Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 45/170 | < Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >

  • SSL Domain Error in IPhone- https connection

    - by Krishnan
    Hi All, I am using CFNetwork to connect to a https webservice , whose server is a Verisign certified. I get the appropriate response from the server some times. But the rest of the time I am getting two kind of errors. 1."Operation could not be completed. (kCFStreamErrorDomainSSL error -9807.) 2."Operation could not be completed. (kCFStreamErrorDomainSSL error -4.)" I am using SDK 3.0 and tested it in 3.1 also. I don't get a consistent result. Please some one help me to solve the issue. Regards, Krishnan

    Read the article

  • SSL and mod_rewrite error

    - by wnoveno
    Hi, I have https on my site. Pages with rewritten URL in my site are inaccessible while direct urls (folders). here's the htaccess ## 2009-12-17 16:52 JGC [START] ## Enable http compression for this site <IfModule mod_deflate.c> SetOutputFilter DEFLATE ## Directive "DeflateCompressionLevel" not allowed in .htaccess, only valid in server config and virtual hosts # DeflateCompressionLevel 9 # file-types indicated will not be compressed SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:swf|flv|pdf)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary <IfModule mod_headers.c> Header append Vary User-Agent </IfModule> </IfModule> ## 2009-12-17 16:52 JGC [END] ## 2010-03-05 16:05 JGC [START] #<IfModule mod_alias.c> #RedirectMatch 301 ^(/)$ /online-casino-poker-register.html #RedirectMatch 301 ^(/en)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/en/)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/en\.html)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/sc)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/sc/)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/sc\.html)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/ch)$ /ch/online-casino-poker-register.html #RedirectMatch 301 ^(/ch/)$ /ch/online-casino-poker-register.html #RedirectMatch 301 ^(/ch\.html)$ /ch/online-casino-poker-register.html #</IfModule> ## 2010-03-05 16:05 JGC [END] ## # @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $ # @package Joomla # @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On #RewriteLog "/var/www/html/dafa888/rewrite.log" #RewriteLogLevel 3 RewriteCond %{HTTP_COOKIE} !jfcookie\[lang\] [NC] RewriteCond %{HTTP:Accept-Language} ^zh-cn [NC] RewriteRule ^$ /sc/ [L,R=301] RewriteCond %{HTTP_COOKIE} !jfcookie\[lang\] [NC] RewriteCond %{HTTP:Accept-Language} ^zh-tw [NC] RewriteRule ^$ /ch/ [L,R=301] #RewriteCond %{HTTP_COOKIE} !jfcookie[lang] [NC] #RewriteCond %{HTTP_COOKIE} jfcookie\[lang\] [NC] #RewriteCond %{HTTP_COOKIE} jfcookie\[lang\]=([^;]+) [NC] #RewriteRule ^(.*)$ /%1/$1 [NC,QSA] ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) RewriteBase / #RewriteCond %{HTTP_HOST} ^(.*)$ [NC] #RewriteRule ^(.*)$ http://www.%1/$1 [R=301] ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section

    Read the article

  • SSL pages under ASP.NET MVC

    - by David Laing
    How do I go about using HTTPS for some of the pages in my ASP.NET MVC based site? Steve Sanderson has a pretty good tutorial on how to do this in a DRY way on Preview 4 at: http://blog.codeville.net/2008/08/05/adding-httpsssl-support-to-aspnet-mvc-routing/ Is there a better / updated way with Preview 5?,

    Read the article

  • Selenium and HTTPS/SSL

    - by NerdyNick
    I'm running selenium-rc 1.0.3 on a Mac OS X & Windows 7 and both seem to be giving my the annoying accept cert error in firefox. In reading the docs they say I should be able to just use the *firefox run mode and rc should take care of it for me via a proxy or something, but this appears to not work. The only solution that I was able to find on the internet was to create a skeleton profile and pass the path into the rc startup, but thats not a real option. As that doesn't solve problems of testing in IE/Chrome/Safari. Does any know of any other solution that will work. Selenium-RC docs on HTTPS - http://seleniumhq.org/docs/05_selenium_rc.html#handling-https-and-security-popups

    Read the article

  • WCF via SSL connectivity problems

    - by Brett Widmeier
    Hello, I am hosting a WCF service from inside a Windows service using WAS. When I set the service to listen on 127.0.0.1, I have connectivity from my local machine as well as from my network. However, when I set it to listen on my outbound interface port 443, I can no longer even see the wsdl by connecting with a browser. Strangely, I can connect to the service by using telnet. The cert I am using was generated for my interface by a CA, and I have successfully used this exact cert with this service before. When checking the application log, I see that the service starts without error and is listening on the correct interface. From this information, it seems to me that the config file is in a valid state, but somehow misconfigured for what I want. I have, however, previously deployed this same setup on other sites using this config file. In case it is helpful, below is my config file. Any thoughts? <!--<system.diagnostics> <sources> <source name="System.ServiceModel" switchValue="Warning, ActivityTracing" propagateActivity="true"> <listeners> <add type="System.Diagnostics.DefaultTraceListener" name="Default"> <filter type="" /> </add> <add name="ServiceModelTraceListener"> <filter type="" /> </add> </listeners> </source> </sources> <sharedListeners> <add initializeData="app_tracelog.svclog" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ServiceModelTraceListener" traceOutputOptions="Timestamp"> <filter type="" /> </add> </sharedListeners> </system.diagnostics>--> <appSettings/> <connectionStrings/> <system.serviceModel> <!--<diagnostics> <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog ="1000" maxSizeOfMessageToLog="524288"/> </diagnostics>--> <bindings> <basicHttpBinding> <binding name="basicHttps"> <security mode="Transport"> <transport clientCredentialType="None"/> <message /> </security> </binding> </basicHttpBinding> </bindings> <services> <service behaviorConfiguration="ServiceBehavior" name="<fully qualified name of service>"> <endpoint address="" binding="basicHttpBinding" name="OrdersSoap" contract="<fully qualified name of contract>" bindingNamespace="http://emr.orders.com/WebServices" bindingConfiguration="basicHttps" /> <endpoint binding="mexHttpsBinding" address="mex" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="https://<external IP>/<name of service>>/" /> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceMetadata httpsGetEnabled="False"/> <serviceDebug includeExceptionDetailInFaults="True" /> <dataContractSerializer maxItemsInObjectGraph="2147483646"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • openssl ssl encryption

    - by deddihp
    Hello, I want to discuss about openssl write and read method. Assume I have an data structure like below: /-----------------------------------------------------\ | my_header | PAYLOAD | \-----------------------------------------------------/ | | \ / \ / not encrypted encrypted I think the proper algorithm would be like this : SEND: build my_header with my own header. encrypt PAYLOAD with encryption function attach my_header and PAYLOAD (encrypted) to one buffer send it using common POSIX function just like send or sendto RECV: using common POSIX function just like recv or recvfrom. extract my_header and PAYLOAD(encrypted) decrypt PAYLOAD with decryption function at last i got my_header and PAYLOAD(decrypted). How is your approach if you face a problem like above. Since openssl encrypt all of data that is sent to SSL_write function (CMIIW). Thanks

    Read the article

  • Creating SSL on IIS - Remote access problem

    - by ile
    I followed these instructions: http://www.visualwin.com/SelfSSL/ When I type https://localhost/ than it works, but when I try to access it remotely (i set up my router to port forward to localhost), for example https://myip the page does not load. Also, I noticed one other thing. When I access localhost locally then I am asked to enter user/pass, but if I access remotely the I get the following warning: Under Construction The site you were trying to reach does not currently have a default page. It may be in the process of being upgraded and configured. ... I don't know if it is related with this but I hope someone know the answer. Thanks, Ile

    Read the article

  • INDY WebService over SSL contains link with HTTP protocol instead of HTTPS in WSDL

    - by user1437820
    When creating new SOAP WebService server project using Delphi XE2 the wizard allows to set change port and HTTPS properties. Port is set to 443, HTTPS flag is checked, but when trying to connect to created server it returns incorrect transport (HTTP instead of HTTPS) in WSDL and generates HTTP links on the Service Info Page. The auto-generated page is not so important, but wrong information in WSDL file is a problem. Below you can see the returned WSDL - there are no HTTPS: <?xml version="1.0"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema" name="Itest123service" targetNamespace="http://tempuri.org/" xmlns:tns="http://tempuri.org/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:ns1="urn:test123Intf"> <types> <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:test123Intf"> <simpleType name="TEnumTest"> <restriction base="string"> <enumeration value="etNone"/> <enumeration value="etAFew"/> <enumeration value="etSome"/> <enumeration value="etAlot"/> </restriction> </simpleType> <complexType name="TDoubleArray"> <complexContent> <restriction base="soapenc:Array"> <sequence/> <attribute ref="soapenc:arrayType" n1:arrayType="xs:double[]" xmlns:n1="http://schemas.xmlsoap.org/wsdl/"/> </restriction> </complexContent> </complexType> <complexType name="TMyEmployee"> <sequence> <element name="LastName" type="xs:string"/> <element name="FirstName" type="xs:string"/> <element name="Salary" type="xs:double"/> </sequence> </complexType> </schema> </types> <message name="echoEnum0Request"> <part name="Value" type="ns1:TEnumTest"/> </message> <message name="echoEnum0Response"> <part name="return" type="ns1:TEnumTest"/> </message> <message name="echoDoubleArray1Request"> <part name="Value" type="ns1:TDoubleArray"/> </message> <message name="echoDoubleArray1Response"> <part name="return" type="ns1:TDoubleArray"/> </message> <message name="echoMyEmployee2Request"> <part name="Value" type="ns1:TMyEmployee"/> </message> <message name="echoMyEmployee2Response"> <part name="return" type="ns1:TMyEmployee"/> </message> <message name="echoDouble3Request"> <part name="Value" type="xs:double"/> </message> <message name="echoDouble3Response"> <part name="return" type="xs:double"/> </message> <portType name="Itest123"> <operation name="echoEnum"> <input message="tns:echoEnum0Request"/> <output message="tns:echoEnum0Response"/> </operation> <operation name="echoDoubleArray"> <input message="tns:echoDoubleArray1Request"/> <output message="tns:echoDoubleArray1Response"/> </operation> <operation name="echoMyEmployee"> <input message="tns:echoMyEmployee2Request"/> <output message="tns:echoMyEmployee2Response"/> </operation> <operation name="echoDouble"> <input message="tns:echoDouble3Request"/> <output message="tns:echoDouble3Response"/> </operation> </portType> <binding name="Itest123binding" type="tns:Itest123"> <binding xmlns="http://schemas.xmlsoap.org/wsdl/soap/" style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="echoEnum"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoEnum" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoDoubleArray"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoDoubleArray" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoMyEmployee"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoMyEmployee" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoDouble"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoDouble" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> </binding> <service name="Itest123service"> <port name="Itest123Port" binding="tns:Itest123binding"> <address xmlns="http://schemas.xmlsoap.org/wsdl/soap/" location="http://localhost:443/soap/Itest123"/> </port> </service> </definitions> When I'm trying to import WSDL to soapUI tool to check WebService work I need to change manually binding link to "https://" and only then RPCs will work. I will be very grateful for any idea how to force INDY to return links in WSDL with HTTPS protocol. Thanks in advance!

    Read the article

  • What is the proper HTTP response to send for requests that require SSL

    - by dasil003
    I'm designing an RESTful API where some calls are public over HTTP, and some require an API key and encryption over HTTPS. I'm deliberating on what response code should be sent if an HTTP request is sent to one of the private resources. So far the only one that jumps out at me is 412 - Precondition Failed, but the standard indicates that the precondition is imposed by the requester not the server. Is there an appropriate response code for this condition or do I just need to give in and do 400?

    Read the article

  • SSL encrpytion, SHA1 and SHA2

    - by Hellnar
    Hello, I am trying to implement SHA2 encryption instead SHA1. For this, I know that bit number between these two hash algorithms are different and it confuses me. How can this be achieved and at what parts do I need to make required changes. I can use any open source library from Java, Python and any other major programming language. Regards

    Read the article

  • Getting rewrite to work with SSL in a MVC Zend Framework app

    - by cappuccino
    I am following the Zend Framework quickstart document and got stuck on the .htaccess rewrite rules. I am using this: RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] This works find when I access through HTTP, however, nothing is served when accessing through HTTPS. I am using a single directory for HTTP and HTTPS content. I would not want to force HTTPS either. How can I fix this?

    Read the article

  • ssl security information on internet explorer 6

    - by user309984
    Hi all, I dont want that my webpage show security information about this page contains both secure and nonsecure... this only happen in ie6, i am testing with the program ietester. I know that the problem is in file mootools-1.11-uncompressed.js in this line if(!$("ie_ready")){var C=(window.location.protocol=="https:")?"://0":"javascript:void(0);";document.write('<\/script');$("ie_ready").onreadystatechange=function(){if(this.readyState=="complete"){A();}};}}else{window.addListener("load",A);document.addListener("DOMContentLoaded",A); i already try change the ://0 by https://0 and javascript: and javascript:false and # but the problem continues, when i remove this line from the mootools file the warning doesnt show but the code that i have to show some calendar doesnt work also, because i have something like /* and this doesnt work if i remove that line, can anyone help me??

    Read the article

  • Multiple certs with one private key on apache?

    - by tenbatsu
    Really fundamental question here, but nothing a quick google search is lending itself to. Do I need to generate a separate private key for each cert I use in apache? Server details: % /usr/sbin/httpd -v Server version: Apache/2.2.8 (Unix) Server built: Jan 24 2008 10:44:19 % uname -a Linux *.com 2.6.23.15-80.fc7 #1 SMP Sun Feb 10 17:29:10 EST 2008 i686 i686 i386 GNU/Linux % cat /proc/versionversion 2.6.23.15-80.fc7 ([email protected]) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) #1 SMP Sun Feb 10 17:29:10 EST 2008

    Read the article

  • SubjectAltNames supported on IIS 5 ?

    - by traff
    I just generated a certificate with a CN and two subject alternative names (3 differents fqdn) and i always get a handshake failure, whatever the ssl version i use: 14177:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: 14176:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: I'm now asking myself if IIS 5 on win2000 does really support those certificates, any ideas ? Thanks in advance.

    Read the article

  • Using a GoDaddy SSL certificate with Virtualmin (Webmin)

    - by Kevin
    A client of mine decided to go ahead and move from a self-signed certificate to a commercial one ("GoDaddy Standard SSL"). The first service I wanted to move to the commercial SSL cert was Webmin/Usermin... However, upon migrating to the new SSL cert and restarting Webmin, I got the following error: [21/Oct/2012:13:12:47 -0400] Restarting Failed to open SSL cert /etc/webmin/miniserv.cert at /usr/share/webmin/miniserv.pl line 4229. Error: Webmin server did not write new PID file And that's all it says. Here's Webmin's config file (/etc/webmin/miniserv.conf): port=10000 root=/usr/share/webmin mimetypes=/usr/share/webmin/mime.types addtype_cgi=internal/cgi realm=Webmin Server logfile=/var/webmin/miniserv.log errorlog=/var/webmin/miniserv.error pidfile=/var/webmin/miniserv.pid logtime=168 ppath= ssl=0 env_WEBMIN_CONFIG=/etc/webmin env_WEBMIN_VAR=/var/webmin atboot=1 logout=/etc/webmin/logout-flag listen=10000 denyfile=\.pl$ log=1 blockhost_failures=5 blockhost_time=60 syslog=1 session=1 server=MiniServ/1.600 userfile=/etc/webmin/miniserv.users keyfile=/etc/webmin/miniserv.pem passwd_file=/etc/shadow passwd_uindex=0 passwd_pindex=1 passwd_cindex=2 passwd_mindex=4 passwd_mode=0 preroot=virtual-server-theme passdelay=1 sudo=1 sessiononly=/virtual-server/remote.cgi preload=virtual-server=virtual-server/virtual-server-lib-funcs.pl virtual-server=virtual-server/feature-unix.pl virtual-server=virtual-server/feature-dir.pl virtual-server=virtual-server/feature-dns.pl virtual-server=virtual-server/feature-mail.pl virtual-server=virtual-server/feature-web.pl virtual-server=virtual-server/feature-webalizer.pl virtual-server=virtual-server/feature-ssl.pl virtual-server=virtual-server/feature-logrotate.pl virtual-server=virtual-server/feature-mysql.pl virtual-server=virtual-server/feature-postgres.pl virtual-server=virtual-server/feature-ftp.pl virtual-server=virtual-server/feature-spam.pl virtual-server=virtual-server/feature-virus.pl virtual-server=virtual-server/feature-webmin.pl virtual-server=virtual-server/feature-virt.pl virtual-server=virtual-server/feature-virt6.pl anonymous=/virtualmin-mailman/unauthenticated=anonymous premodules=WebminCore logouttimes= extracas=/etc/webmin/miniserv.chain certfile=/etc/webmin/miniserv.cert ssl_redirect=0 Here is a screen shot of the Webmin SSL config screen as well, for what it's worth: http://postimage.org/image/r472go7tf/ Edited Mon Oct 22 10:45:24 CDT 2012: When running the command openssl x509 -noout -text -in /etc/webmin/miniserv.cert as Falcon Momot suggested, I get the following error: unable to load certificate 139760808240800:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    Read the article

  • ISA 2006 SP1 - SSL Client Certificate Authentication in Workgroup Environment

    - by JoshODBrown
    We have an IIS6 website that was previously published using an ISA 2006 SP1 standard server publishing rule. In IIS we had required a client certificate be provided before the website could be accessed... this all worked fine and dandy. Now we wish to use a web publishing rule on ISA 2006 SP1 for this same website. However, it seems the client certificate doesn't get processed now, so of course the user can't access the website. I've read a few articles stating the CA for the certificate needs to be installed in the trusted root certificate authorities store on the ISA Server (i have done this), as well as installing the client certificate on the ISA Server (done as well). I have also verified that the ISA Server is able to access the CRL for our CA no problem... In the listener properties for the web publishing rule, under Authentication, and Client Authentication Method, there is an option for SSL Client Certificate Authentication... i select this, but it appears the only Authentication Validation Method selectable is Windows (Active Directory).... there is no Active Directory in this environment. When i configure the rule with the defaults, I then try to hit my website and it prompts for my certificate, i choose it and hit ok... then I'm given the following error Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) I check the event logs on the ISA Server and in Security Logs, i see Event ID 536, Failure Aud. The reason: The NetLogon component is not active. I think this is pretty obvious since there is no active directory available. Is there a way to make this web publishing rule work using client certificates in this workgroup environment? Any suggestions or links to helpful documents would be greatly appreciated!

    Read the article

  • What compatibility trade-offs do we need to make in order to use a hardened SSL config for Nginx?

    - by nathan.f77
    I found some hardened SSL settings in github.com/ioerror/duraconf. Here is the header from the config: This is an example of a high security, somewhat compatible SSLv3 and TLSv1 enabled HTTPS proxy server. The server only allows modes that provide perfect forward secrecy; no other modes are offered. Anonymous cipher modes are disabled. This configuation does not include the HSTS header to ensure that users do not accidentally connect to an insecure HTTP service after their first visit. It only supports strong ciphers in PFS mode: ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols SSLv3 TLSv1; If we were to use these settings on our website, what does "somewhat compatible" mean? For example, would IE6 still be able to connect?

    Read the article

  • How can I create an external SSL wrapper/tunnel page for an insecure webpage behind a firewall?

    - by Ross Rogers
    I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:CAMERA_IP:80 [email protected] and then I connect to my web page like: http://localhost:9090 But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.

    Read the article

  • Setup IIS 7.5 with multiple website bindings and SSL?

    - by JK01
    On IIS 7.5 I am trying to achieve this with two websites: Default Web Site is bound to: (blank host header port 80 - http) (blank host header port 443 - https) go.example.com www71.example.com the IP address of go.example.com 2nd web site "Beta" is bound to: beta.example.com (blank host header port 443 - https) * using blank only because it doesn't seem to be possible to bind https to a named host header And both need to work with SSL. But I have these problems: When I type in beta.example.com, I see the go.example.com site instead I can not seem to add the SSL binding to both websites at once (I have a single *.example.com wildcard certificate). The beta site will not even start if I add the https binding to it. This is how I have set it up: What is the correct way to set it up?

    Read the article

  • How can I force all requests to be SSL when using EC2 load balancer?

    - by chris
    I currently have a single EC2 instance which is forcing all requests to be secure by using mod_rewrite: RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] I am planning on moving to a load balanced setup, with multiple back-end instances. If I set up my EC2 load balancer with my certs, do I need to use SSL to communicate between the LB and my instances? If not, is it as simple as replacing the RewriteCond with RewriteCond %{HTTP:X-Forwarded_Proto} ^http$ Edit: I tried using the x-forwarded-proto, but it does not appear to work. Is there another way to detect if someone is connected to the LB via SSL?

    Read the article

  • How to retrieve connection details of CheckPoint SSL Network Extender?

    - by amoe
    My workplace uses a Java-based VPN tool named CheckPoint SSL Network Extender. I would like to configure the VPN connection myself using stock OS tools, because I find the applet to be rather unstable. How would I go about getting all of the connection details needed to manually connect to the VPN? My workplace only supports the official client. When I am connected with the Java applet, if I run ipconfig /all I can see that a hidden network connection is created named Check Point Virtual Network Adapter For SSL Network Extender - Packet Scheduler Miniport. I can see the various IP and DNS details there as well. However, because I need to log in to the applet-based tool, I presume I need to export some kind of key in order to use OS tools to configure this. Is this even possible? Answers for any OS are great although I am using Windows XP to test, and also want to use Linux clients.

    Read the article

  • How to properly deny Railo directory access through Apache

    - by Sn3akyP3t3
    I've been battle tested on this and failed to achieve my goal which is to deny all access to all directories except the Public directory and only allow access to all all other directories with specific IP addresses. To get Railo+Apache+Tomcat installed I pretty much followed this script: https://github.com/talltroym/Railo-Ubuntu-Installer-Script then verified settings with this tutorial: http://blog.nictunney.com/2012/03/railo-tomcat-and-apache-on-amazon-ec2.html From the installation script these mods are enabled: sudo a2enmod ssl sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite sudo a2ensite default-ssl Outside of the script I copied the sites-available to sites-enabled then reloaded Apache. I have a directory created for Railo cmfl located at /var/www/Railo/ Navigating the browser to http ://Server_IP_Address/Railo forces ssl and relocates to https ://Server_IP_Address/Railo which shows off index.cfm. Not providing index.cfm and omitting https indicates that the DirectoryIndex directive and RewriteCond of Apache appears to be working for the sites-enabled VirtualHost. The problem I'm encountering is that I cannot seem to deny access to all directories except Public. My directory structure is rather simple and looks like this: Railo error Public NotPublic Sandbox These are my sites-enabled configurations: <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www #Default Deny All to prevent walking backwards in file system Alias /Railo/ "/var/www/Railo/" <Directory ~ ".*/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html index.cfc RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost> and <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www Alias /Railo/ "/var/www/Railo/" <Directory ~ "/var/www/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html #Proxy .cfm and cfc requests to Railo ProxyPassMatch ^/(.+.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1 ProxyPassReverse / http://127.0.0.1:8888/ #Deny access to admin except for local clients <Location /railo-context/admin/> Order deny,allow Deny from all # Allow from <Omitted> # Allow from <Omitted> Allow from 127.0.0.1 </Location> </VirtualHost> </IfModule> The apache2.conf includes the following: # Include the virtual host configurations: Include sites-enabled/ <IfModule !mod_jk.c> LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so </IfModule> <IfModule mod_jk.c> JkMount /*.cfm ajp13 JkMount /*.cfc ajp13 JkMount /*.do ajp13 JkMount /*.jsp ajp13 JkMount /*.cfchart ajp13 JkMount /*.cfm/* ajp13 JkMount /*.cfml/* ajp13 # Flex Gateway Mappings # JkMount /flex2gateway/* ajp13 # JkMount /flashservices/gateway/* ajp13 # JkMount /messagebroker/* ajp13 JkMountCopy all JkLogFile /var/log/apache2/mod_jk.log </IfModule> I believe I understand most of this except the jk_module inclusion which I've noticed has an error that shows up in the logs that I can't sort out: [warn] No JkShmFile defined in httpd.conf. Using default /etc/apache2/logs/jk-runtime-status I've checked my Regular expression against the paths of the directories with RegexBuddy just to be sure that I wasn't correct. The problem doesn't appear to be Regex related although I may have something incorrect in the Directory directive. The Location directive seems to be working correctly for blocking out Railo admin site access.

    Read the article

  • Can't connect to Synology DiskStation through HTTPS when using Windows 7 Import

    - by LeonidasFett
    a little background to my problem: I have a Synology DiskStation 213j that I use as a backup/data storage solution. When I'm at work, I would like to push and pull files from my DiskStation but I can't use VPN which is forbidden for outgoing connections. So I wanted to try to use HTTPS so I can at least connect securely to the web interface. I mostly use Chrome which uses the Windows Certificate Store. So I tried importing a self-signed certificate into it, without success. I still get a warning in Chrome telling me the connection is not secure because it can't be verified. When I import the certificate into Firefox though, it works and I can connect through HTTPS. I checked my domain on this site: http://www.sslshopper.com/ssl-checker.html It shows no errors, only a warning that the certificate is self-signed. Which is OK in this case. Any got any idea why importing the certificate into Windows 7 doesn't work? I tried Right-Click domain.mydomain.de.crt File --> Install certificate --> Next --> both options here (in case of "Place certificate in following store:" I selected "Third Party Root Certificate Authorities") to no avail.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >