Search Results

Search found 4244 results on 170 pages for 'ssl certificate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 62/170 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • Safari, IIS and optional Client Certificates

    - by Philipp
    I've a ASP.Net Webapp running on IIS7.5. The Webserver is configured to accept Client Certifcates. Unfortunately Visitors with Safari Browser are unable to view the Page. Same Problem as described under the following link: http://www.mnxsolutions.com/apache/safari-providing-an-ssl-error-client-certificate-rejected%E2%80%9D-when-other-browsers-work.html Does anyone knows how to solve this? I'd really appreciate your help. edit: Seems to be the same problem: http://superuser.com/questions/231695/iis7-5-ssl-question-safari-users-get-a-prompt-of-certificate-to-select

    Read the article

  • Is visiting HTTPS websites on a public hotspot secure?

    - by Calmarius
    It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory. Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption. If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?

    Read the article

  • How to use chain.p7b with Apache?

    - by Debianuser
    I wanted to setup a SSL website on Apache and applied for a certificate from my local ISP. All they sent me was a single file named chain.p7b. I have always used certificates from other vendors without any issues but they usually provide two files to be configured as SSLCertificateFile and SSLCertificateChainFile in Apache. Following instructions from several online resources, I opened the p7b file in Windows and extracted 4 certificates from the file. I then tried configuring Apache with one of the files and it worked, but shows a warning: The certificate is not trusted because no issuer chain was provided. I though I have to use remaining 3 files as SSLCertificateChainFile and/or SSLCACertificateFile. I tried that but it didn't work so I am assuming it might be something completely different. Anyone faced this issue before? The following page http://www-01.ibm.com/support/docview.wss?uid=swg21458997 talks about using a keystore but is that relevant to Apache?

    Read the article

  • HTTPS subdomain does not load site under HTTP

    - by Mark Lawrence
    I recently installed an SSL certificate on a subdomain following the steps at cPanel. Lets just say the domain is example.com and the subdomain is sub.example.com. I updated the userdata file for the subdomain and changed the IP address to the IP I wanted to use I updated the example.com zone file and changed the IP for the A Name for the subdomain to the IP I wanted to use Using domain tools I checked that sub.example.com resolved to the new IP which it does. I then installed an SSL certificate on example.com and then on sub.example.com When I visit http://sub.example.com I get the default Apache account screen, and when I visit https://sub.example.com I get the cPanel 404 page. If however I enter https://sub.example.com/admin (the location of my admin section) the page loads and I can login. I thought that this might be a propagation issue however as the subdomain resolves to the IP and I can reach the admin page I suspect it is not a propagation issue and possibly an incorrect zone file. Any thoughts?

    Read the article

  • All HTTPS, or is it OK to accept HTTP and redirect (secure vs. user friendly)

    - by tharrison
    Our site currently redirects requests sent to http://example.com to https://example.com -- everything beyond this is served over SSL. For now, the redirect is done with an Apache rewrite rule. Our site is dealing with money, however, so security is pretty important. Does allowing HTTP in this way pose any greater security risk than just not opening or listening on port 80? Ideally, it's a little more user-friendly to redirect. (I am aware that SSL is only one of a large set of security considerations, so please make the generous assumption that we have done at least a "very good" job of covering various security bases.)

    Read the article

  • HTTP Subdomain Redirect to HTTPS automatically. Why?

    - by user139062
    I have 2 websites deployed in IIS 7.5 Express. The first website is the PRODUCTION website and the second is the TEST website. In the PRODUCTION website, I added an HTTPS binding and Require SSL so it is normal that it will force to redirect from HTTP to HTTPS. In the TEST website, I didn't add HTTPS binding and the Require SSL is disabled but I wonder why it still force to redirect from HTTP to HTTPS. Any idea why this happen? By the way, the PRODUCTION site uses the main domain (www.maindomain.com) and the TEST site uses only sub-domain (test.maindomain.com). I don't want the sub-domain to only use HTTP, not HTTPS. Thank you in advance.

    Read the article

  • Apache will not stop/start gracefully

    - by ddjammin
    CentOs 6 64bit running apache 2.2.15-29.el6.centos. When I try to stop/start or restart httpd I get an error that says it has failed. A tail of the error log is below. I also noticed that a httpd.pid file is not created even though it is configured in the main conf file. If I set selinux to permissive, it works just fine. I do not want to run it with selinux disabled. If I delete the SSL_Mutex file it will start. HTTPD was running fine until I tried to add the ssl configuration. I copied over the ssl.conf file from a working server into the conf.d folder. I also copied a sslcert folder into the conf folder. It contains the certs, key, csr and password file. I think the problem has to do with the selinux context for the sslcert folder that was copied but I am not certain and not sure how to fix it. Below is the security context for the sslcert folder after executing restorecon -R sslcert ls -Z -rw-r--r--. root root system_u:object_r:httpd_config_t:s0 httpd.conf -rw-r--r--. root root system_u:object_r:httpd_config_t:s0 magic **drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 sslcert** tail -f /var/log/httpd/error_log [Thu Oct 17 13:33:19 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 17 13:33:20 2013] [notice] Digest: generating secret for digest authentication ... [Thu Oct 17 13:33:20 2013] [notice] Digest: done [Thu Oct 17 13:33:20 2013] [warn] pid file /etc/httpd/logs/ssl.pid overwritten -- Unclean shutdown of previous Apache run? [Thu Oct 17 13:33:20 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations [Thu Oct 17 21:04:48 2013] [notice] caught SIGTERM, shutting down [Thu Oct 17 21:06:42 2013] [notice] **SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0** [Thu Oct 17 21:06:42 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 17 21:06:42 2013] [error] (17)File exists: Cannot create SSLMutex with file `/etc/httpd/logs/ssl_mutex' I also saw mention of possible issues with semaphores. Below is the output of the current semaphores and apache is currently not running. ipcs -s ------ Semaphore Arrays -------- key semid owner perms nsems 0x00000000 0 root 600 1 0x00000000 65537 root 600 1 Finally selinux reports the following error. `sealert -a /var/log/audit/audit.log` 0% donetype=AVC msg=audit(1382034755.118:420400): avc: denied { write } for pid=3393 comm="httpd" name="ssl_mutex" dev=dm-0 ino=9513484 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_log_t:s0 tclass=file **** Invalid AVC allowed in current policy *** 100% doneERROR: failed to read complete file, 1044649 bytes read out of total 1043317 bytes (/var/log/audit/audit.log) found 1 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/sbin/httpd from remove_name access on the directory ssl_mutex.

    Read the article

  • use local ip and maintain ssl warning free [duplicate]

    - by Timothy Clemans
    This question already has an answer here: Loopback to forwarded Public IP address from local network - Hairpin NAT 6 answers I have a public facing website for a doctor's office for accessing the medical record. I'm using SSL. The server is at the doctor's office. When I access the website on the same network as the server I want the DNS to point to the local IP address. I don't want to do a HTTP redirect to the local ip because of the scary SSL warning. What's the recommended way of doing this?

    Read the article

  • What are the packages/libraries I should install before compiling Python from source?

    - by Lennart Regebro
    Once in a while I need to install a new Ubuntu (I used it both for desktop and servers) and I always forget a couple of libraries I should have installed before compiling, meaning I have to recompile, and it's getting annoying. So now I want to make a complete list of all library packages to install before compiling Python (and preferably how optional they are). This is the list I compiled with below help and by digging in setup.py. It is complete for Ubuntu 10.04 and 11.04 at least: build-essential (obviously) libz-dev (also pretty common and essential) libreadline-dev (or the Python prompt is crap) libncursesw5-dev libssl-dev libgdbm-dev libsqlite3-dev libbz2-dev More optional: tk-dev libdb-dev Ubuntu has no packages for v1.8.5 of the Berkeley database, nor (for obvious reasons) the Sun audio hardware, so the bsddb185 and sunaudiodev modules will still not be built on Ubuntu, but all other modules are built with the above packages installed. Python 2.5 and Python 2.6 also needs to have LDFLAGS set on Ubuntu 11.04 and later, to handle the new multi-arch layout: export LDFLAGS="-L/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)" For Python 2.6 and 2.7 you also need to explicitly enable SSL after running the ./configure script and before running make. In Modules/Setup there are lines like this: #SSL=/usr/local/ssl #_ssl _ssl.c \ # -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ # -L$(SSL)/lib -lssl -lcrypto Uncomment these lines and change the SSL variable to /usr: SSL=/usr _ssl _ssl.c \ -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ -L$(SSL)/lib -lssl -lcrypto Python 2.6 also needs Modules/_ssl.c modified to be used with OpenSSL 1.0, which is used in Ubuntu 11.10. At around line 300 you'll find this: else if (proto_version == PY_SSL_VERSION_SSL3) self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ else if (proto_version == PY_SSL_VERSION_SSL2) self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ else if (proto_version == PY_SSL_VERSION_SSL23) self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ Change that into: else if (proto_version == PY_SSL_VERSION_SSL3) self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ #ifndef OPENSSL_NO_SSL2 else if (proto_version == PY_SSL_VERSION_SSL2) self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ #endif else if (proto_version == PY_SSL_VERSION_SSL23) self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ This disables SSL_v2 support, which apparently is gone in OpenSSL1.0.

    Read the article

  • web application with secured sections, sessions and related trouble

    - by spirytus
    I would like to create web application with admin/checkout sections being secured. Assuming I have SSL set up for subdomain.mydomain.com I would like to make sure that all that top-secret stuff ;) like checkout pages and admin section is transferred securely. Would it be ok to structure my application as below? subdomain.mydomain.com adminSectionFolder adminPage1.php adminPage2.php checkoutPagesFolder checkoutPage1.php checkoutPage2.php checkoutPage3.php homepage.php loginPage.php someOtherPage.php someNonSecureFolder nonSecurePage1.php nonSecurePage2.php nonSecurePage3.php imagesFolder image1.jpg image2.jpg image3.jpg Users would access my web application via http as there is no need for SSL for homepage and similar. Checkout/admin pages would have to be accessed via https though (that I would ensure via .htaccess redirects). I would also like to have login form on every page of the site, including non-secure pages. Now my questions are: if I have form on non-secure page e.g http://subdomain.mydomain.com/homepage.php and that form sends data to http://subdomain.mydomain.com/loginPage.php, is data being send encrypted as if it were sent from https://subdomain.mydomain.com/homepage.php? I do realize users will not see padlock, but browser still should encrypt it, is it right? If on secure page loginPage.php (or any other accessed via https for that instance) I created session, session ID would be assigned, and in case of my web app. something like username of the logged in user. Would I be able to access these session variable from http://subdomain.mydomain.com/homepage.php to for example display greeting message? If session ID is stored in cookies then it would be trouble I assume, but could someone clarify how it should be done? It seems important to have username and password send over SSL. Related to above question I think.. would it actually make any sense to have login secured via SSL so usenrame/password would be transferred securely, and then session ID being transferred with no SSL? I mean wouldnt it be the same really if someone caught username and password being transferred, or caught session ID? Please let me know if I make sense here cause it feels like I'm missing something important. EDIT: I came up with idea but again please let me know if that would work. Having above, so assuming that sharing session between http and https is as secure as login in user via plain http (not https), I guess on all non secure pages, like homepage etc. I could check if user is already logged in, and if so from php redirect to https version of same page. So user fills in login form from homepage.php, over ssl details are send to backend so probably https://.../homepage.php. Trying to access http://.../someOtherPage.php script would always check if session is created and if so redirect user to https version of this page so https://.../someOtherPage.php. Would that work? 4.To avoid browser popping message "this page contains non secure items..." my links to css, images and all assets, e.g. in case of http://subdomain.mydomain.com/checkoutPage1.php should be absolute so "/images/image1.jpg" or relative so "../images/image1.jpg"? I guess one of those would have to work :) wow that's long post, thanks for your patience if you got that far and any answers :) oh yeh and I use php/apache on shared hosting

    Read the article

  • How to import certificate for Apache + LDAPS?

    - by user101956
    I am trying to get ldaps to work through Apache 2.2.17 (Windows Server 2008). If I use ldap (plain text) my configuration works great. LDAPTrustedGlobalCert CA_DER C:/wamp/certs/Trusted_Root_Certificate.cer LDAPVerifyServerCert Off <Location /> AuthLDAPBindDN "CN=corpsvcatlas,OU=Service Accounts,OU=u00958,OU=00958,DC=hca,DC=corpad,DC=net" AuthLDAPBindPassword ..removed.. AuthLDAPURL "ldaps://gc-hca.corpad.net:3269/dc=hca,dc=corpad,dc=net?sAMAccountName?sub" AuthType Basic AuthName "USE YOUR WINDOWS ACCOUNT" AuthBasicProvider ldap AuthUserFile /dev/null require valid-user </Location> I also tried the other encryption choices besides CA_DER just to be safe, with no luck. Finally, I also needed this with Apache tomcat. For tomcat I used the tomcat JRE and ran a line like this: keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file Trusted_Root_Certificate.cer After doing the above line ldaps worked greate via tomcat. This lets me know that my certificate is a-ok. Update: Both ldap modules are turned on, since using ldap instead of ldaps works fine. When I run a git clone this is the error returned: C:\Tempgit clone http://eqb9718@localhost/git/Liferay.git Cloning into Liferay... Password: error: The requested URL returned error: 500 while accessing http://eqb9718@loca lhost/git/Liferay.git/info/refs fatal: HTTP request failed access.log has this: 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:12 -0600] "GET /git/Liferay.git/info/refs service=git-upload-pack HTTP/1.1" 500 535 127.0.0.1 - eqb9718 [23/Nov/2011:18:25:33 -0600] "GET /git/Liferay.git/info/refs HTTP/1.1" 500 535 apache_error.log has nothing. Is there any more verbose logging I can turn on or better tests to do?

    Read the article

  • Subversion Edge LDAP (require CAC Certificate not Username and Password)

    - by Frank Hale
    What I've Done: I've successfully installed and configured Subversion Edge 3.1.2 with LDAP support on a Windows 2008 server. I have configured LDAP users and am able to use LDAP credentials to work on repositories just fine. No issues whatsoever. Works great! What I Want To Do: I've been searching for several hours now in hopes to find some information on how to configure Subversion Edge server to require client certificates for user authentication against an LDAP environment. I have not found anything yet that gives me an indication of how to do it. I know there are SVN clients that are capable of prompting for CAC certificates but I cannot figure out how to set my server up to require it. NOTE: CAC authentication is already setup and working in the windows environment. Desired Outcome: When running svn commands that require authentication against my Subversion Edge Server I want it to prompt me for my CAC certificate instead of my Active Directory username and password. If anyone has any information on this I'd greatly appreciate it. EDIT: I'm still digging so if I find out anything I'll update this question with what I found.

    Read the article

  • X509Certificate.CreateFromCertFile - the specified network password is not correct

    - by pcampbell
    I have a .NET application that I want to use as a client to call an SSL SOAP web service. I have been supplied with a valid client certificate called foo.pfx. There is a password on the certificate itself. I've located the certificate at the following location: C:\certs\foo.pfx To call the web service, I need to attach the client certificate. Here's the code: public X509Certificate GetCertificateFromDisk(){ try{ string certPath = ConfigurationManager.AppSettings["MyCertPath"].ToString(); //this evaluates to "c:\\certs\\foo.pfx". So far so good. X509Certificate myCert = X509Certificate.CreateFromCertFile(certPath); // exception is raised here! "The specified network password is not correct" return cert; } catch (Exception ex){ throw; } } It sounds like the exception is around the .NET application trying to read the disk. The method CreateFromCertFile is a static method that should create a new instance of X509Certificate. The method isn't overridden, and has only one argument: the path. When I inspect the Exception, I find this: _COMPlusExceptionCode = -532459699 Source=mscorlib Question: does anyone know what the cause of the exception "The specified network password is not correct" ?

    Read the article

  • The HTTP request was forbidden with client authentication scheme 'Anonymous'

    - by dudia
    I am trying to configure a WCF server\client to work with SSL I get the following exception: The HTTP request was forbidden with client authentication scheme 'Anonymous' I have a self hosted WCF server. I have run hhtpcfg both my client and server certificates are stored under Personal and Trusted People on the Local Machine Here is the server code: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Mode = WebHttpSecurityMode.Transport; _host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust; _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine; _host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My); Client Code: binding.Security.Mode = WebHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; WebChannelFactory<ITestClientForServer> cf = new WebChannelFactory<ITestClientForServer>(binding, url2Bind); cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My); ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidate; Looking at web_tracelog.svclog and trace.log reveals that the server cannot autheticate the client certificate My certificate are not signed by an Authorized CA but this is why I added them to the Trusted People.... What Am I missing? What am I missing?

    Read the article

  • nginx error: (99: Cannot assign requested address)

    - by k-g-f
    I am running Ubuntu Hardy 8.04 and nginx 0.7.65, and when I try starting my nginx server: $ sudo /etc/init.d/nginx start I get the following error: Starting nginx: [emerg]: bind() to IP failed (99: Cannot assign requested address) where "IP" is a placeholder for my IP address. Does anybody know why that error might be happening? This is running on EC2. My nginx.conf file looks like this: user www-data www-data; worker_processes 4; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; access_log /usr/local/nginx/logs/access.log; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 3; gzip on; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; include /usr/local/nginx/sites-enabled/*; } and my /usr/local/nginx/sites-enabled/example.com looks like: server { listen IP:80; server_name example.com; rewrite ^/(.*) https://example.com/$1 permanent; } server { listen IP:443 default ssl; ssl on; ssl_certificate /etc/ssl/certs/myssl.crt; ssl_certificate_key /etc/ssl/private/myssl.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; server_name example.com; access_log /home/example/example.com/log/access.log; error_log /home/example/example.com/log/error.log; }

    Read the article

  • pyOpenSSL and the WantReadError

    - by directedition
    I have a socket server that I am trying to move over to SSL on python 2.5, but I've run into a snag with pyOpenSSL. I can't find any good tutorials on using it, so I'm operating largely on guesses. Here is how my server sets up the socket: ctx = SSL.Context(SSL.SSLv23_METHOD) ctx.use_privatekey_file ("mykey.pem") ctx.use_certificate_file("mycert.pem") sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) addr = ('', int(8081)) sock.bind(addr) sock.listen(5) Here is how it accepts clients: sock.setblocking(0) while True: if len(select([sock], [], [], 0.25)[0]): client_sock, client_addr = sock.accept() client = ClientGen(client_sock) And here is how it sends/receives from the connected sockets: while True: (r, w, e) = select.select([sock], [sock], [], 0.25) if len(r): bytes = sock.recv(1024) if len(w): n_bytes = sock.send(self.message) It's compacted, but you get the general idea. The problem is, once the send/receive loop starts, it dies right away, before anything has been sent or received (that I can see anyway): Traceback (most recent call last): File "ClientGen.py", line 50, in networkLoop n_bytes = sock.send(self.message WantReadError The manual's description of the 'WantReadError' is very vague, saying it can come from just about anywhere. What am I doing wrong?

    Read the article

  • Log in to subdomain via main domain

    - by Mattias
    I have a website, available through multiple domainnames. like www.domain1.com .... www.domain5.com All my customers have their own subdomain. like: customer1.domain1.com customer2.domain1.com .... customer351.domain4.com Currently i dont use SSL, each customer log in their own account via their sub domain. I want to change this, and make all customers log in on a central log in page, that would use SSL, for example. https://login.domain1.com And somehow redirect each user to the correct sub domain adress. (Sub domain that don't use SSL) How do I do this, and maintain security? One idea i had: Login - add random value somewhere in the database, Redirect to subdomain, with querystring the randomvalue. And after that the session takes care of it, Each value can be used once only.. But how secure is that? I guess someone would ask the question "why?" to me. Because SSL costs money. And unfortunately i dont have a lot of it. :D Thanks for your time!

    Read the article

  • 502: proxy: pass request body failed

    - by Apikot
    Sometimes I get the following error (in apache's error.log) when viewing my site over https: (502)Unknown error 502: proxy: pass request body failed to xxx.xxx.xxx.xxx:443 I'm not entirely sure what this is and why it happens, it's also not consistent. The request route is: Browser Proxy server (apache with mod_proxy + mod_ssl) Load balancer (aws) Web server (apache with mod_ssl) The configuration on the proxy server is as follows: <VirtualHost *:443> ProxyRequests Off ProxyVia On ServerName www.xxx.co.uk ServerAlias xxx.co.uk <Directory proxy:*> Order deny,allow Allow from all </Directory> <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy> ProxyPass / balancer://cluster:443/ lbmethod=byrequests ProxyPassReverse / balancer://cluster:443/ ProxyPreserveHost off SSLProxyEngine On SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.cert SSLCertificateKeyFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.key <Proxy balancer://cluster> BalancerMember https://xxx.eu-west-1.elb.amazonaws.com </Proxy> </VirtualHost> Any idea what the issue might be?

    Read the article

  • Authentication required by wireless network.

    - by Roman
    I would like to use a wireless network from Ubuntu. In the network drop-down menu I select a network (this is a University network I have an account there). Then I get a windows with the following fields: Wireless Security: [WPA&WPA2 Enterprise] Authentication: [Tunneled TLS] Anonymous Identity: [] CA Certificate: [(None)] Inner Authentication: [some letters] User Name: [] Password: [] I put there my user name and password and do not change default value and leave "Anonymous Identity"blank. As a result of that I get "Authentication required by wireless network". How can I solve this problem? I think it is important to notice that our system administrator tried to find some files (which are probably needed to be used as "CA Certificate"). He said that he does not know where this file is located on Ubuntu (he support only Windows). So, probably this is direction I need to go. I need to find this file. But may be I am wrong. May be something else needs to be done. Could you pleas help me with that?

    Read the article

  • How often is CRL refreshed, and how to force it to be?

    - by lockstock
    I have a web service running under IIS 7 that requires an X509 client certificate. I know that the server that it rus on needs access to DigiCert.com in order to be able to get the CRL (Certificate Revocation List). There is a need to change our proxy so I am attempting to investigate the impact of doing so. I have removed the global proxy settings using the command netsh winhttp proxy refesh, and also deleted the CRL cache using the command certutil -URLcache CRL delete. However, after doing this, all calls to the web service still succeed. This suggests to me that I am missing something here. So; If the CRL cache is cleared and the server has no way of refreshing the CRL, why do web service requets not return http 403?. I have been unable to find adequate information from googling nor from my colleagues. The reason I want it to fail is that I will not be confident that the new proxy settings work until I can see it broken first, if that makes sense. I would also like to be able to force the CRL to be refeshed in order to ensure that the new proxy settings work

    Read the article

  • 502: proxy: pass request body failed

    - by Andrei Serdeliuc
    Sometimes I get the following error (in apache's error.log) when viewing my site over https: (502)Unknown error 502: proxy: pass request body failed to xxx.xxx.xxx.xxx:443 I'm not entirely sure what this is and why it happens, it's also not consistent. The request route is: Browser Proxy server (apache with mod_proxy + mod_ssl) Load balancer (aws) Web server (apache with mod_ssl) The configuration on the proxy server is as follows: <VirtualHost *:443> ProxyRequests Off ProxyVia On ServerName www.xxx.co.uk ServerAlias xxx.co.uk <Directory proxy:*> Order deny,allow Allow from all </Directory> <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy> ProxyPass / balancer://cluster:443/ lbmethod=byrequests ProxyPassReverse / balancer://cluster:443/ ProxyPreserveHost off SSLProxyEngine On SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.cert SSLCertificateKeyFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.key <Proxy balancer://cluster> BalancerMember https://xxx.eu-west-1.elb.amazonaws.com </Proxy> </VirtualHost> Any idea what the issue might be?

    Read the article

  • Setting up HTTPS across multiple servers

    - by JohnyD
    I'm looking to offer our online services over https and I'm having a couple of problems understanding how to accomplish this. To access our services you must pass through our ISA firewall to a Win2000 server running IIS6. About half our services are located here and the other half take you to a Win2003 server also running IIS6. So, in order to achieve this must each server have the proper certificate installed? ISA, IIS6_1 and IIS6_2? Is there a separate configuration that must be made to our ISA firewall? The other problem is with the CA and knowing how many certificates I need. It's important to note that the domain name for our services on IIS6_1 is www.domainname.com but the domain name on IIS6_2 is services.domainname.com. I believe that this will require me to purchase more than one certificate. It looks as though we will be going with Thawte's SSL123 as it's a good name and it's fast to get. Will I need to purchase 2 certificates (one for www that will be installed on our ISA firewall as well as IIS6_1, and one for services.domainname.com on IIS6_2)? Or will I need to purchase 3, the extra one being used on our firewall server? Another side question is about SAN's (subject alternative names). Is this basically adding sub-domains to your cert? So I could purchase one cert with 1 SAN for my www and services.? Thanks a lot for your help! Please let me know if I can provide any further information.

    Read the article

  • Apache Reverse proxy for intranet and other integrated application on intranet

    - by user1433448
    I'm trying to configure a reverse proxy (ssl) with apache 2.2 in Debian Squeeze, but I have some problems, specially with some path absolute and with https I'll try to detail what I have made and what I'm trying to configure I have a server Debian Squeeze with apache2.2 + mod_proxy_html with: # apt-get install libapache2-mod-proxy-html libxml2-dev # a2enmod proxy # a2enmod proxy_http # a2enmod proxy_html # a2enmod headers After that I have configured a virtual host with: reverse_proxy_ssl.conf I'm trying to configure to allow access of our intranet from internet with a reverse proxy (apache that is located in DMZ). With this configuration domain.com/intranet works correctly and we can access to intranet, but we have one problem when from domain.com/intranet we need to use another internal application that is called from intranet with absolute path ( https://192.168.10.25/application/) and from internet appears that try to access with internal ip, and this link es incorrect from external site We only need to access from intranet to multiple internal application that are in external server and we like to restrict to minimal access from internet. All the application that are in the smae server of intranet are working. The second problem is with https and reverse proxy in our firewall appears some errors with packets (not valid packets), and with https seems to work. What can I do to solve this problems (absolute path and ssl problem) Thanks

    Read the article

  • Why I am getting "Problem loading the page" after enabling HTTPS for Apache on Windows 7?

    - by Anish
    I enabled HTTPS on the Apache server (2.2.15) Windows 7 Enterprise by uncommenting: Include /private/etc/apache2/extra/httpd-ssl.conf in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\httpd.conf and modifying C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\httpd-ssl.conf to include: DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs" ServerName myserver.com:443 ServerAdmin [email protected] ... SSLCertificateFile "SSLCertificateFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/cert.pem SSLCertificateKeyFile "SSLCertificateFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/key.pem" Then I restart apache (going to start-All Progranms-Apache Server 2.2-Control-restart) and go to localhost on port 443 in Firefox , where I get: Index of / Index of / Links/ ..... .... But on Display of WebPage I see: Unable to connect Firefox can't establish a connection to the server at localhost. *The site could be temporarily unavailable or too busy. Try again in a few moments. *If you are unable to load any pages, check your computer's network onnection. *If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. I read: Why am I getting 403 Forbidden after enabling HTTPS for Apache on Mac OS X? and added default web server configuration block to match my DocumentRoot The error Log C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs\error.log gives following error: The Apache2.2 service is running. (OS 5)Access is denied. : Init: Can't open server certificate file C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/cert.pem I checked the permissions for cert.pem and it indicates: All the permissions (Full control, Read, Read and modify, execute, Write) are marked for Admin and I am currently logged in as Admin. I tried using oldcert.pem and oldkey.pem on the same server and it works fine. Is there anything that I missed?

    Read the article

  • Nginx with http/https - Http seemed redirected to https all the time

    - by dwarfy
    I've this really weird behaviour with my ubuntu 10.04 / nginx 1.2.3 server. Basically I changed the SSL certificates this morning. And ever since it has been behaving weirdly on all apps. Godaddy is reporting that HTTPS/SSL setup is correct. When I try a page it still works correctly when I'm using HTTPS. But when I try using HTTP nginx reports error : 400 Bad Request The plain HTTP request was sent to HTTPS port After looking around on google for hours, I've tried different setup (while originaly my setup was working correctly for longtime, I just renewed certificates) I kindof found a half solution by adding this to my config : error_page 497 $request_uri; The realllly weird thing is that when I use this setup : server { listen 80; server_name john.johnrocks.eu; access_log /home/john/envs/john_prod/nginx_access.log; error_log /home/john/envs/john_prod/nginx_error.log; location / { uwsgi_pass unix:///home/john/envs/john_prod/john.sock; include uwsgi_params; } location /media { alias /home/john/envs/john_prod/johntab/www; } location /adminmedia { alias /home/john/envs/john_prod/johntab/www/adminmedia; } } I still have the same error when using HTTP (while nothing is setup for HTTPS here)?? I'm getting crazy on this !

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >