CA (5/23/2012 11:59:59 PM) Fabrica Nacional de Moneda y Timbre (3/18/2019 3:26:19 PM) GeoTrust (8/22/2018 4:41:51 PM) GeoTrust (7/16/2036 11:59:59 PM) GeoTrust Global CA (5/21/2022 4:00:00 AM) GeoTrust Global CA 2 (3/4/2019 5:00:00 AM) GeoTrust Primary Certification Authority - G2 (1/18/2038 11:59:59 PM) GeoTrust Primary Certification Authority - G3 (12/1/2037 11:59:59 PM) GeoTrust Universal CA (3/4/2029 5:00:00 AM) GeoTrust Universal CA 2 (3/4/2029 5:00:00 AM) Global Chambersign Root - 2008 (7/31/2038 12:31:40 PM) GlobalSign (1/28/2028 12:00:00 PM) GlobalSign (12/15/2021 8:00:00 AM) Go Daddy Class 2 Certification Authority (6/29/2034 5:06:20 PM) GTE CyberTrust Global Root (8/13/2018 11:59:00 PM) GTE CyberTrust Root (4/3/2004 11:59:00 PM) GTE CyberTrust Root (2/23/2006 11:59:00 PM) Halcom CA FO (6/5/2020 10:33:31 AM) Halcom CA PO 2 (2/7/2019 6:33:31 PM) Hongkong Post Root CA (1/16/2010 11:59:00 PM) Hongkong Post Root CA 1 (5/15/2023 4:52:29 AM) I.CA První certifikacní autorita a.s. (4/1/2018 12:00:00 AM) I.CA První certifikacní autorita a.s. (4/1/2018 12:00:00 AM) InfoNotary (3/6/2026 5:33:05 PM) IPS SERVIDORES (12/29/2009 11:21:07 PM) IZENPE S.A. (1/30/2018 11:00:00 PM) Izenpe.com (12/13/2037 8:27:25 AM) Japan Certification Services, Inc. SecureSign RootCA1 (9/15/2020 2:59:59 PM) Japan Certification Services, Inc. SecureSign RootCA11 (4/8/2029 4:56:47 AM) Japan Certification Services, Inc. SecureSign RootCA2 (9/15/2020 2:59:59 PM) Japan Certification Services, Inc. SecureSign RootCA3 (9/15/2020 2:59:59 PM) Japan Local Government PKI Application CA (3/31/2016 2:59:59 PM) Japanese Government ApplicationCA (12/12/2017 3:00:00 PM) Juur-SK AS Sertifitseerimiskeskus (8/26/2016 2:23:01 PM) KamuSM (8/21/2017 11:37:07 AM) KISA RootCA 1 (8/24/2025 8:05:46 AM) KISA RootCA 3 (11/19/2014 6:39:51 AM) Macao Post eSignTrust (1/29/2013 11:59:59 PM) MicroSec e-Szigno Root CA (4/6/2017 12:28:44 PM) Microsoft Authenticode(tm) Root (12/31/1999 11:59:59 PM) Microsoft Root Authority (12/31/2020 7:00:00 AM) Microsoft Root Certificate Authority (5/9/2021 11:28:13 PM) Microsoft Timestamp Root (12/30/1999 11:59:59 PM) MOGAHA Govt of Korea (4/21/2012 9:07:23 AM) MOGAHA Govt of Korea GPKI (3/15/2017 6:00:04 AM) NetLock Arany (Class Gold) Fotanúsítvány (12/6/2028 3:08:21 PM) NetLock Expressz (Class C) Tanusitvanykiado (2/20/2019 2:08:11 PM) NetLock Kozjegyzoi (Class A) Tanusitvanykiado (2/19/2019 11:14:47 PM) NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado (12/15/2022 1:47:11 AM) NetLock Platina (Class Platinum) Fotanúsítvány (12/6/2028 3:12:44 PM) NetLock Uzleti (Class B) Tanusitvanykiado (2/20/2019 2:10:22 PM) Netrust CA1 (3/30/2021 2:57:45 AM) Network Solutions (12/31/2029 11:59:59 PM) NLB Nova Ljubljanska Banka d.d. Ljubljana (5/15/2023 12:22:45 PM) OISTE WISeKey Global Root GA CA (12/11/2037 4:09:51 PM) Post.Trust Root CA (7/5/2022 9:12:33 AM) Post.Trust Root CA (8/20/2010 1:56:21 PM) Posta CA Root (10/20/2028 12:52:08 PM) POSTarCA (2/7/2023 11:06:58 AM) QuoVadis Root CA 2 (11/24/2031 6:23:33 PM) QuoVadis Root CA 3 (11/24/2031 7:06:44 PM) QuoVadis Root Certification Authority (3/17/2021 6:33:33 PM) Root CA Generalitat Valenciana (7/1/2021 3:22:47 PM) RSA Security 2048 V3 (2/22/2026 8:39:23 PM) SECOM Trust Systems CO LTD (6/6/2037 2:12:32 AM) SECOM Trust Systems CO LTD (6/25/2019 10:23:48 PM) SECOM Trust Systems CO LTD (9/30/2023 4:20:49 AM) Secretaria de Economia Mexico (5/8/2025 12:00:00 AM) Secrétariat Général de la Défense Nationale (10/17/2020 2:29:22 PM) SecureNet CA Class B (10/16/2009 9:59:00 AM) Serasa Certificate Authority I (11/21/2024 2:12:45 PM) Serasa Certificate Authority II (11/21/2024 12:44:48 PM) Serasa Certificate Authority III (11/21/2024 1:24:14 PM) SERVICIOS DE CERTIFICACION - A.N.C. (3/9/2009 9:08:07 PM) Sigen-CA (6/29/2021 9:57:46 PM) Sigov-CA (1/10/2021 2:22:52 PM) Skaitmeninio sertifikavimo centras (12/28/2026 12:05:04 PM) Skaitmeninio sertifikavimo centras (12/25/2026 12:08:26 PM) Skaitmeninio sertifikavimo centras (12/22/2026 12:11:30 PM) Sonera Class1 CA (4/6/2021 10:49:13 AM) Sonera Class2 CA (4/6/2021 7:29:40 AM) Spanish Property & Commerce Registry CA (4/27/2012 9:39:50 AM) Staat der Nederlanden Root CA (12/16/2015 9:15:38 AM) Staat der Nederlanden Root CA - G2 (3/25/2020 11:03:10 AM) Starfield Class 2 Certification Authority (6/29/2034 5:39:16 PM) Starfield Technologies (6/26/2019 12:19:54 AM) Starfield Technologies Inc. (12/31/2029 11:59:59 PM) StartCom Certification Authority (9/17/2036 7:46:36 PM) S-TRUST Authentication and Encryption Root CA 2005:PN (6/21/2030 11:59:59 PM) Swisscom Root CA 1 (8/18/2025 10:06:20 PM) SwissSign (10/25/2036 8:30:35 AM) SwissSign Platinum G2 Root CA (10/25/2036 8:36:00 AM) SwissSign Silver G2 Root CA (10/25/2036 8:32:46 AM) TC TrustCenter Class 1 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 2 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 2 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Class 3 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 3 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Class 4 CA (1/1/2011 11:59:59 AM) TC TrustCenter Class 4 CA II (12/31/2025 10:59:59 PM) TC TrustCenter Time Stamping CA (1/1/2011 11:59:59 AM) TC TrustCenter Universal CA I (12/31/2025 10:59:59 PM) TC TrustCenter Universal CA II (12/31/2030 10:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (7/16/2036 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte (12/31/2020 11:59:59 PM) thawte Primary Root CA - G2 (1/18/2038 11:59:59 PM) thawte Primary Root CA - G3 (12/1/2037 11:59:59 PM) Thawte Timestamping CA (12/31/2020 11:59:59 PM) Trustis EVS Root CA (1/9/2027 11:56:00 AM) Trustis FPS Root CA (1/21/2024 11:36:54 AM) Trustwave (1/1/2035 5:37:19 AM) Trustwave (12/31/2029 7:40:55 PM) Trustwave (12/31/2029 7:52:06 PM) TURKTRUST Elektronik Islem Hizmetleri (9/16/2015 12:13:05 PM) TURKTRUST Elektronik Islem Hizmetleri (3/22/2015 10:04:51 AM) TURKTRUST Elektronik Sertifika Hizmet Saglayicisi (9/16/2015 10:07:57 AM) TURKTRUST Elektronik Sertifika Hizmet Saglayicisi (3/22/2015 10:27:17 AM) TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi (12/22/2017 6:37:19 PM) TW Government Root Certification Authority (12/5/2032 1:23:33 PM) TWCA Root Certification Authority 1 (12/31/2030 3:59:59 PM) TWCA Root Certification Authority 2 (12/31/2030 3:59:59 PM) U.S. Government FBCA (10/6/2010 6:53:56 PM) UCA Global Root (12/31/2037 12:00:00 AM) UCA Root (12/31/2029 12:00:00 AM) USERTrust (7/9/2019 6:40:36 PM) USERTrust (7/9/2019 5:36:58 PM) USERTrust (6/24/2019 7:06:30 PM) USERTrust (7/9/2019 6:19:22 PM) USERTrust (5/30/2020 10:48:38 AM) UTN - USERFirst-Network Applications (7/9/2019 6:57:49 PM) ValiCert Class 3 Policy Validation Authority (6/26/2019 12:22:33 AM) VAS Latvijas Pasts SSI(RCA) (9/13/2024 9:27:57 AM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (12/31/1999 9:37:48 AM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (1/7/2020 11:59:59 PM) VeriSign (12/31/1999 9:35:58 AM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (1/7/2010 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (1/7/2004 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (7/16/2036 11:59:59 PM) VeriSign (8/1/2028 11:59:59 PM) VeriSign (5/18/2018 11:59:59 PM) VeriSign Class 3 Public Primary CA (8/1/2028 11:59:59 PM) VeriSign Class 3 Public Primary Certification Authority - G4 (1/18/2038 11:59:59 PM) VeriSign Time Stamping CA (1/7/2004 11:59:59 PM) VeriSign Universal Root Certification Authority (12/1/2037 11:59:59 PM) Visa eCommerce Root (6/24/2022 12:16:12 AM) Visa Information Delivery Root CA (6/29/2025 5:42:42 PM) VRK Gov. Root CA (12/18/2023 1:51:08 PM) Wells Fargo Root Certificate Authority (1/14/2021 4:41:28 PM) WellsSecure Public Certificate Authority (12/14/2022 12:07:54 AM) Xcert EZ by DST (7/11/2009 4:14:18 PM)

    Read the article

  • How to install mod_ssl for Apache

    - by Nick Foote
    Ok So I installed Apache httpd a while ago and have recently come back to it to try setup SSL and get it serving several different tomcat servers. At the moment I have two completely separate tomcat instances serving up to slightly different versions (one for dev and one for demo say) my web app to two different ports; mydomain.com:8081 and mydomain.com:8082 I've successfully (back in Jan) used mod_jk to get httpd to serve those same tomcat instances to http://www.mydomain.com:8090/dev and http://www.mydomain.com:8090/demo (8090 cos I've got another app running on 8080 via Jetty at this stage) using the following code in httpd.conf; LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel debug <VirtualHost *:8090> JkMount /devd* tomcatDev JkMount /demo* tomcatDemo </VirtualHost> What I'm not trying to do is enable SSL I've added the following to httpd.conf Listen 443 <VirtualHost _default_:443> JkMount /dev* tomcatDev JkMount /demo* tomcatDemo SSLEngine on SSLCertificateFile "/opt/httpd/conf/localhost.crt" SSLCertificateKeyFile "/opt/httpd/conf/keystore.key" </VirtualHost> But when I try to restart Apache with "apachectl restart" (yes after shutting down that other app I mentioned so it doesn't toy with https connections) I continuously get the error; "Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration. httpd not running, trying to start" I've looked in the httpd/modules dir and indeed there is no mod_ssl, only mod_jk.so and httpd.exp. I've tried using yum to install mod_ssl, it says its already installed. Indeed I can locate mod_ssl.so in /usr/lib/httpd/modules but this is NOT the path to where I've installed httpd which is /opt/httpd and in fact /usr/lib/httpd contains nothing but the modules dir. Can anyone tell me how to install mod_ssl properly for my installed location of httpd so I can get past this error:

    Read the article

  • Lost website rankings as a result of using a 302 redirect instead of a 301

    - by george peris
    I have an online store and during the last 2 days I noticed a big change in its SERPS for some keywords. The site is indexed in local Google for 5 keywords, and the online store is based on Magento 1.7. 5 days ago, I set up an SSL certificate in the online store in order to get better ranking results. I setup the SSL and followed the instructions from the Magento to make permanent 301 redirects from the HTTP URLs to the HTTPS URLs. I replaced all the URLs of the online store with HTTPS. When I saw in the SERPS that the rankings for some keywords were going up and down, I checked some URLs to see if all was going well with 301 redirects and found that the redirects where 302 and not 301, which is a big bug caused by Magento. I solved the problem with the .htaccess, but still the rankings for the homepage have disappeared. I fetched the site again using Google Webmaster Tools and am waiting to see. Can you please advise if I did something wrong, and what else I could do?

    Read the article

  • Is there a proven concept to website reverse certificate authentication?

    - by Tom
    We're looking at exposing some of our internal application data externally via a website. The actual details of the website aren't that interesting, it'll be built using ASP.NET/IIS etc, that might be relevant. With this, I'm essentially I'm looking for a mechanism to authenticate users viewing my website. This sounds trivial, a username/password is typically fine, but I want more. Now I've read plenty about SSL/x.509 to realise that the CA determines that we're alright, and that the user can trust us. But I want to trust the user, I want the user to be rejected if they don't have the correct credentials. I've seen a system for online banking whereby the bank issues a certificate which gets installed on the users' computer (it was actually smartcard based). If the website can't discover/utilise the key-pair then you are immediately rejected! This is brutal, but necessary. Is there a mechanism where I can do the following: Generate a certificate for a user Issue the certificate for them to install, it can be installed on 1 machine If their certificate is not accessible, they are denied all access A standard username/password scheme is then used after that SSL employed using their certificate once they're "in" This really must already exist, please point me in the right direction! Thanks for your help :)

    Read the article

  • Is my htaccess setting hurting SEO?

    - by Ramanonos
    I have a site that I have redirecting to https. I do this to leverage wildcard SSL for my password protected pages. Everything seems to work fine with testing. For example, whether you type in http or www, you always get redirected to the SSL https... That said, I have about 200-300 external backlinks -- many high quality, yet google webmaster (along with SEOMoz), shows I have just 4... Huh? I'm embarrassed to say I just discovered this. This has led me to hypothesize that maybe my settings in htaccess is messed up, so google isn't recognizing a link because it's recorded on another site as http, instead of https. Maybe? At any rate, here is my simple htaccess setting for 301 www to http, and from http to https. RewriteCond %{SERVER_PORT} !443 RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] RewriteRule ^(.*)$ http://example.com/$1 [L,R=301] RewriteCond %{SERVER_PORT} 443 RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] RewriteRule ^(.*)$ https://example.com/$1 [L,R=301] Like I said, everything works fine for redirect over https, so I'd rather not screw up what works. On the other hand something is very wrong with google finding all my back links, so I need to fix something... I'm just wondering that maybe google isn't picking up a my backlinks from other websites recording me as http because I'm at https. Maybe google doesn't care and it's some other issue. Am I barking up the right tree? If so any quick fixes? Thanks as always!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >