Search Results

Search found 3358 results on 135 pages for 'ssl'.

Page 51/135 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >

  • SharePoint MOSS - Serve HTTP content on an HTTPS page without Mixed Content Warning?

    - by kcb263
    Our "portal-like" SharePoint site is served using HTTPS/SSL. So a user goes to https://web.company.com and sees content and different Web Parts. So far, no problem. The desire now is to have new Web Parts added that either frame HTTP content (such as Weather Bug) or HTTP RSS feeds. The issue that arises is that by doing this, results in a "Mixed Content" warning in the browser. Has anybody successfully been able to implement such a scenario, or one similar to it? The options we have looked at, unsuccessfully, have been: using Apache Reverse Proxy Server mirror an external site Custom Web Parts

    Read the article

  • Red 5, First setup "ssl_error_rx_record_too_long" error message

    - by charles horvath
    I am using Windows 7 and I installed Red 5 0.9.1 just recently. After it installed I put 127.0.0.1 as the IP adress and 5080 as http port. After I start the service in windows I try to connect to the localhost in firefox (http://localhost:5080) and get this error An error occurred during a connection to localhost:5080. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) I checked my global flash settings and allowed localhost to pass along with the Red 5 folder in C/programfiles/red5. I currently have the up to date versions of JDK and JRE also. Any tips on what might be wrong?

    Read the article

  • Nginx ssl redirection of images

    - by krishna raj
    Hi. I am trying to set up nginx as reverse proxy for a tomcat server using SSL connection. I want the client's browser to load my tomcat application when nginx reverse proxy's IP is called from client's browser. My tomcat application's address is 192.168.25.25 and nginx proxy's address is 192.168.25.50 In my nginx.conf file i have added these lines # location / { proxy_pass https://192.168.25.25:443/myapp/; proxy_redirect https://192.168.25.25/myapp/ https://192.168.25.25/; } # Some of the images in my application is stored at 192.168.25.25/images/ . Now these directories cant be accessed as the proxy_pass is set to 192.168.25.25:443/myapp. Is there way to access images directory also without changing proxy_pass ? Thanks in advance.

    Read the article

  • Allow traffic from ssl-vpn to enter ipsec tunnel on fortigate

    - by Sascha
    we configured our FortiGate 50B to route traffic from our local net 192.168.10.* (which is our office) to a remote network 172.29.112.* using an ipsec tunnel. Everything works fine as long my computer has an ip from 192.168.10.*. We can also connect to the office network from at home using a ssl vpn connection. Once connected we receive an ip from 10.41.41.*. Now I want to allow the traffic flow from 10.41.41.* to 172.29.112.* just like it does from the office network. Could somebody point me in the right direction what I would need to do? Thanks, Sascha

    Read the article

  • How to handle certificates on a Apache reverse-proxy

    - by Helder
    Ok, so I was able to assemble an Apache for reverse proxy a bunch of internal sites. However, those sites use SSL. For the moment, and for testing purposes, I'm using self-signed certificates from the Apache box. I'm proxying a couple of OWA sites, and 2 https management consoles for a couple of appliances. I'm using name-based vhosts, and it's working fine (using Apache 2.2.14). However, I want to use the original, correct certificates. I have the original "3rd-party" certificates for all the sites, in .cer and .p7b format, and my question is: can I convert the certificates into something Apache will accept? Or will I need to generate new certificates, from the Apache box? Thanks!

    Read the article

  • How do I receive email sent to postmaster?

    - by jonescb
    I have a VPS server that I would like to get an SSL certificate for, and the CA needs an email address to verify that I own the domain. The options are: [email protected], [email protected], [email protected], and an address to @whoisguard.com. The server runs CentOS 5, and all I have set up for email is sendmail. I don't have POP3 or IMAP. According to this Wikipedia article on Postmaster, it says that all SMTP servers support postmaster and it cites RFC 5321. Does sendmail conform to this? I tried sending a test mail to [email protected], but I don't know how to receive it on my server. Do I need to open up any ports? I haven't gotten a message back saying that my test mail failed to send, so my server must have gotten it.

    Read the article

  • Exchange 2010, multiple accepted domains, UCC and outside webhosts

    - by westbadger
    We have an Exchange 2010 server configured to send and receive mail on several accepted domains for Outlook Anywhere, with a UCC cert addressing each mail.domain.com and autodiscover.domain.com, mail.otherplace.com etc. This worked fine until an SSL domain validation cert for one of the additional domains - where the www.otherplace.com is hosted outside our org - expired. Now Exchange users in mail.otherplace.com get an expired cert warning for otherplace.com when connecting to our mail.domain.com portal. They still get mail, but with a repeated popup in Outlook 2007 and 2010. If I understand it correctly - Outlook autodiscover connects by first polling otherplace.com/autodiscover - which is the outside www server with the expired cert before continuing on to autodiscover.otherplace.com - which is where the MX record points to our in-house Exchange UCC. I'm trying to find out if we should: 1) turn down all mail functions on the outside webserver 2) delete the expired (useless for an informational site) cert on the outside webserver 3) renew the cert for otherplace.com on the outside webserver - or something completely different? Many thanks in advance for your thoughts.

    Read the article

  • Securing data sent to an unencrypted WiFi AP

    - by David Parunakian
    The business plan of a project I'm involved in assumes selling certain WiFi-enabled devices to end users. All these devices originally have an unencrypted connection and a standard SSID. The problem is that although the user can connect to it and set both a new SSID and a WPA passphrase, these are being sent to the AP in plain text and thus can be intercepted by anyone nearby with a sniffer. What's the best solution to this problem, and why? Initially set up an encrypted wireless network at the device and supply the user with a printed passphrase Buy an SSL certificate for the AP's default IP address or local domain name (the APs aren't supposed to work as a router and have a captive portal & dnsmasq installed, so all of them can pretend to be myunit.example.com, as far as I understand) Something different Thank you.

    Read the article

  • Disable .htaccess from apache allowoverride none, still reads .htaccess files

    - by John Magnolia
    I have moved all of our .htaccess config into <Directory> blocks and set AllowOverride None in the default and default-ssl. Although after restarting apache it is still reading the .htaccess files. How can I completely turn off reading these files? Update of all files with "AllowOverride" /etc/apache2/mods-available/userdir.conf <IfModule mod_userdir.c> UserDir public_html UserDir disabled root <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory> </IfModule> /etc/apache2/mods-available/alias.conf <IfModule alias_module> # # Aliases: Add here as many aliases as you need (with no limit). The format is # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the URL. So "/icons" isn't aliased in this # example, only "/icons/". If the fakename is slash-terminated, then the # realname must also be slash terminated, and if the fakename omits the # trailing slash, the realname must also omit it. # # We include the /icons/ alias for FancyIndexed directory listings. If # you do not use FancyIndexing, you may comment this out. # Alias /icons/ "/usr/share/apache2/icons/" <Directory "/usr/share/apache2/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> </IfModule> /etc/apache2/httpd.conf # # Directives to allow use of AWStats as a CGI # Alias /awstatsclasses "/usr/share/doc/awstats/examples/wwwroot/classes/" Alias /awstatscss "/usr/share/doc/awstats/examples/wwwroot/css/" Alias /awstatsicons "/usr/share/doc/awstats/examples/wwwroot/icon/" ScriptAlias /awstats/ "/usr/share/doc/awstats/examples/wwwroot/cgi-bin/" # # This is to permit URL access to scripts/files in AWStats directory. # <Directory "/usr/share/doc/awstats/examples/wwwroot"> Options None AllowOverride None Order allow,deny Allow from all </Directory> Alias /awstats-icon/ /usr/share/awstats/icon/ <Directory /usr/share/awstats/icon> Options None AllowOverride None Order allow,deny Allow from all </Directory> /etc/apache2/sites-available/default-ssl <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule> /etc/apache2/sites-available/default <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> Alias /delboy /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> # Restrict phpmyadmin access Order Deny,Allow Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> /etc/apache2/conf.d/security # # Disable access to the entire file system except for the directories that # are explicitly allowed later. # # This currently breaks the configurations that come with some web application # Debian packages. # #<Directory /> # AllowOverride None # Order Deny,Allow # Deny from all #</Directory> # Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. # #ServerTokens Minimal ServerTokens OS #ServerTokens Full # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # #ServerSignature Off ServerSignature On # # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended # TraceEnable Off #TraceEnable On /etc/apache2/apache2.conf # # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See http://httpd.apache.org/docs/2.2/ for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "foo.log" # with ServerRoot set to "/etc/apache2" will be interpreted by the # server as "/etc/apache2/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation (available # at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # LockFile ${APACHE_LOCK_DIR}/accept.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 4 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 500 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # event MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include all the user configurations: Include httpd.conf # Include ports listing Include ports.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see README.Debian for details. # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/

    Read the article

  • pound: multiple domains

    - by niklassaers
    Hi guys, I've been using pound to run mydomain.dk. Now I've bought some other domains and SSL certificates that are mydomain.no, mydomain.se and mydomain.eu. My old config looked roughly like this: ListenHTTPS Address 81.19.246.120 Port 443 Cert "/usr/local/etc/pound.keys/mydomain.dk.pem" Service BackEnd Address 10.0.10.10 Port 8080 End End End At places like here I've seen that I can use HeadRequire in the Service part, but I want the Host header to go together with the Cert, ideally something like ListenHTTPS Address 81.19.246.120 Port 443 HostAndCert "mydomain.dk" "/usr/local/etc/pound.keys/mydomain.dk.pem" HostAndCert "mydomain.se" "/usr/local/etc/pound.keys/mydomain.se.pem" HostAndCert "mydomain.no" "/usr/local/etc/pound.keys/mydomain.no.pem" HostAndCert "mydomain.eu" "/usr/local/etc/pound.keys/mydomain.eu.pem" Service BackEnd Address 10.0.10.10 Port 8080 End End End Any suggestions or clues to how I can accomplish this? Cheers Nik

    Read the article

  • Trouble with apache saarting on boot with ssl api key

    - by molleman
    Im Running on Centos, the trouble is when i restart my server i need to start my apache and varnish service I use this to start both of them service httpd restart && service varnish restart But i would likw both of them to start when i reboot the server I read i could use this chkconfig httpd on But this is only for apache could i do this chkconfig varnish on Finally when i do y usual start of httpd , i am asked for my api key for SSL , am i able to incorporate this into resarting both varnish and httpd on start up. Or am i doomed to run this command everytime i resart

    Read the article

  • Disabling weak ciphers on Windows 2003

    - by Kev
    For PCI-DSS compliance you have to disable weak ciphers. PCI-DSS permits a minimum cipher size of 128 bits. However for the highest score (0 I believe) you should only accept 168 bit ciphers but you can still be compliant if you permit 128 bit ciphers. The trouble is that when we disable all but 168 bit encryption it seems to disable both inbound and out bound secure channels. For example we'd like to lock down inbound IIS HTTPS to 168 bit ciphers but permit outbound 128 bit SSL connections to payment gateways/services from service applications running on the server (not all payment gateways support 168 bit only we just found out today). Is it possible to have cipher asymmetry on Windows 2003? I am told it is all or nothing.

    Read the article

  • Exception while bamboo is checking for changes in svn

    - by tangens
    While configuring a new test plan in Atlassian bamboo, I get the following exception in the log: Recording error: Unable to detect changes : <projectname> Caused by: org.tmatesoft.svn.core.SVNException: svn: Unrecognized SSL message, plaintext connection? svn: OPTIONS request failed on <repo-path> I tried to access the svn repository by hand and it worked (URL looks like this: https://myrepo.org/path/to/repo). The svn sits behind an apache http server. Both the bamboo server and the svn server are running Debian 4.0. Has anybody seen this error before and can give me a hint how to fix it?

    Read the article

  • Firefox https problem with localhost

    - by vnuk
    I administer half a dozen servers with (among other things) Webmin. I connect to Webmin via ssh tunnel to port 10000. All of my Webmins run in https mode. Firefox from version 3.6.6. refuses to load my https://localhost:10000 pages claiming SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) Why is this problem NOW? It was working fine (annoying with certificate errors, but working) but now it is not working at all. I must have Google Chrome installed so I can connect to Webin.

    Read the article

  • Lighttpd as a proxy to a https host

    - by Homer J. Simpson
    Hi, I am trying to set up a lighttpd as proxy from one server to another (which is running Apache/SSL), having trouble with the https part.. I want to be able to capture https requests and let the Apache server handle it, trying this: $SERVER["socket"] == ":443" { $HTTP["host"] == "www.mydomain.com" { proxy.server = ( "" => ( ( "host" => "123.123.123.123", # the Apache "port" => 443))) } } Normal port 80 requests are working fine.. What am I doing wrong ? Edit: Additionaly, error.log doesnt show anything.. Requests to https://www.mydomain.com are not finishing.

    Read the article

  • Enable fastcgi on SSL Virtualhost

    - by ggstevens
    Debian 7.5 My VirtualHost for port 80 works fine with the ifmodule for fastcgi. However, it does not work with the VirtualHost for port 443. SSL/https:// was working fine until I added the following: <IfModule mod_fastcgi.c> AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization </IfModule> When I try to restart Apache I get an error: Reloading web server config: apache2 failed! However, if I remove the FastCgiExternalServer line, it works.

    Read the article

  • convert .p7b key to a .pfx

    - by DrStalker
    I have an SSL certificate in .p7b format that I need to convert to .pfx. If I try this through the windows certificate managment the option to expert as a .pfx is disabled. Trying with openssl I have found the following two commands to do the conversion: openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer but I'm not sure what key to use for teh esecond command, or what certificate CACert.cer refers to. How can I convert this key to .pfx format?

    Read the article

  • Apache can't connect to LDAP server

    - by jldugger
    I'm tying SVN to LDAPS by way of Apache. I've run openssl s_client --host $host --port 636 and received an SSL certificate, so it doesn't appear to be a firewall problem. I get the following warning: [Fri Apr 02 07:38:15 2010] [warn] [client <ip withheld>] [590] auth_ldap authenticate: user jldugger authentication failed; URI /internal-svn [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] "Can't contact LDAP server" is somewhere between vague and wrong. I'm at a loss on how to continue debugging this. Ideas?

    Read the article

  • Apache Reverse Proxy server and SSL NTLM SharePoint

    - by user50211
    Hi, I'm trying to set Apache as proxy server to an internal SharePoint server. I have previously configured Apache to run as a proxy server to export internal webpages and web applications. However, the Sharepoint is using SSL and NTLM authentication, and this is new to me :( I have tried many options, the traffic seems to be forwared as I get the authentication popup window, but when I insert the user/pass, I get back to the same popup window. Anybody has configured Apache to do so? Here is a part of my httpd.conf: <VirtualHost *:443> ServerName repository.out.com SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On ProxyPass / https://sharepoint.in.com ProxyPassReverse / https://sharepoint.in.com CacheDisable * SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 ErrorLog logs/jlanza_log CustomLog logs/jlanza_log common </VirtualHost>

    Read the article

  • How Can I Disable CRL Checks For A Windows 2008 App Using WinHTTP?

    - by Mike B
    I've got a Windows 2008 server with an app that uses WinHTTP for SSL sessions. The server is isolated from the internet but still tries to connect to CRL distribution points, which leads to some timeouts. Since the server has no access to the internet whatsoever, I'd like to disable CRL checks. I had a similar issue on a Windows 2003 server and resolved it by adjusting the following registry keys: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Http/Parameters/SslBindiongInfo/0.0.0.0:443/DefaultSslCertCheckMode (DWORD=1) HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRevocationCheck (DWORD = 1) HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRootRevocationCheck (DWORD = 1) That doesn't seem to be working in 2008. I've also tried disabling the CRL check from IE under Tools Internet Options Advanced. Is there anything else I can try here?

    Read the article

  • for ps aux what are Ss Sl Ssl proccess types UNIX

    - by JiminyCricket
    when doing a "ps aux" command I get some process listed as Ss, Ssl and Sl what do these mean? root 24653 0.0 0.0 2256 8 ? Ss Apr12 0:00 /bin/bash -c /usr/bin/python /var/python/report_watchman.py root 24654 0.0 0.0 74412 88 ? Sl Apr12 0:01 /usr/bin/python /var/python/report_watchman.py root 21976 0.0 0.0 2256 8 ? Ss Apr14 0:00 /bin/bash -c /usr/bin/python /var/python/report_watchman.py root 21977 0.0 0.0 73628 88 ? Sl Apr14 0:01 /usr/bin/python /var/python/report_watchman.py

    Read the article

  • IIS 7 with verisign certificate, invalid certificate returned

    - by bh213
    We have IIS7 on windows 2008 and we installed verisign certificate and bound it to https. Certificate seems fine. Chain: mysite.com - not expired VeriSign international server CA class 3 - not expired Verisign Class 3 Public primary certification Authority - not expired Yet when I use verisign online validation, I get that second certificate is expired. https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130# This is what it reports, mysite is reported to be ok: ---------------- --Issued To-- Organization: VeriSign Trust Network Organizational Unit: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Organizational Unit 2: VeriSign International Server CA - Class 3 Organizational Unit 3: VeriSign,, Inc. --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: Class 3 Public Primary Certification Authority Country: US Validity Start: Wed Apr 16 17:00:00 PDT 1997 Validity End: Wed Jan 07 15:59:59 PST 2004 ---------------- Any ideas?

    Read the article

  • Apache NameVirtualHost on port 443 ignores ServerAlias

    - by Ryan
    I've got a name-based virtual host setup on port 443 such that requests on host 'apple.fruitdomain' are proxied to the apple-app and requests on host 'orange.fruitdomain' are proxied to orange-app. This is working, but I'd like to add a ServerAlias for each such that requests on host 'apple' are proxied to apple-app and requests on host 'orange' are proxied to the orange-app. If I simply add a ServerAlias directive to the virtual host it doesn't work. ssl.conf below: Listen 443 NameVirtualHost *:443 <VirtualHost *:443> ServerName apple.fruitdomain ServerAlias apple SSLProxyEngine on ProxyPass /apple-app https://localhost:8181/apple-app ProxyPassReverse /apple-app https://localhost:8181/apple-app ... </VirtualHost> <VirtualHost *:443> ServerName orange.fruitdomain ServerAlias orange SSLProxyEngine on ProxyPass /orange-app https://localhost:8181/orange-app ProxyPassReverse /orange-app https://localhost:8181/orange-app ... </VirtualHost> Interestingly if I do a similar setup but with port 80 then the ServerAlias works...

    Read the article

  • SVN: Error validating server certificate for svn hook linux

    - by Dr Casper Black
    Hi, I managed to setup a SVN (over SSL) server and TortoiseSVN client on Win. I made a Post-Commit Hook for test project. The Post-Commit will update the web dir so the App in PHP can be executed with the newest version. It all works when done over shell. The only problem is, when i commit the changes over the client in Win the change is commited but HOOK throws error post-commit hook failed (exit code 1) with output: Error validating server certificate for 'https://SERVER_IP:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! - The certificate hostname does not match. Certificate information: - Hostname: DEVSRVR - Valid: from Fri, 28 Jan 2011 09:22:45 GMT until Sat, 28 Jan 2012 09:22:45 GMT - Issuer: PHP, SS, SS, SRB - Fingerprint: 5f:d0:50:d6:dd:a6:d4:64:a5:ac:3a:4b:7c:7d:33:e3:75:dd:23:9f (R)eject, accept (t)emporarily or accept (p)ermanently? svn: OPTIONS of 'https://SERVER_IP/svn/myproject/trunk': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://SERVER_IP)

    Read the article

  • Encrypt connection between apache web server and mysql server.

    - by microchasm
    I'm setting up a local webapp. I have a CentOS-5 box that will be the webserver (Apache 2.2). I have another box (RHEL5) that will be used only for MySQL. The data will be encrypted on the webserver via PHP before being sent to the MySQL box and inserted into the db. All web-based connections to the webserver will be encrypted via SSL. From the research I've done, it's not totally clear on whether or not there is a need to encrypt the connection to the db from webserver (NB paranoia level: Orange). If it is not overkill, or even if it is (unless it is a really bad idea for some reason), any advice or pointers on the direction to take to get this done would be appreciated.

    Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >