Search Results

Search found 3358 results on 135 pages for 'ssl'.

Page 53/135 | < Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60  | Next Page >

  • using modrewrite to change http to https? (not redirect)

    - by PaulHanak
    This might sound a little crazy, but bare with me. I basically have an include file, lets say inc-navigation.html, that has absolute paths (http://www.pathtoimage.com/image.com) that are on EVERY PAGE. Well, using SSL, I can't use that same include file because it is not referencing https:// What a pain! SO, I was maybe thinking of using htaccess to do a url rewrite of all references of HTTP to HTTPS when the browser requests a https page. Again, just to be clear, I don't want to "redirect", just "replace". So, I have this.... RewriteCond %{HTTPS} !=on RewriteRule ^http$ https but it doesn't seem to be working. I probably have the syntax wrong though. :) Of course, this is even if this type of thing is even possible!?

    Read the article

  • Trouble with apache starting on boot with ssl api key

    - by molleman
    Im Running on Centos, the trouble is when i restart my server i need to start my apache and varnish service I use this to start both of them service httpd restart && service varnish restart But i would likw both of them to start when i reboot the server I read i could use this chkconfig httpd on But this is only for apache could i do this chkconfig varnish on Finally when i do y usual start of httpd , i am asked for my api key for SSL , am i able to incorporate this into resarting both varnish and httpd on start up. Or am i doomed to run this command everytime i resart

    Read the article

  • Replace Certificate using Plesk 11

    - by Lambda Dusk
    I am not an admin, but a programmer. But how it is, if you're the only guy who knows about computers, everyone shoves those tasks to you. A certificate of a domain recently expired. The domains are managed using Plesk 11, on a Linux system, Apache2.2. I was given a new certificate from the host, and it is one single .pem file. However, Plesk asks me for a .crt file, a private key and some CA file. I have neither, only this single .pem file the host claims to be the certificate. Since I myself never did anything with SSL certificates, I would really appreciate if anyone can tell me what to do with this file and how to properly add a new one so the old one can be removed.

    Read the article

  • SSL on app - nginx web server

    - by Adam
    I am running an nginx web server where I redirect all http requests to https (with a self signed cert). Here is how I REDIRECT all http requests to https in the nginx config file: server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name my.server.ip; return 301 https://$server_name$request_uri; Problem is - I cannot seem to do so for an app running on a port. Example: http://my.server.ip:1234 does not redirect to https://my.server.ip:1234 ir works fine on all other urls like http://my.server.ip/temp etc. How can I modify the nginx config file to force that app url through ssl?

    Read the article

  • Random Connections to MySQL refused (Error 111)

    - by joatis
    A Perl/CGI webapp that has been running fine for almost a year has started to randomly been unable to connect to a remotely hosted MySQL. The Error thrown is : Can't connect to MySQL server on 'xx.x.xxx.xx' (111) Reloading the page often solves the problem The client is using Perl, DBI and SSL to connect to MySQL using the same configuration file each time. MySQL 5.0 Server Running RH EL5 Quad-Core AMD Opteron(tm) Processor 2374 HE, 8 cores Real Memory: 15.73 GB total, 11.81 GB used allows networking in my.cnf max-connections are not being met load is low. The servers firewall is open to the client's subnet. The mysql user has permissions from the client's subnet. I have my host looking into the problem but so far we're all stumped as to way the occasional connection is (increasingly getting refused) Any advice what to check that would cause the random refusal of connections?

    Read the article

  • Should I host my entire web application using https?

    - by user54455
    Actually my only requirement for using SSL encryption is that when a user logs in, the password is transferred encrypted. However after reading a bit about protocol switching, that an HTTPS session can't be taken over as an HTTP session etc. I've been asking myself if it's so bad to just have the entire application use HTTPS only. What are the reasons against it and how would you rate their importance? Please also mention: How much performance do I lose on server side (roughly)? How much performance do I lose on client side (roughly)? Any other problems on server / client side?

    Read the article

  • TCP handshake ok, then the client isn't receiving any packets from the server

    - by infgeoax
    Topology: Client ----- Intermediate Device ----- Server Client: win7 Intermediate Device: unknown Server: CentOS 5.8 The problem occurs when the client and server are trying to establish a SSL connection. It happens to one specific port, 2000. I haven't been able to replicate the problem with other port numbers. I captured packets on both client and server. After the TCP handshake, from the client's perspective, it's not receiving ACKs for its previously sent packets so it kept re-sending them. On the server side, however, it did receive those packets and sent ACK packets. The weird thing is, after the server sent those ACKs, it received a [RST, ACK] packet, from the intermediate device, for every packet it sent. What could be the cause?

    Read the article

  • ftp-client works fine. ftp-tls-client fails on one computer and works on another

    - by ispiro
    Connecting to ftp - from a Windows Server 2012 - it works both secure (-over tls) and unsecure. From a Windows 7 it succeeds unsecure but fails when secure. (Using explicit TLS and passive mode.) filezilla: 234 AUTH command ok. Expecting TLS Negotiation. Initializing TLS... Connection timed out I've tried many things but nothing helps. (I'm also trying this programmatically. For details see: http://stackoverflow.com/questions/25393716/ftp-ssl-fails-after-expecting-tls-negotiation ) The fact that it does succeed from one computer proves that the ftp server is fine. And the fact that the Windows 7 computer succeeds without tls proves that it's not a NAT/firewall problem (besides, it failed even after disabling firewall etc.). I'm not sure where to start looking. Perhaps a difference between PC Windows and Windows Server? EDIT The ftp server is on a Windows Server 2012.

    Read the article

  • WCF Http Bindings, Require SSL

    - by JoshKraker
    I have the following binding I'm using with my wsHttpBinding webservice. <binding name="wsHttpConfig"> <security> <transport clientCredentialType="None"/> </security> </binding> The issue is that it allows for the client to connect using either Http or Https. I would like to require them to use SSL. I tried adding the following: <system.web.extensions> <scripting> <webServices> <authenticationService enabled="true" requireSSL = "true"/> </webServices> </scripting> </system.web.extensions> But it had no effect; client could still connect with Http. I then tried checking the "Require SSL" in the IIS7 SSL Settings and had client certificates radio set to Accept. Now, when I try to view the service I am getting the error "Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding. Registered base address schemes are [https]." Anyone know exactly how to fix this error? I have been googling for the last 3 hours trying 500 different combinations (not 500, but too many to list) and could not get anything to run.

    Read the article

  • java RMI newbie-- some basic questions about SSL and auth/.rate limiting an RMI service

    - by Arvind
    I am trying to work to secure a java based RMI service using SSL. I have some basic questions about the capabilities of using SSL. Specifically, from what I understand, the client and server connecting via SSL will need to have appropriate credential certificates in both client and server, for a client to be granted access to the server. Am I correct in my understanding? Also, what I want to know is, can a person who is already using my RMI service and has access to a client machine , make a copy of the certificate in the client machine to other client machines-- and then invoke my RMI service from those other machines as well? How do I prevent such a situation from occurring? I mean, in a REST API you can use OAuth authentication, can we have some kind of authentication in an RMI Service? Also, can I possibly limit usage of the RMI service? For eg, a specific client may be allowed to make only 5000 calls per day to my RMI service, and if he makes more calls the calls occurring after the 5000 calls limit are all denied? How do I do such rate limiting and/or authentication for my RMI Service?

    Read the article

  • Can't send client certificate via SslStream

    - by Jonathan
    I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

    Read the article

  • Problem to Import certificate to Apache tomcat: Failed to establish chain from reply

    - by Ilya
    Hi, After I got certificate, I tried to import it as specified here: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File But I got this error: C:\Program Files (x86)\Java\jre6\binkeytool -import -alias tomcat -keystore C:\ SSL.keystore -file C:\SSL\SSL_Internal_Certificate_for_isdc-planning.cer Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply I need to import first chain certificate, by apache document Import the Chain Certificate into you keystore keytool -import -alias root -keystore \ -trustcacerts -file When I printed the certificate it's issuer is: Issuer: CN=Intranet Basic Issuing CA 2B I downloaded the chain certificates: Intranet Basic Issuing CA 1A(1).crt Intranet Basic Issuing CA 1A(2).crt Intranet Basic Issuing CA 1A.crt Intranet Basic Issuing CA 1B(1).crt Intranet Basic Issuing CA 1B(2).crt Intranet Basic Issuing CA 1B.crt Intranet Basic Issuing CA 2A(1).crt Intranet Basic Issuing CA 2A.crt Intranet Basic Issuing CA 2B(1).crt Intranet Basic Issuing CA 2B.crt Intranet Basic Policy CA(1).crt Intranet Basic Policy CA.crt Root CA.crt Issuer of Intranet Basic Issuing CA 2B.crt is Intranet Basic Policy CA and its Issuer is:Root CA certificate But I can't import 3 certificates into root alias. And imported "Intranet Basic Issuing CA 2B.crt" into root and then rerun import of tomcat alias But got the same error: keytool error: java.lang.Exception: Failed to establish chain from reply What is correct way to import correct chain certificate. Thanks in advance Ilya

    Read the article

  • How can I connect to server using SSL(secure socket layer) on .NET Compact Framework

    - by net
    Hello. I want to change .NET framework v3.5 to .NET compact framework v3.5. But I can't change SSL Stream class to compact framework version. For resolving this problem, I already read some article and msdn library. http://blogs.msdn.com/cgarcia/archive/2009/08/21/enable-ssl-for-managed-socket-on-windows-mobile.aspx http://blogs.msdn.com/cgarcia/archive/2009/08/22/getting-a-managed-socket-to-talk-ssl.aspx http://msdn.microsoft.com/en-us/library/aa916117.aspx but I got an error that is "Unkown error 0x0ffffff", when invoking 'socket.connect(endPoint)' method based on thease article. In order to find the proper method, I try to use TcpClient class. but i can't solve this problem. When I try to connect to server on .NET compact framework, TcpClient class didn't work(Smart Device project and windows ce). As you can see below, I've got the error. In other hand, this code is work on .NET framework(C# console project). I can't understand why this socket can not access to server. Thanks for reading my question.

    Read the article

  • QT QSslError being signaled with the error code set to NoError

    - by Nantucket
    My Problem I compiled OpenSSL into QT to enable OpenSSL support. Everything appeared to go correctly in the compile. However, when I try to use the official HTTP example application that can be found here, everytime I try to download an https page, it will signal two QSslError, each with contents NoError. The types of QSslErrors, including NoError, are documented here, poorly. There is no explanation on why they even included an error type called NoError, or what it means. Bizarrely, the NoError error code seems to be true, as it downloads the remote https document perfectly even while signaling the error. Does anyone have any idea what this means and what could possibly be causing it? Optional Background Reading Here is the relevant part of the code from the example app (this is connected to the network connection's sslErrors signal by the constructor): void HttpWindow::sslErrors(QNetworkReply*,const QList<QSslError> &errors) { QString errorString; foreach (const QSslError &error, errors) { if (!errorString.isEmpty()) errorString += ", "; errorString += error.errorString(); } if (QMessageBox::warning(this, tr("HTTP"), tr("One or more SSL errors has occurred: %1").arg(errorString), QMessageBox::Ignore | QMessageBox::Abort) == QMessageBox::Ignore) { reply->ignoreSslErrors(); } } I have tried the old version of this example, and it produced the same result. I have tried OpenSSL 1.0.0a and 0.9.8o. I have tried tried compiling OpenSSL myself, I have tried using pre-compiled versions of OpenSSL from the net. All produce the same result. If this were my first time using QT with SSL, I would almost think this is the intended result (even though their example application is popping up error warning message windows), if not for the fact that last time I played with QT, using what would now be an old version of QT with an old version of SSL, I distinctly remember everything working fine with no error windows. My system is running Windows 7 x64.

    Read the article

  • JVM to ignore certificate name mismatch

    - by Heavy Bytes
    I know there were a lot of questions/answers about how to ignore SSL error in the code. On our dev region dev.domain.tld we have configured a app server over SSL. The certificate that is displayed is for somedev.domain.tld. There is no way to change the certificate, it will always be a domain mismatch. So when I deploy a web-service to https://dev.domain.tld and try to connect/call my webservice I get an exception: Caused by: java.security.cert.CertificateException: No name matching dev.domain.tld found And I have the somedev.domain.tld CERT in my trust store. Now, I saw a lot of samples how to change that in the code (using a Trust Manager that accepts all domains), but how do I specify to the JVM to ignore the domain mismatch when connecting to the server? Is there a -Djavax.net.ssl argument or something? Thank you! UPDATE: Or, since I am using Spring-WS, is there a way to set some property in Spring for that? (WebServiceTemplate) UPDATE I guess I'll have to do use something from Spring Security: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html

    Read the article

  • Mysterious HttpSession and session-config dependency

    - by OneMoreVladimir
    Good day. I'm developing a Java web app with Servlets\JSP using Tomcat 7.0. During request from client I put and object into the session and use forward. After the forward processing the same request the object can be retreived if the secure parameter is false otherwise it is not stored in session. <session-config> <session-timeout>15</session-timeout> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> <tracking-mode>COOKIE</tracking-mode> </session-config> I've figured out that "...cookies can be created with the 'secure' flag, which ensures that the browser will never transmit the specified cookie over non-SSL...". I've configured Tomcat to use SSL, but that haven't helped. Changing the tracking mode to SSL haven't helped as well. How do session-config and HttpSession object correlate in this case? What could be the problem?

    Read the article

  • SSL in tomcat with apr and Centos 6

    - by Jonathan
    I'm facing a problem setting up my tomcat with apr native lib, I have the following: Tomcat: 7.0.42 Java: 1.7.0_40-b43 OS: Centos 6.4 (2.6.32-358.18.1.el6.i686) APR: 1.3.9 Native lib: 1.1.27 OpenSSL: openssl-1.0.0-27.el6_4.2.i686 My server.xml looks like: ... <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> ... <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLCertificateFile="/tmp/monitoringPortalCert.pem" SSLCertificateKeyFile="/tmp/monitoringPortalKey.pem" SSLPassword="hide" /> ... I compiled the native lib as follow: ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --prefix=$CATALINA_HOME make && make install The APR is loaded ok: Oct 06, 2013 7:55:14 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR version 1.3.9. But I'm still having this error: SEVERE: Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform ./configure outcome [root@localhost native]# ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes -- prefix=$CATALINA_HOME && make && make install checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.27 checking for chosen layout... tcnative checking for APR... yes setting CC to "gcc" setting CPP to "gcc -E" checking for JDK location (please wait)... /usr/java/jdk1.7.0_40 from environment checking Java platform... checking Java platform... checking for sablevm... NONE adding "-I/usr/java/jdk1.7.0_40/include" to TCNATIVE_PRIV_INCLUDES checking os_type directory... linux adding "-I/usr/java/jdk1.7.0_40/include/linux" to TCNATIVE_PRIV_INCLUDES checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for OpenSSL library... using openssl from /usr/lib and /usr/include checking OpenSSL library version... ok checking for OpenSSL DSA support... yes setting TCNATIVE_LDFLAGS to "-lssl -lcrypto" adding "-DHAVE_OPENSSL" to CFLAGS setting TCNATIVE_LIBS to "" setting TCNATIVE_LIBS to " /usr/lib/libapr-1.la -lpthread" configure: creating ./config.status config.status: creating tcnative.pc config.status: creating Makefile config.status: executing default commands make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' /usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \ /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin /usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc list=''; for i in $list; do \ ( cd $i ; make DESTDIR= install ); \ done /bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27 libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; }) libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; }) libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib' make && make install outcome: make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' /usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \ /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin /usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc list=''; for i in $list; do \ ( cd $i ; make DESTDIR= install ); \ done /bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27 libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; }) libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; }) libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib' It seems everything is fine, but the error is not self-explanatory Could you guys help to understand where my error is? What am I missing? Thanks in advance for your support.

    Read the article

  • "Can't Connect to Server" from 2nd virtual host on VPS

    - by chaoskreator
    I'm using Debian 7 Wheezy and Apache 2.2.22, and I'm setting up Virtual Hosts for a number of websites on my VPS. I've successfully configured the VirtualHost directives for one of the sites, but the second one continually gives "Problem Loading Page" in Firefox. I've run configtest and it has verified all my syntax is correct, and I've checked all the permissions. Everything on the 2nd domain is pretty much copy/pasted from the first, so I'm not sure what the issue is, as there are no entries into /var/log/apache2/error.log other than where I have reloaded the configurations: /# cat /var/log/apache2/error.log [Thu May 29 01:19:00 2014] [notice] Graceful restart requested, doing restart [Thu May 29 01:19:00 2014] [info] Init: Seeding PRNG with 656 bytes of entropy [Thu May 29 01:19:00 2014] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Thu May 29 01:19:00 2014] [info] Init: Generating temporary DH parameters (512/1024 bits) [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcaches, 133 indexes each [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(308): subcache_num = 32 [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(310): subcache_size = 15992 [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 3208 [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 12784 [Thu May 29 01:19:00 2014] [debug] ssl_scache_shmcb.c(316): index_num = 133 [Thu May 29 01:19:00 2014] [info] Shared memory session cache initialised [Thu May 29 01:19:00 2014] [info] Init: Initializing (virtual) servers for SSL [Thu May 29 01:19:00 2014] [info] mod_ssl/2.2.22 compiled against Server: Apache/2.2.22, Library: OpenSSL/1.0.1e [Thu May 29 01:19:00 2014] [notice] Apache/2.2.22 (Debian) PHP/5.4.4-14+deb7u9 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_perl/2.0.7 Perl/v5.14.2 configured -- resuming normal operations [Thu May 29 01:19:00 2014] [info] Server built: Mar 4 2013 22:05:16 [Thu May 29 01:19:00 2014] [debug] prefork.c(1023): AcceptMutex: sysvsem (default: sysvsem) I've ensured to enable each vhost with a2ensite {sitename.conf} with no errors there, either. Below are the contents of the configuration files... /etc/apache2/apache2.conf # Global configuration # LockFile ${APACHE_LOCK_DIR}/accept.lock PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> DefaultType None HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel debug # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include list of ports to listen on and which to use for name based vhosts Include ports.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i # # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <Directory "/var/www"> Order allow,deny Allow from all Require all granted </Directory> # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/*.conf NameVirtualHost *:80 /etc/apache2/sites-available/site1.net.conf <VirtualHost *:80> ServerName site1.net ServerAlias site1.net *.site1.net DocumentRoot "/var/www/site1" ErrorLog "/var/www/site1/logs/error.log" CustomLog "/var/www/site1/logs/access.log" vhost_combined <Directory "/var/www/site1"> Options None AllowOverride All Order allow,deny Allow from all Satisfy Any </Directory> </VirtualHost> /etc/apache2/sites-available/site2.com.conf <VirtualHost *:80> ServerName site2.com ServerAlias site2.com *.site2.com DocumentRoot "/var/www/site2" ErrorLog "/var/www/site2/logs/error.log" CustomLog "/var/www/site2/logs/access.log" vhost_combined <Directory "/var/www/site2"> Options None AllowOverride All Order allow,deny Allow from all Satisfy Any </Directory> </VirtualHost> I've also tried setting NameVirtualHost like: Listen 80 NameVirtualHost 23.88.121.82:80 NameVirtualHost 127.0.0.1:80 and the VirtualHost Directives: <VirtualHost 23.88.121.82:80> ... </VirtualHost> for both sites, but that causes the first site to fail, as well. I'm wondering if I need to set up individual IPs for each site, possibly? I have 2 more IPv4 and 3 IPv6 addresses available, if that would make a difference. Also, in the grand scheme of things, I will need to enable SSL for the first site. I've been reading that I'll need to basically just mimic the directives for listening on port 80, only on port 443, and make sure mod_ssl is enabled? EDIT: I just ran apache2 -t to test the config files that way, and got the error: apache2: bad user name ${APACHE_RUN_USER}. However, apachectl configtest returns Syntax OK. There are no other mentions of errors with the mutex anywhere else, however. I was pretty sure if there was an error with the user apache was supposed to run under, the server wouldn't start at all... EDIT 2: Restarting apache fixed the bad user name error.

    Read the article

  • Cannot decode complete cipher list in .NET SslStream handshake.

    - by karmasponge
    While attempting to move from a 'C' based SSL implementation to C# using the .NET SslStream and we have run into what look like cipher compatibility issues with the .NET SslStream and a AS400 machine we are trying to connect to (which worked previously). When we call SslStream.AuthenticateAsClient it is sending the following: 16 03 00 00 37 01 00 00 33 03 00 4d 2c 00 ee 99 4e 0c 5d 83 14 77 78 5c 0f d3 8f 8b d5 e6 b8 cd 61 0f 29 08 ab 75 03 f7 fa 7d 70 00 00 0c 00 05 00 0a 00 13 00 04 00 02 00 ff 01 00 Which decodes as (based on http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt) [16] Record Type [03 00] SSL Version [00 37] Body length [01] SSL3_MT_CLIENT_HELLO [00 00 33] Length (51 bytes) [03 00] Version number = 768 [4d 2c 00 ee] 4 Bytes unix time [… ] 28 Bytes random number [00] Session number [00 0c] 12 bytes (2 * 6 Cyphers)? [00 05, 00 0a, 00 13, 00 04, 00 02, 00 ff] - [RC4, PBE-MD5-DES, RSA, MD5, PKCS, ???] [01 00] Null compression method The as400 server responds back with: 15 03 00 00 02 02 28 [15] SSL3_RT_ALERT [03 00] SSL Version [00 02] Body Length (2 Bytes) [02 28] 2 = SSL3_RT_FATAL, 40 = SSL3_AD_HANDSHAKE_FAILURE I'm specifically looking to decode the '00 FF' at the end of the cyphers. Have I decoded it correctly? What does, if anything, '00 FF' decode too? I am using the following code to test/reproduce: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Net.Sockets; using System.Net.Security; using System.Security.Authentication; using System.IO; using System.Diagnostics; using System.Security.Cryptography.X509Certificates; namespace TestSslStreamApp { class DebugStream : Stream { private Stream AggregatedStream { get; set; } public DebugStream(Stream stream) { AggregatedStream = stream; } public override bool CanRead { get { return AggregatedStream.CanRead; } } public override bool CanSeek { get { return AggregatedStream.CanSeek; } } public override bool CanWrite { get { return AggregatedStream.CanWrite; } } public override void Flush() { AggregatedStream.Flush(); } public override long Length { get { return AggregatedStream.Length; } } public override long Position { get { return AggregatedStream.Position; } set { AggregatedStream.Position = value; } } public override int Read(byte[] buffer, int offset, int count) { int bytesRead = AggregatedStream.Read(buffer, offset, count); return bytesRead; } public override long Seek(long offset, SeekOrigin origin) { return AggregatedStream.Seek(offset, origin); } public override void SetLength(long value) { AggregatedStream.SetLength(value); } public override void Write(byte[] buffer, int offset, int count) { AggregatedStream.Write(buffer, offset, count); } } class Program { static void Main(string[] args) { const string HostName = "as400"; TcpClient tcpClient = new TcpClient(HostName, 992); SslStream sslStream = new SslStream(new DebugStream(tcpClient.GetStream()), false, null, null, EncryptionPolicy.AllowNoEncryption); sslStream.AuthenticateAsClient(HostName, null, SslProtocols.Ssl3, false); } } }

    Read the article

  • Virtual SMTP not sending mails

    - by DoStuffZ
    Hi I have been googling for the better part of the last two hours without finding any conclusion. My mails are not being sent from the production webserver. If I stop/start the Virtual SMTP I get this in the event log: No usable TLS server certificate for SMTP virtual server instance '1' could be found. TLS will be disabled for this virtual-server. We recently updated the webapplication running and I assume something went amiss during that. Googling the message straight up gave me a list that just as well could have been in greek. I found a security certificate on the server, installing that gave no change. I basicly played russian roulette with the certificate file (.cer), though I was somewhat certain it would not have a negative effect. (Russian roulette with a 6 chamber gun and 2 bullets.) I found a .pfx in our local documentation folder, though I'm far from certain that to have a positive effect. (6 chambers and 5 bullets). I found a site describing how the Virtual SMTP - Properties - Access - should have a button saying Certificates. I have a text saying "Did not find any TLS certificates" and a grayed out tick box saying "Require TLS certificate". I found the TLS being SSL ver3.1+ (3.1-3.3). So question goes - How do I enable the SMTP to once again send emails, like before.

    Read the article

  • Citrix Access Gateway with Citrix Receiver

    - by vm370
    I'm currently using a Citrix Access Gateway with firmware 5.0.4 to provide access over an SSL-VPN to an isolated environment, which is connected to over the Citrix Access Gateway Client, which is delivered by the device by default. However we encountered different problems, e.g. that it's somehow not possible to get it out of the autostart (not registered as a service or in the autostart?!) and it killed the Cisco VPN Client, which is used in the company and unfortunately cannot be replaced. The Cisco client can also just be used again after a procedure with cleaning the registry from all CAG Client remains, which requires a lot of effort. Because of that, I'd like to check if there is an alternative to this client, since is this is a real pain... Unfortunately I couldn't find a way to use the Receiver with the CAG yet, but if you have any resources on how to build this workaround, I'd be very happy. Thanks a lot in advance UPDATE: If there are other alternatives I'd be even more happy, since using the Receiver would also mean that there is an issue with the ICA-Client, which is also used in our environments. From my experience, the Receiver and the ICA-Client are also no good friends...

    Read the article

  • How do I renew a Web Server certificate in Windows Server 2008?

    - by Mark Seemann
    The SSL certificate for my web site just expired a few days ago, and I would like to renew it. I originally issued it two years ago using my Windows 2008 Certificate Authority, and it's worked without a hitch in all that time, so I would like to renew the certificate as simply as possible to make sure that all the applications relying on that certificate continue to work. I can open an MMC instance and add the Certificates snap-in for the Local Computer. I can find the relevant certificate under Personal, but I can't renew it. When I select Renew certificate with new key I get the following message: Web Server Status: Unavailable The permissions on the certificate template do not allow the current user to enroll for this type of certificate. You do not have permission to request this type of certificate. However, I can't understand this, as I'm logged on as a Domain Admin and I'm running the MMC instance in elevated mode. I've checked the Web Server certificate template, and Domain Admins have the Enroll permission on this template. FWIW, I also tried rebooting the server. How can I renew the certificate?

    Read the article

  • HTTP Upload Problems

    - by jfoster
    We are running a marketplace on ColdFusion8 and IIS with a widely geographically distributed user base and have been receiving complaints of issues with some HTTP uploads. Most of the complaints are coming from geographically distant locations from our main datacenter on the US east coast. I've attempted to upload the same 70MB file from a US West coast test server to both our main site and a backup running the same code on a different network route and I saw the same issues fairly consistently in both places, so I've ruled out the code, route, and internal network errors. I've also tested uploads using both the native cf upload tag and a third party tool called SaFileUp. I saw the same issues with both upload tools, so I also don't think this is necessarily a ColdFusion problem. I don't have any problems uploading the test file from the East coast to other east coast servers, so I'm beginning to think that the distance between our users and our equipment is a factor. I've also found that smaller files are more likely to succeed than large ones (< 10MB) I tried the test upload with both IE and FF and did notice a difference in the way that the browsers seemed to handle packet errors. IE seemed to have a tough time continuing an upload after dropped / bad packets, whereas FF seemed to have the ability to gracefully resume an upload after experiencing packet problems. Has anyone experienced similar issues? Is there anything we can do on our side to make uploads more forgiving to packet loss or resumable after an error? A different upload tool etc… Do we need upload servers in more than one location to shorten the network routes between clients and servers? Does anyone think that switching uploads to SSL will help (no layer7 packet sniffing may lead to a smoother upload). Thanks.

    Read the article

  • How can a Postfix/Dovecot(ssl)/Apache/Roundcube(non-ssl) setup leak email addresses?

    - by Jens Björnhager
    I have a linux box email server with Postfix as the MTA, Dovecot as the IMAP server and Apache with Roundcube as webmail. In my /etc/postfix/aliases I have just above a hundred different aliases which makes as many email addresses on my domain. I use one address per website so I easily can shut down spam infested addresses. During the half a year or so that I have had this setup, I have received 3 spam from 2 sources. As I know exactly where I entered this address, it should be easy to pinpoint email leaking websites and services. However, these sources are, according to me, not likely email sellers. And for one of them to sell my email twice? I contacted one of the sources and they are adamant that their system is tight. They suggested the possibility that it is my server that is doing the leaking. So, my question is: How likely is it that my box is leaking email addresses, and how? I don't store fully qualified email addresses anywhere in my system except in my maildir. I use SSL connection to IMAP I do not use https on webmail

    Read the article

  • ISA 2006 SP1 - SSL Client Certificate Authentication in Workgroup Environment

    - by JoshODBrown
    We have an IIS6 website that was previously published using an ISA 2006 SP1 standard server publishing rule. In IIS we had required a client certificate be provided before the website could be accessed... this all worked fine and dandy. Now we wish to use a web publishing rule on ISA 2006 SP1 for this same website. However, it seems the client certificate doesn't get processed now, so of course the user can't access the website. I've read a few articles stating the CA for the certificate needs to be installed in the trusted root certificate authorities store on the ISA Server (i have done this), as well as installing the client certificate on the ISA Server (done as well). I have also verified that the ISA Server is able to access the CRL for our CA no problem... In the listener properties for the web publishing rule, under Authentication, and Client Authentication Method, there is an option for SSL Client Certificate Authentication... i select this, but it appears the only Authentication Validation Method selectable is Windows (Active Directory).... there is no Active Directory in this environment. When i configure the rule with the defaults, I then try to hit my website and it prompts for my certificate, i choose it and hit ok... then I'm given the following error Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) I check the event logs on the ISA Server and in Security Logs, i see Event ID 536, Failure Aud. The reason: The NetLogon component is not active. I think this is pretty obvious since there is no active directory available. Is there a way to make this web publishing rule work using client certificates in this workgroup environment? Any suggestions or links to helpful documents would be greatly appreciated!

    Read the article

< Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60  | Next Page >