Search Results

Search found 3868 results on 155 pages for 'wildcard ssl'.

Page 46/155 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • Ubuntu, apache2 wildcard dns to subdomain

    - by Mark van Velthoven
    Currently I'm hosting my own (ubuntu) server with the following services: samba, ftp and a webserver. I've bought a domain and linked the DNS A-record to my ISP's IP. This is working correctly. Now I'd like to use the DNS wildcard-record to create subdomains. I want to avoid waiting 24hrs before the DNS change completes. Thusfar I'm only able to redirect all incoming wildcards to the same directory: test1.domain.com redirects to /var/www test2.domain.com redirects to /var/www Although I'd like to get: test1.domain.com redirects to /var/www/test1 test2.domain.com redirects to /var/www/test2 My guess would be to change the file /etc/apache2/sites-available/domain. Any help or tips would be welcome! Thanks, Mark

    Read the article

  • wildcard in httpd conf file?

    - by Joe
    Here is an example httpd config I'm currently using: <VirtualHost 123.123.123.123:80> ServerName mysite.com ServerAlias www.mysite.com DocumentRoot /home/folder </VirtualHost> I'm wondering, is it possible to have a wildcard for the ServerName & ServerAlias variable? Reason for asking is I have some software that is shared among multiple URL's all controlled in a CMS and it's kind of a pain to add new domains via ssh everytimee. And before someone points out a security hole, the software does check the current URL before doing any webpages :)

    Read the article

  • Firefox bookmark with wildcard and keyword

    - by ThankYouToPositiveContributors
    In Firefox, how do I set up URL shortcuts that include a wildcard, %s? I have definitely set this up before on another computer. For example, if I wanted to view a Jira ticket, I would enter jira XXX-1234 into the address bar and it would take me to http://jira.sutureself.com:1234/browse/XXX-1234. I remember the entry added to Firefox would be http://jira.sutureself.com:1234/browse/%s, but I can't remember where I add that. EDIT I might add, I have done this without any additional addons.

    Read the article

  • Apache mod_rewrite for multiple domains to SSL

    - by Aaron Vegh
    Hi there, I'm running a web service that will allow people to create their own "instances" of my application, running under their own domain. These people will create an A record to forward a subdomain of their main domain to my server. The problem is that my server runs everything under SSL. So in my configuration for port 80, I have the following: <VirtualHost *:80> ServerName mydomain.com ServerAlias www.mydomain.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule /(.*) https://mydomain.com/$1 [R=301] </VirtualHost> This has worked well to forward all requests from the http: to https: domain. But as I said, I now need to let any domain automatically forward to the secure version of itself. Is there a rewrite rule that will let me take the incoming domain and rewrite it to the https version of same? So that the following matches would occur: http://some.otherdomain.com -> https://some.otherdomain.com http://evenanotherdomain.com -> https://evenanotherdomain.com Thanks for your help! Apache mod_rewrite makes my brain hurt. Aaron.

    Read the article

  • Tab Sweep: Java EE 6 Scopes, Observer, SSL, Workshop, Virtual Server, JDBC Connection Validation

    - by arungupta
    Recent Tips and News on Java, Java EE 6, GlassFish & more : • How Java EE 6 Scopes Affect User Interactions (DevX.com) • Why is Java EE 6 better than Spring ? (Arun Gupta) • JavaEE Revisits Design Patterns: Observer (Murat Yener) • Getting started with Glassfish V3 and SSL (JavaDude) • Software stacks market share within Jelastic: March 2012 (Jelastic) • All aboard the Java EE 6 Love Boat! (Bert Ertman) • Full stack Java EE workshop (Kito Mann) • Create a virtual server from console in glassfish (Hector Guzman) • Glassfish – JDBC Connection Validation explained (Alexandru Ersenie) • Automatically setting the label of a component in JSF 2 (Arjan Tijms) • JSF2 + Primefaces3 + Spring3 & Hibernate4 Integration Project (Eren Avsarogullari) • THE EXECUTABLE FEEL OF JAX-RS 2.0 CLIENT (Adam Bien) Here are some tweets from this week ... web-app dtd(s) on http://t.co/4AN0057b R.I.P. using http://t.co/OTZrOEEr instead. Thank you Oracle! finally got GlassFish and Cassandra running embedded so I can unit test my app #jarhell #JavaEE6 + #NetBeans is really a pleasure to work with! Reading latest chapter in #Spring vs #JavaEE wars https://t.co/RqlGmBG9 (and yes, #JavaEE6 is better :P) @javarebel very easy install and very easy to use in combination with @netbeans and @glassfish. Save your time.

    Read the article

  • Websockets through Stunnel is giving random bytes.

    - by user16682
    I have several servers set up for a web application that I am developing. One is a load balancing server, and I'm running a php WebSockets server on this balancer. The website that I am developing on uses ssl, so I have my WebSockets running through a wss uri connecting directly to the balancer, where I have set up stunnel4 to decrypt all traffic at a certain port and re-rout it to my php WebSockets server. This works fine when it comes down to connecting to my server. That's not the problem. The problem occurs when I try to send data to the server. Occasionally when I try this, stunnel does not appear to be decrypting the data properly. I get garbage characters in my termanal running the server: what appear to be completely random bytes. This can sometimes go on for several consecutive messages that I send before abruptly working again. It is very erratic and unpredictable. Sometimes I refresh the page, and all the messages work perfectly. Sometimes the WebSocket connects and I have to wait 5-10 seconds before any messages I send are interpreted properly by the server. Other times I can't send any messages at all, because they all end up as garbage. I believe this is a stunnel problem, but I am not certain. Does anybody have any experience with this? I would like a more predictable server if I can get it. Some more information: This occurs extensively in Chrome, not quite as much in FireFox, and never in Safari. The php server I am using is phpws http://code.google.com/p/phpws/ -- On the WebSocket connection, this server would sometimes detect that the header was only 1 byte in size, the first byte of the WebSockets header. I had to modify the server to flush the buffer ever time this occurred so that it would reliably connect.

    Read the article

  • SSL: Alternative Netzwerkverschlüsselung für Oracle Datenbanken

    - by Heinz-Wilhelm Fabry (DBA Community)
    Das Netzwerk bietet eine extrem kritische Angriffsfläche in jeder Sicherheitsarchitektur. Einerseits ist kaum zu verhindern, dass externe oder auch interne Angreifer auf das Netzwerk zugreifen: So sieht etwa jemand, der Zugriff auf einen sogenannten Netzwerksniffer hat (zum Beispiel auf das weit verbreitete Wireshark) alle Daten, die im Netzwerk übertragen werden. Andererseits gehen alle Befehle, die an eine Oracle Datenbank geschickt werden - mit Ausnahme der Informationen zu Benutzernamen und Passwort beim LOGIN - sowie alle Daten, die aus einer Datenbank ausgegeben werden, im Klartext über das Netzwerk. Das Risiko,  über das Netzwerk Daten 'zu verlieren', ist daher nur in den Griff zu bekommen, wenn man den Datenstrom verschlüsselt. Die einfachste Lösung zur Verschlüsselung des Datenstroms bietet ASO mit der sogenannten nativen Verschlüsselung über SQL*Net. Sie ist bei Bedarf und ohne Neustart der Datenbank ganz einfach und im Extremfall mit einer einzigen Einstellung in der Konfigurationsdatei SQLNET.ORA zu implementieren, nämlich mitSQLNET.ENCRYPTION_SERVER = REQUIREDWegen der einfachen Umsetzung wird diese Variante von der ganz überwiegenden Mehrheit der ASO Anwender bevorzugt eingesetzt. Im Rahmen der Datenbank Community wurde das Verfahren auch schon näher betrachtet. Allerdings lässt sich mit der ASO auch die Verschlüsselung des Netzwerks über SSL implementieren. Wie das aufzusetzen ist beschreibt dieser Tipp. Er versteht sich als erstes How-To zur Einarbeitung in die Thematik.

    Read the article

  • https:// search results appearing on Google for purely http:// site

    - by hydrurga
    I started weeding through my site's search results from Google today, using a site: search, to determine if there are any links that cause 404s and thus need redirecting. To my amazement I noticed numerous https:// results relating to various pages. My site doesn't have a SSL certificate, doesn't serve such pages, doesn't internally link to https:// pages, doesn't include any such files in its sitemap.xml and, for all of these, never has. I decided to do a Google search for https://<my site> and found one site that incorrectly refers to the root of my site with a https:// prefix - I will try to contact them to get them to correct this. I'm not sure however how Googlebot managed to index the non-root files as https://. I can't find any external links to them and surely, without certification, Googlebot should have stalled at the first request? I've just added the following lines to the site's .htaccess (although the surfer still has to navigate through the browser's "This site is a security risk. Abandon hope all ye who enter here!" message(s) first to get there): RewriteEngine On RewriteCond %{HTTPS} on RewriteRule ^(.*)$ http://www.<my site>.org/$1 [R=301,L] replacing <my site> with my domain name. My big question is this though - I would like to use the Google Webmaster Tools Remove URLs feature to remove the https:// pages from the index. Can I be guaranteed that this will only remove the https:// versions of each relevant page and not the valid http:// versions? My thanks to anyone who can help me out with this particular question and the issue in general.

    Read the article

  • CA For A Large Intranet

    - by Tim Post
    I'm managing what has become a very large intranet (over 100 different hosts / services) and will be stepping down from my role in the near future. I want to make things easy for the next victim person who takes my place. All hosts are secured via SSL. This includes various portals, wikis, data entry systems, HR systems and other sensitive things. We're using self signed certificates which worked o.k. in the past, but are now problematic because: Browsers make it harder for users to understand exactly what is going on when a self signed certificate is encountered, much less accept them. Putting up a new host means 100 phone calls asking what "Add an exception" means What we were doing is just importing the self signed certs when we set up a new workstation. This was fine when we only had a dozen to deal with, but now its just overwhelming. Our I.T. Department has classified this as ya all's problem, all we get from them is support for switch and router configurations. Beyond the user having connectivity, everything else is up to the intranet administrators. We have a mix of Ubuntu and Windows workstations. We'd like to set up our own self signed CA root, which can sign certificates for each host that we deploy on the intranet. Client browsers would of course be told to trust our CA. My question is, would this be dangerous and would we be better off going with intermediate certificates from someone like Verisign? Either way, I still have to import the root for the intermediate CA, so I really don't see what the difference is? Other than charging us money, what would Verisign be doing that we could not, beyond protecting the root CA cert so it can't be used to make forgeries?

    Read the article

  • IE8 HTTPs Download Issue

    - by Jon Egerton
    I have a problem with a system I develop related to IE8 downloading over SSL (ie on sites using https://...) and is described on this MS kb article: http://support.microsoft.com/kb/323308 We use the HTTPCacheability.NoCache option as the data being downloaded is sensitive, and is downloaded from a secured site. I don't want that data to be cached on any of the proxies etc that the response passes through back to the client. The article describing the issue details a fix to the client side registry changing a BypassSSLNoCacheCheck setting. I don't want to loosen the system security just for IE8, as the system works fine on anything more upto date. Getting all the clients to apply the hotfix is difficult at best, and impossible at worst. We need to support IE8 in the system, at least for now. So: 1: Does the detailed hotfix have any implications for the security at the browser end in IE8 - does it mean the file will be cached? (in a place other than where the user saves the file). 2: Is there some way I can get these files downloadable with a change at the server end that doesn't break the security side of things?

    Read the article

  • Usual Suspects: Typical 3rd Party Entities in E-Commerce [closed]

    - by zharvey
    I am doing some requirements/analysis for a web app that I'd like to build (Ruby/Java developer here). This web app would have a store front, shopping cart and would need to be totally compliant with all e-com best practices. It's amazing how much non-technical info comes up when you search for phrases like "how does e-commerce work", but very little comes up in the way of technical details. As such, I'm having extreme frustration finding answers to what I consider pretty straight-forward questions. I came here because I believe this question is not off-topic; if it is, please leave a comment as to why this question does not belong here and I will happily remove it myself (upvotes if your comment can point me to the correct place for this question!). So then: What 3rd parties will I need to work with to have a modern, web-compliant e-com site? So far I can account for a payment gateway provider like Authorize.net and an SSL certificate provider like Trustwave. Any others? What other standards besides PCI compliance will I be held to (besides governing laws, of course!)? Vulnerability scans: PCI compliance requires quarterly scans: if I'm a "Level 4" (low volume) Merchant does that still apply to me? Irregardless, my backend architecture is quite huge, with web servers, app servers, database, message brokers and more. Do each of these servers need to be scanned?!? If not what servers do need to get these quarterly scans? I usually hate to ask micro-questions inside of one large one, but these are so closely-related I just felt like asking them all separately would be spamming the site with too many petty questions. Thanks in advance!

    Read the article

  • SSL certificate on IIS 7

    - by comii
    I am trying to install a SSL certificate on IIS 7. I have download a free trial certificate. After that, this is the steps what I do: Click the Start menu and select Administrative Tools. Start Internet Services Manager and click the Server Name. In the center section, double click on the Server Certificates button in the Security section. From the Actions menu click Complete Certificate Request. Enter the location for the certificate file. Enter a Friendly name. Click OK. Under Sites select the site to be secured with the SSL certificate. From the Actions menu, click Bindings.This will open the Site Bindings window. In the Site Bindings window, click Add. This opens the Add Site Binding window. Select https from the Type menu. Set the port to 443. Select the SSL Certificate you just installed from the SSL Certificate menu. Click OK. This is the step where I get the message: One or more intermediate certificates in the certificate chain are missing. To resolve this issue, make sure that all of intermediate certificates are installed. For more information, see http://support.microsoft.com/kb/954755 After this, when I access the web site on its first page, I get this message: There is a problem with this website's security certificate. What am I doing wrong?

    Read the article

  • How do I disable MEDIUM and WEAK/LOW strength ciphers in Apache + mod_ssl?

    - by superwormy
    A PCI Compliance scan has suggested that we disable Apache's MEDIUM and LOW/WEAK strength ciphers for security. Can someone tell me how to disable these ciphers? Apache v2.2.14 mod_ssl v2.2.14 This is what they've told us: Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. Solution: Reconfigure the affected application if possible to avoid use of medium strength ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More] Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More]

    Read the article

  • Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?

    - by jackweirdy
    In the HTTPS/SSL section of chrome://chrome/settings, I see the following: What does this mean, and is there something wrong? I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites. From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site. My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication. NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs. What I'd like to know is: Is this correct? - The big red boxes make me think no Is this malicious or benign? What can I do to resolve this problem? (If indeed it is a problem) Thanks :)

    Read the article

  • Hostname error on my Slicehost Ubuntu server

    - by allesklar
    Like many folks who upgraded to Rails 2.2, I got an exception raised when sending an email. This version of Rails or later does require using tls for sending emails. The message in the production log file says: hostname was not match with the server certificate I did a whole lot of research and work on this and did everything I could. I changed my slice's hostname to ohlalaweb.com. If I run the command 'hostname' at the CL I get: ohlalaweb.com Postfix seems to work fine. I can send emails from the CL to my gmail, yahoo, and google apps gmail accounts with no problems. Here is the result of cat /etc/postfix/main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = /etc/mailname smmtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ohlalaweb.pem smtpd_tls_key_file=/etc/ssl/certs/ohlalaweb.pem smtpd_use_tls=yes # SA created next line to force postfix to use self create certificate smtpd_tls_auth_only=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = ohlalaweb.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all I have regenerated the ssl keys with the ohlalaweb.com host name. Any ideas or suggestions?

    Read the article

  • IPv6 working fine, IPv4 throws OpenSSL error

    - by jippie
    I am building a webserver ( http://blog.linformatronics.nl/ ), which functions just fine on both IPv4 and IPv6 and when using a non-SSL connection. However when I connect to it through https, IPv6 works as expected, but an IPv4 connection throws a client side error. Server side logs are empty for the IPv4/https connection. Summarized in a table: | http | https -----+-------+------------------------------------------------------- IPv4 | works | OpenSSL error, failed. No server side logging. -----+-------+------------------------------------------------------- IPv6 | works | self signed certificate warning, but works as expected Apparently the SSL tunnel isn't even set up, which accounts for the Apache logs being empty. But why does it work fine for IPv6 and fail for IPv4? My question is why is this OpenSSL error being thrown and how can I solve it? Below is some extra information about the setup. IPv6 https Command used to reproduce IPv6/https behaviour: $ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl --2012-11-03 15:46:48-- https://blog.linformatronics.nl/ Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7 Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected. WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost': Self-signed certificate encountered. WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'. HTTP request sent, awaiting response... 200 OK Length: 4556 (4.4K) [text/html] Saving to: `/dev/null' 100%[=======================================================================>] 4,556 --.-K/s in 0s 2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556] IPv4 https Command used to reproduce IPv6/https behaviour: $ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl --2012-11-03 15:47:28-- https://blog.linformatronics.nl/ Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247 Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected. OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection. Notes I am on Ubuntu Server 12.04.1 LTS

    Read the article

  • HTTPS Proxy which answers CONNECT with own certificate

    - by user1109542
    I'm configuring a DMZ which has the following Scheme: Internet - Server A - Security Appliance - Server B - Intranet In this DMZ I need a Proxy server for http(s) connections from the Intranet to Internet. The Problem is, that all Traffic should be scanned by the Security Appliance. For this I have to terminate the SSL Connection at Server B, proxy it as plain http to Server A through the Security Appliance and then further as https into the Internet. An encryption is then persistent between the Client and Server B and the Target Server and Server A. The communication between Server A and Server B is unencrypted. I know about the security risks and that the client will see some warning about the unknown CA of Server B's certificate. As Software I want to use Apache Web Servers on Server A and Server B. As first step I tried to configure Server B that it serves as endpoint for the SSL Encryption. So it has to establish the encryption with the client (answering HTTP CONNECT). Listen 8443 <VirtualHost *:8443> ProxyRequests On ProxyPreserveHost On AllowCONNECT 443 # SSL ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel debug SSLProxyEngine on SSLProxyMachineCertificateFile /etc/pki/tls/certs/localhost_private_public.crt <Proxy *> Order deny,allow Deny from all Allow from 192.168.0.0/22 </Proxy> </VirtualHost> With this Proxy only the CONNECT request is passed through and an encrypted Connection between the client and the target is established. Unfortunately there is no possibility to configure mod_proxy_connect to decrypt the SSL connection. Is there any possibility to accomplish that kind of proxying with Apache?

    Read the article

  • LDAPS being redirected to 389

    - by Ikkoras
    We're trying to perform an LDAPS bind to a server which blocks 389 with a firewall so all traffic must travel over 636. In our test lab we're connecting to a test ldap (located on the same server) which does not have this firewall so both ports are exposed. Running ldp.exe on the test server we generate the trace below which seems to suggest that it is successfully binding over 636. However if we monitor the traffic with wireshark all the traffic is being sent to 389 with no attempt to even contact 636. Other tools will bind only with SSL on 636 or without SSL on 389 whjich seems to suggest it is behaving correctly but Wireshark shows 389. Only the test server we are using RawCap to capture the local loopback traffic. Any ideas? 0x0 = ldap_unbind(ld); ld = ldap_sslinit("WIN-GF49504Q77T.test.com", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 0 = ldap_connect(hLdap, NULL); Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); Host supports SSL, SSL cipher strength = 128 bits Established connection to WIN-GF49504Q77T.test.com. Retrieving base DSA information... Getting 1 entries: Dn: (RootDSE)

    Read the article

  • Wild Card DNS setup problems

    - by Phil Jackson
    Hi, this is my firast time with dedicated servers and im having problem setting up a wildcard sub-domain. I previously tried * /-----/ 14400 /-----/ IN /-----/ A /-----/ (serverip) waited 30 hours and nothing. so i then tried * /-----/ 14400 /-----/ IN /-----/ CNAME /-----/ actvbiv.co.uk. waited another 30 hours, nothing Im now trying; *.actvbiz.co.uk /-----/ 14400 /-----/ IN /-----/ CNAME /-----/ actvbiv.co.uk. Am i doing this correctly? using WHM. Regards, Phil Jackson

    Read the article

  • wildcards to use in codeigniter routing?

    - by ajsie
    in codeigniter you can use wildcard to reroute. i never heard the word wildcards before. is this a set of rules you can use like regexp? cause in codeigniter documentation they just gave some examples eg. $route['product/(:num)'] = "catalog/product_lookup_by_id/$1"; is there a list/reference with all the available wildcard expressions you can use?

    Read the article

  • Make: how make all hidden files in the current makefile?

    - by HH
    It traverses to bottom dirs for some unknown reason: Errorsome /bin/sh: .??*: not found make[23]: Entering directory `/m/user/files/dir' make clean Makefile all: make clean #The wildcard is the bug. I want to make all hidden files in the current makefile. #It should match .<some char><some char><any char arbitrary times> make $$(.??*) #I want to replace below-like-tihngs with a wildcard above # make .lambda # make .lambda_t clean: -rm .??* .lambda: #do something .lambda_t:

    Read the article

  • Deploying an SSL Application to Windows Azure &ndash; The Dark Secret

    - by ToStringTheory
    When working on an application that had been in production for some time, but was about to have a shopping cart added to it, the necessity for SSL certificates came up.  When ordering the certificates through the vendor, the certificate signing request (CSR) was generated through the providers (http://register.com) web interface, and within a day, we had our certificate. At first, I thought that the certification process would be the hard part…  Little did I know that my fun was just beginning… The Problem I’ll be honest, I had never really secured a site before with SSL.  This was a learning experience for me in the first place, but little did I know that I would be learning more than the simple procedure.  I understood a bit about SSL already, the mechanisms in how it works – the secure handshake, CA’s, chains, etc…  What I didn’t realize was the importance of the CSR in the whole process.  Apparently, when the CSR is created, a public key is created at the same time, as well as a private key that is stored locally on the PC that generated the request.  When the certificate comes back and you import it back into IIS (assuming you used IIS to generate the CSR), all of the information is combined together and the SSL certificate is added into your store. Since at the time the certificate had been ordered for our site, the selection to use the online interface to generate the CSR was chosen, the certificate came back to us in 5 separate files: A root certificate – (*.crt file) An intermediate certifcate – (*.crt file) Another intermediate certificate – (*.crt file) The SSL certificate for our site – (*.crt file) The private key for our certificate – (*.key file) Well, in case you don’t know much about Windows Azure and SSL certificates, the first thing you should learn is that certificates can only be uploaded to Azure if they are in a PFX package – securable by a password.  Also, in the case of our SSL certificate, you need to include the Private Key with the file.  As you can see, we didn’t have a PFX file to upload. If you don’t get the simple PFX from your hosting provider, but rather the multiple files, you will soon find out that the process has turned from something that should be simple – to one that borders on a circle of hell… Probably between the fifth and seventh somewhere… The Solution The solution is to take the files that make up the certificates chain and key, and combine them into a file that can be imported into your local computers store, as well as uploaded to Windows Azure.  I can not take the credit for this information, as I simply researched a while before finding out how to do this. Download the OpenSSL for Windows toolkit (Win32 OpenSSL v1.0.1c) Install the OpenSSL for Windows toolkit Download and move all of your certificate files to an easily accessible location (you'll be pointing to them in the command prompt, so I put them in a subdirectory of the OpenSSL installation) Open a command prompt Navigate to the folder where you installed OpenSSL Run the following command: openssl pkcs12 -export –out {outcert.pfx} –inkey {keyfile.key}      –in {sslcert.crt} –certfile {ca1.crt} –certfile (ca2.crt) From this command, you will get a file, outcert.pfx, with the sum total of your ssl certificate (sslcert.crt), private key {keyfile.key}, and as many CA/chain files as you need {ca1.crt, ca2.crt}. Taking this file, you can then import it into your own IIS in one operation, instead of importing each certificate individually.  You can also upload the PFX to Azure, and once you add the SSL certificate links to the cloud project in Visual Studio, your good to go! Conclusion When I first looked around for a solution to this problem, there were not many places online that had the information that I was looking for.  While what I ended up having to do may seem obvious, it isn’t for everyone, and I hope that this can at least help one developer out there solve the problem without hours of work!

    Read the article

  • Plesk wildcard subdomain not working

    - by avdgaag
    I'm trying to set up a wildcard subdomain on my VPS. Ultimately I want to end up with this: main site: my.domain.tld subdomain: sub1.my.domain.tld - should end up serving my.domain.tld/sub1 I am using plesk 8.6. I have created a DNS A record pointing at my VPS' IP. I have then restarted the DNS server and waited up to 24 hours. But trying ping sub1.my.domain.tld results in an unknown host error. So I know there's more stuff involved, configuring apache etc. But so far, I cannot even get the subdomain working at all, let alone serve up the right content. I have also tried a CNAME record, to no effect. I have also tried creating a regular subdomain with a fixed name, which also does not work. Pre-configured subdomains DO work, like ftp.my.domain.tld or mail.my.domain.tld. I am clearly missing something here, but my hosting provider charges a small fortune for any support request not involving hardware physically burning down, so I'm hesitant to ask them. Any ideas?

    Read the article

  • Trouble serving vhosts when trying to set up wildcard subdomains with dnsmasq in local development e

    - by Jeremy Kendall
    I'm trying to get wildcard DNS enabled on my laptop using dnsmasq. I realize that this has been asked and answered more than once on this forum, but I can't get the solution to work for me. Steps taken so far: Installed dnsmasq Set address=/example.dev/127.0.0.1 in dnsmasq.conf Set listen-address=127.0.0.1 in dnsmasq.conf Ensured nameserver 127.0.0.1 is in /etc/resolv.conf Set prepend domain-name-servers 127.0.0.1; in /etc/dhcp3/dhclient.conf Created a vhost for example.dev Restarted apache and dnsmasq Note: example.dev is not set in /etc/hosts My vhost for example.dev <VirtualHost *:80> ServerName example.dev DocumentRoot /home/jkendall/public_html/example/public ServerAlias *.example.dev # This should be omitted in the production environment SetEnv APPLICATION_ENV development <Directory /home/jkendall/public_html/example/public> DirectoryIndex index.php AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> The setup above will server example.dev locally without any problem. It will also serve test.example.dev, but test.example.dev returns the default apache "It works!" index.html from /var/www rather than my index.php in /home/jkendall/public_html/example/public. The solution in this Server Fault thread suggests that address=/.example.dev/127.0.0.1 would resolve my problem, but when I try to use that solution, restarting dnsmasq results in a failure with the error message dnsmasq: error at line 62 of /etc/dnsmasq.conf For grins, I moved my project over to /var/www/example and modified the vhost appropriately. I got the same result as described above. At this point I'm not sure what other steps I can take to resolve the issue. Thoughts?

    Read the article

  • Retrieving an RSA key from a running instance of Apache?

    - by Nathan Osman
    I created an RSA keypair for an SSL certificate and stored the private key in /etc/ssl/private/server.key. Unfortunately this was the only copy of the private key that I had. Then I accidentally overwrote the file on disk (yes, I know). Apache is still running and still serving SSL requests, leading me to believe that there may be hope in recovering the private key. (Perhaps there is a symbolic link somewhere in /proc or something?) This server is running Ubuntu 12.04 LTS.

    Read the article

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >