Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

Page 59/170 | < Previous Page | 55 56 57 58 59 60 61 62 63 64 65 66 | Next Page >

How do digital certificates prove the identity of a device?

- by StackedCrooked

I understand how the relation between issuer and subject certificates enables verification of the subject's authenticity. If I connect to a networked device, and it sends me its certificate to identify itself, then I can verify that it was issued by a trusted party and that it has not been tampered with in any way. However, suppose I simply upload this certificate onto another device. Then what prevents me from having this device identify itself with the copied certificate?

Read the article
How to securely connect to multiple different LDAPS servers (Debian)

- by Pickle

I'm trying to connect to multiple different LDAPS servers. A lot of the documentation I've seen recommends setting TLS_REQCERT never, but that strikes me as horribly unsecure to not verify the certificate. So I've set that to demand. All the documentation I've seen says I need to update ldap.conf with a TLS_CACERT directive pointing to a .pem file. I've got that .pem file set up with the certificate from LDAP Server #1, and ldaps connections are happening fine. I've now got to communicate securely with another LDAP server in another branch of my organization, that uses a different certificate. I've seen no documentation on how to do this, except 1 page that says I can simply put multiple (not chained) certificates in the same .pem file. I've done this and everything is working hunky dorey. However, when I told a colleague what I did, he sounded like the sky was falling - putting 2 non-chained certificates into one .pem file is apparently the worst thing since ... ever. Is there a more acceptable way to do this? Or is this the only accepted way?

Read the article
Invisible Apache redirect

- by Guilhem Soulas

I would like subdomain.mydomain.com to invisibly redirect to https://[myServerIP]:2083. (There is an SSL issue here). So far I managed to do it, but the redirection is visible and I don't want it: RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^subdomain.\.mydomain\.com$ RewriteRule ^ https://[myServerIP]:2083/ Would it be a way to achieve the same redirection while maintaining permanently my beautiful "subdomain.mydomain.com" in the address bar? EDIT with the ProxyPass directive: I tried some variations with ProxyPass but it will still change the URL in the address bar: ServerName subdomain.mydomain.com <Location /> ProxyPass https://[myServerIP]:2083/ ProxyPassReverse https://[myServerIP]:2083/ </Location> RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^subdomain\.mydomain\.com$ RewriteRule ^ https://[myServerIP]:2083/ EDIT2: It still doesn't work: #non SSL ServerName subdomain.mydomain.com #SSL! <Location /> ProxyPass https://[myServerIP]:2083/ ProxyPassReverse https://[myServerIP]:2083/ </Location> EDIT3: It now works using the SSLProxyEngine directive: SSLProxyEngine on ServerName subdomain.mydomain.com <Location /> ProxyPass https://[myServerIP]:2083/ ProxyPassReverse https://[myServerIP]:2083/ </Location> I can now access my login interface (cPanel). However, once I'm logged in it doesn't redirect to the next page subdomain.mydomain.com/cpsess5850710203/.

Read the article
How to turn off SSL on heroku

- by rockyroadster555

I'm redirecting a domain to Heroku using a cname. Currently Its working but is giving me an ssl error. Is there a way to turn off ssl on heroku? Heres the SSL Error This is probably not the site you are looking for! You attempted to reach app.grewpr.com, but instead you actually reached a server i identifying itself as *.herokuapp.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of app.grewpr.com. You should not proceed, especially if you have never seen this warning before for this site. When I try to go to http://pure-chamber-1979.herokuapp.com/ it automatically redirects me to the ssl version. Is there a way to turn this off?

Read the article
how to get rid of certificate error: navigation blocked in ie8

- by Radek

when I access our intranet via https I get this "certificate error: navigation blocked" error in IE8 on Windows XP SP3. I can click Continue to this website (not recommended). but I use IE for automation testing so I have to avoid these extra clicks. Any idea? I tried setting “Turn off the Security Settings Check feature” to enabled. setting "Display Mixed Content" to enabled lowering security levels to minimum adding the web server address to trusted zone

Read the article
Seeking htaccess help: Converting multiple subdomains (both http and https) to www.domain.com using .htaccess

- by Joshua Dorkin

I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer: I've got a dozen old subdomains that have been indexed by Google. These have been indexed as both http AND https. I've managed to redirect all the subdomains properly, provided they are not https, but can't get any of the https subdomains to property redirect. Here's the code I'm using: RewriteCond %{HTTP_HOST} ^subdomain1.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain2.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain3.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] This works great until someone goes to: https://subdomain2.mysite.com$ which is not redirected back to http://www.mysite.com$ How can I get this to work? Additionally, I'm guessing there is an easier way to make it happen than setting up a dozen pairs of Rewrite conditions/rewrite rule? Is there any way to do this in just a few lines, including one where I list all the subdomains? I'd actually also like to redirect everything on https://www.mysite.com$ to http://www.mysite.com$ except for 3 folders These are mysite.com/secure, mysite.com/store, mysite.com/user -- is there any good way to add this to the htaccess file? Any suggestions would be great! Thank you in advance for any help.

Read the article
Call WCF using transport layer security and SSL configured

Wcf Security

Read the article
Python HTTPS requests (urllib2) fails on Ubuntu 12.04 without proxy

- by Pablo

I have an little app I wrote in Python and it used to work... until yesterday, when it suddenly started giving me an error in a HTTPS connection. I don't remember if there was an update, but both Python 2.7.3rc2 and Python 3.2 are failing just the same. I googled it and found out that this happens when people are behind a proxy, but I'm not (and nothing have changed in my network since the last time it worked). My syster's computer running windows and Python 2.7.2 has no problems (in the same network). response = urllib2.urlopen(url).read() File "/usr/lib/python2.7/urllib2.py", line 126, in urlopen return _opener.open(url, data, timeout) File "/usr/lib/python2.7/urllib2.py", line 400, in open response = self._open(req, data) File "/usr/lib/python2.7/urllib2.py", line 418, in _open '_open', req) File "/usr/lib/python2.7/urllib2.py", line 378, in _call_chain result = func(*args) File "/usr/lib/python2.7/urllib2.py", line 1215, in https_open return self.do_open(httplib.HTTPSConnection, req) File "/usr/lib/python2.7/urllib2.py", line 1177, in do_open raise URLError(err) urllib2.URLError: <urlopen error [Errno 8] _ssl.c:504: EOF occurred in violation of protocol> What's wrong? Any help is appreciated. PS.: Older python versions don't work either, not in my system and not in a live session from USB, but DO work in a Ubuntu 11.10 live session.

Read the article
HTTPS on all pages where user is logged on

- by Tom Gullen

I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum where the users post images which either aren't posted with URL's over HTTPS or the url itself doesn't support HTTPS. This throws up a lot of ugly browser warnings. I see I have two options: Disable HTTPS for the forum Force all user posted content to start with // in the url so it selects the right protocol, if it doesn't support HTTPS so be it Do I have any other options? How do other sites deal with this?

Read the article
Nginx and Google Appengine Reverse Proxy Security

- by jmq

The scenario is that I have a Google compute node running Nginx as a reverse proxy to the google appengine. The appengine is used to service REST calls from an single page application (SPA). HTTPS is used to the Nginx front end from the Internet. Do I also need to make the traffic from the Nginx reverse proxy to the appengine secure by turning on HTTPS on the appengine? I would like to avoid the overhead of HTTPS between the proxy and the backend. My thinking was that once the traffic has arrived at Nginx encrypted, decrypted in Nginx, and then sent via the reverse proxy inside of Google's infrastructure it would be secure. Is it safe in this case to not use HTTPS?

Read the article
Is there a way to disallow only crawling in https in robots.txt?

- by David Wilkins

I just realized that Bingbot is crawling my company's website's pages over https. Bing already crawls the site over http, so this seems frivolous. Is there a way to specify Disallow: / for https only? According to Wikipedia, each protocol has its own robots.txt And according to Google's Robots.txt Specification, the robots.txt applies to http AND https I don't want to Disallow: / for Bing totally, just over https.

Read the article
How can I set the default page for an https request?

- by Rachel

We have a website which has a Virtual Directory containing the secure portion of the website. If users come to http://www.mydomain.com, they should get directed to default.aspx of the main site, but if they go to https://www.mydomain.com, they should go to default.aspx of the virtual directory. The default page for the main site works fine, however I can't figure out how to set the default page for https traffic. Right now going to https://www.mydomain.com simply gives me a Page Not Found error. How can I set this up in IIS on Windows Server 2003?

Read the article
Seeking .htaccess help: Converting multiple subdomains (both HTTP and HTTPS) to www.domain.com using .htaccess

- by Joshua Dorkin

I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer. I've got a dozen old subdomains that have been indexed by Google. These have been indexed as both HTTP AND HTTPS. I've managed to redirect all the subdomains properly, provided they are not HTTPS, but can't get any of the HTTPS subdomains to property redirect. Here's the code I'm using: RewriteCond %{HTTP_HOST} ^subdomain1.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain2.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain3.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] This works great until someone goes to: https://subdomain2.mysite.com$ which is not redirected back to http://www.mysite.com$ How can I get this to work? Additionally, I'm guessing there is an easier way to make it happen than setting up a dozen pairs of RewriteCond/RewriteRule? Is there any way to do this in just a few lines, including one where I list all the subdomains? I'd actually also like to redirect everything on https://www.mysite.com$ to http://www.mysite.com$ except for 3 folders. These are mysite.com/secure, mysite.com/store, mysite.com/user. Is there any good way to add this to the .htaccess file?

Read the article
Encrypting and decrypting single file with master password and passphrase

- by Iori

Last night my system shutdown unexpectedly and when i restart it, it gave me superblock error. will then i fixed a little but. i was able to retrive my encrypted files which i encrypted my pgp public key but i was not able to retrive my private key or public key now i have ecrypted file which cannot be open because i have lost my private key. is there any way that i can encrypt my file by providing only master password and passphrase and no physical key or private key and when i am on another computer i can easily open it my same master password and passphrase. Thanks in advance

Read the article
MCSD Certification, any recommended study material?

- by Dayan

I wish to study for the new MCSD Certification For web applications: I headed over to Amazon in search of some books and had no luck with finding anything up to date, most books are outdated, such as the list provided by Amazon MCSD Books. Is this because the test is more based on experience rather than just an understanding of the subject? Any tips and/or recommended materials will be appreciated, thank you!

Read the article
http to https upgrade -- SEO troubles

- by SLIM

I upgraded my site so that all pages have gone from using http to https. I didn't consider that Google treats https pages differently than http. I re-created my sitemap to so that all links now reflect the new https and let it be for a few days. (Whoops!) Google is now re-indexing all https pages. I have about 19k pages on the site, and Google has already indexed about 8k of the new https. The problem is that Google sees all of these as brand new pages when many of them have a long http history. Of course most of you will recognize the problem, I didn't set up a 301 from the old http to the new https. Is it too late to do this? Should I switch my sitemap back to http and then 301 to the new https? Or should I leave the sitemap as is, and setup 301 redirects anyway.. I'm not even sure if Google is trying to reach the http site anymore. Currently the site is doing 303 redirects (from http to https), although I haven't figured out why yet. Thanks for any suggestions you can offer.

Read the article
How can I pass referrer header from my https domain to http domains?

- by nutcracker

My website is 100% https. I have links to other http domains. The referrer header is not set when linking from a https page to a http page. From http://en.wikipedia.org/wiki/HTTP_referrer If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent. I would prefer that other domains can see the referrer so that they know that traffic comes from my domain. Is there a way to force this header or is there another solution? Update I've done some basic testing using a redirect: http page -- link to http --> 301 redirect --> http page = referrer intact https page -- link to https --> 301 redirect --> http page = referrer blank https page -- link to http --> 301 redirect --> http page = referrer blank https page -- link to http --> 302 redirect --> http page = referrer blank The referrer is lost when linking from a https page to a http redirect page on my own domain. So there is no referrer on the redirect.

Read the article
Is 301 redirect sufficient to solve WWW and HTTP/S duplication?

- by Thomas Ojo

I was reading about this article - SEO preference for WWW or HTTP:// protocol redirection? Do www websites rank better than NON-www? I have same problem but I needed a help on this further. What about https:// How will this be treated? Is the redirect 301 sufficient to solve the problem? I have a SEO company that says if possible, i should not have redirect but I don't think this is visible? Does permanent redirect in any way have effect on SEO services if properly done?

Read the article
Google suddenly only indexes https and not http

- by spender

So all of a sudden, searches for our site "radiotuna" give out the result as an HTTPS link. https://www.google.com/?q=radiotuna#hl=en&safe=off&output=search&sclient=psy-ab&q=radiotuna&oq=radiotuna&gs_l=hp.12...0.0.0.3499.0.0.0.0.0.0.0.0..0.0.les%3B..0.0...1c.LnOvBvgDOBk&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=177c7ff705652ec3&biw=1366&bih=602 We only use https for the download of two specific files (these urls are resources used for autoupdate functionality of an app we distribute). All other parts of the site should be served over http. We wouldn't like to see any other traffic over https, nor any of our site links to appear in search engines as https. I'd like to address this issue. It seems that the following solutions are available: hand out an https specific robots.txt as such: User-agent: * Disallow: / and/or at app-level, 301 permanent redirect all requests (except the two above) to HTTP if they come in as HTTPS. My concern with the robots method is that, say (for some reason) google decided not to index http pages, disallowing https pages might mean that google has nothing left to index with disastrous consequences for our ranking. This means I'm inclined to go with a 301 redirect. Any thoughts?

Read the article
Google Analytics HTTP vs HTTPS

- by Pelangi

I want to use Google Analytics on a website that uses both HTTP and HTTPS that works as explained below: Secure pages accessed through https://mydomain.com/secure/* are always on HTTPS. Any access to these pages through HTTP will be redirected to HTTPS. Any other pages will be accessible through both HTTP and HTTPS I have a Google Analytics profile with URL using HTTPS. Will I cover all traffic? Do I need to create another profile using HTTP and how should I apply the other profile?

Read the article
Identify "non-secure" content IE warns about [on hold]

- by Doug Harris

As many know, if you serve a page over https and the content loads resources (images, stylesheets, js, SWF objects, etc) over http, older versions of Internet Explorer will show the user a warning saying "This page contains both secure and non-secure items". This is discomforting to many non-technical users. Usually, I can look at the HTML source and identify which item(s) are triggering this error. Sometimes a Flash object will load something else or some embedded javascript will put a new object in the DOM and trigger this. What tools are good for quickly tracking down the source of the warning?

Read the article
Need suggestions on how to create a website with an encrypted database.

- by SFx

Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

Read the article
Handle HTTPS Request in Proxy Server by C#

- by Masoud Zohrabi

I'm trying to write a Home Proxy Server in C# and I almost succeeded but I have problem to handle HTTPS requests (CONNECT). I don't know really how to handle this type of requests. In my studies I realized that for this requests we must to connect client to target host directly. Steps for these requests (that I realized): Receive first request from client (CONNECT https://www.example.ltd:443 HTTP/1.1) and send that to target host Send HTTP/1.1 200 Connection Established\r\n\r\n to client Listen to both sockets (client and target host) and send receives from each other to each other Listen until one of sockets disconnected Is this correct? If it is, how?

Read the article
Is there a media player that works on HTTPS sites?

- by Iain Hallam

I'm currently using Yahoo! Media Player for a site that needs to play MP3 files that are stored on our server. In total, there's quite a bit more than the free limits at Soundcloud, but each file is only a few minutes long. YMP is pretty good, but causes security warnings on HTTPS pages, because it can only be served via HTTP. Is there an equivalent free player I can embed for the HTTPS pages? EDIT: Just to clarify, I'm initially looking for something that will scan the page and turn media links playable.

Read the article
Is there a way to disallow crawling of only HTTPS in robots.txt?

- by David Wilkins

I just realized that Bingbot is crawling my company's website's pages over https. Bing already crawls the site over http, so this seems frivolous. Is there a way to specify Disallow: / for https only? According to Wikipedia, each protocol has its own robots.txt And according to Google's Robots.txt Specification, the robots.txt applies to http AND https I don't want to Disallow: / for Bing totally, just over https.

Read the article

< Previous Page | 55 56 57 58 59 60 61 62 63 64 65 66 | Next Page >