Search Results

Search found 3673 results on 147 pages for 'pop3 ssl'.

Page 65/147 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72 | Next Page >

Dovecot and StartSSL problems with issuer

- by knoim

I am using dovecot (1) and trying to get my StartSSL certificate running. ssl_key_file points to my private key I tried pointing ssl_cert_file to my public key, with and without using the class1 certificate from http://www.startssl.com/certs/sub.class1.server.ca.pem as ssl_ca_file aswell as combing them with cat publickey sub.class1.server.ca.pem chained My mail client keeps telling me the certificate has no issuer, but doing openssl x509 on my public certificate tells me it is C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA My option for the CSR were: openssl req -new -newkey rsa:4096 -nodes Dovecot's log doesn't mention any problems. EDIT: Doesn't seem to be a problem with dovecot. I am having the same problem with postfix. openssl verify gives me the same error.

Read the article
Windows 7 will not install a root certificate

- by Farseeker

I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate brings with it. Using Windows 7, I'm going to: Start > Internet Explorer > Run as Administrator > Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import > (select file) > Next > OK, and Windows reports Import Successful However, the import is NOT successful. The certificate does not show in the list of trusted roots, and certificate errors still show up. If I import the certificate into the Trusted Publishers container, it imports correctly, but this does not solve my security errors. Any ideas?

Read the article
Can I disable certificate error/warning in Firefox/Chrome/Internet Explorer?

- by Poni

Exactly as the title says; I don't mind which browser, I just want to type "https://........" and see the page normally without any certificate error, knowing that I might risk myself by allowing an invalid certificate! It seems like every browser producer thinks he knows better than me, the Super User !! =) Now, does anyone know how to remove warning/error related to this? In any of these browsers (Firefox/Chrome/Internet Explorer/[you-may-suggest])? Oh, and don't advise me a workaround like adding to exceptions. Please don't mention that. I'd highly appriciate a concise & precise answer! Edit: The answer I seek concerns ONLY the browser. No third-party objects to be used.

Read the article
How to configure to URLs for One Server using wildcard supported certificates?

- by Amit

Hi, We have wildcard supported certificate installed in our production environment. One of our client wants his name to appear in the URL (e.g. companyname.sitename.net). How we should facilitate this? Do we need to make any entries for this in DNS? If yes can you please let me know about it? I need to set this up before Fridat PST, any help in this is highly appriciated. Thanks.

Read the article
Google account gives ERR_SSL_BAD_RECORD_MAC_ALERT errors

- by Kjensen

A couple of days ago, I started being unable to connect to accounts.google.com, which handles logins to all kinds of google services. I get this error in Chrome: Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT): Unknown error. In IE I get this: I assume it is the same error, just wrapped up. I run Win8 RTM. On the SAME machine, using the same network card, in a VMWare workstation image running Win7, I am able to connect perfectly. On another of my machines on my network, I am also still able to connect with no problem. My girlfriend uses the same network and has also complained a couple of times about this error (google calendar) - but this is anecdotal, since her technical troubleshooting abilities stop at "xxxx is broken". Her machine runs Win7. ;) I have rebooted, cleared cookies, do not run any antivirus/firewall, have not changed network config. The first 3-4 days after installing Win8, I did not have any problems. I have also searched, and found a hint about enabling SSL2.0 in connection settings, which did not help. Anybody know something about this error and what I can do to fix it?

Read the article
compile ntp without ssl

- by Zulakis

I need to deploy ntp to a very space-critical pxe-imaging-system. (Yes, each KB matters.) Footprint needs to be as small as possible, so I want to compile ntp without linking openssl. According to the manual this is should be possible: If available, the OpenSSL library from http://www.openssl.org is used to support public key cryptography. The library must be built and installed prior to building NTP. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTP configure phase and the interface routines compiled automatically. Only the libcrypto.a library file and openssl header files are needed. If the library is not available or disabled, this step is not required. I already tried out ./configure --without-openssl however, this didn't help. This is my ldd output: ldd ntpd/ntpd linux-gate.so.1 => (0xb7706000) libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb76d5000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7582000) librt.so.1 => /lib/i686/cmov/librt.so.1 (0xb7578000) libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb741d000) /lib/ld-linux.so.2 (0xb7707000) libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7419000) libz.so.1 => /usr/lib/libz.so.1 (0xb7404000) libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb73eb000) The system I am compiling on is 32-bit debian lenny using openssl 0.9.8g-15+lenny16. What is the correct configure option to compile ntp without openssl?

Read the article
ssl_error_log apache issue

- by lakshmipathi

https://localhost works but https://ipaddress didn't cat logs/ssl_error_log [Mon Aug 02 19:04:11 2010] [error] [client 192.168.1.158] (13)Permission denied: access to /ajaxterm denied [root@space httpd]# cat logs/ssl_access_log 192.168.1.158 - - [02/Aug/2010:19:04:11 +0530] "GET /ajaxterm HTTP/1.1" 403 290 [root@space httpd]# cat logs/ssl_request_log [02/Aug/2010:19:04:11 +0530] 192.168.1.158 SSLv3 DHE-RSA-CAMELLIA256-SHA "GET /ajaxterm HTTP/1.1" 290 httpd.conf file NameVirtualHost *:443 <VirtualHost *:443> ServerName localhost SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /usr/share/ajaxterm > Options FollowSymLinks AllowOverride None Order deny,allow Allow from All </Directory> DocumentRoot /usr/share/ajaxterm DirectoryIndex ajaxterm.html ProxyRequests Off <Proxy *> # Order deny,allow Allow from all </Proxy> ProxyPass /ajaxterm/ http://localhost:8022/ ProxyPassReverse /ajaxterm/ http://localhost:8022/ ErrorLog error_log.log TransferLog access_log.log </VirtualHost> How to fix this ?

Read the article
Buying a certificate - what to spend and where

- by bergin

Hi there My boss wants to buy a certificate for his SBS so external connection can be made. they access on an IP number. What should he spend on the certificate? Where should he buy from? Verisign seems like overkill as its not an ecommerce site, just needs some security. Ive seen some cheap ones at $20 / yr - are there any problems with getting cheap certificates?

Read the article
Google Chrome custom search engine for secure Wikipedia

- by gdejohn

I have this custom search engine set up in Google Chrome: https://encrypted.google.com/search?q=site%3Aen.wikipedia.org+%s&btnI=745 It searches Google for site:en.wikipedia.org {query}, and the btnI=745 is for I'm Feeling Lucky, so it automatically redirects to the first result. I like this better than using Wikipedia's search function directly because it gives me very effective approximate string matching, so I can misspell my search, or leave a word out, or just search for some keywords, and I still get what I'm looking for right away. What I'd like is for it to use Wikipedia's secure gateway: https://secure.wikimedia.org/wikipedia/en/wiki/ It's easy enough to set up a custom search engine that uses the secure version of Wikipedia's search function directly, but I can't figure out how to correctly incorporate it into my version going through Google. Nothing I've tried works.

Read the article
certutil -ping fails with 30 seconds timeout - what to do?

- by mark

Dear ladies and sirs. The certificate store on my Win7 box is constantly hanging. Observe: C:\1.cmd C:\certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\set PROMPT=$P($t)$G C:\(13:04:28.57)certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)set PROMPT=$P$G C:\ Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G

Read the article
Is RC4 128bit strong enough? [closed]

- by al nik

I notice that services like Gmail use RC4 128 bit as encryption. What is RC4 encryption? Is 128-bit RC4 strong enough by today's encryption standards?

Read the article
SSLVerifyClient optional with location-based exceptions

- by Ian Dunn

I have a site that requires authentication in order to access certain directories, but not others. (The "directories" are really just rewrite rules that all pass through /index.php) In order to authenticate, the user can either login with a standard username/password, or submit a client-side x509 certificate. So, Apache's vhost conf looks something like this: SSLCACertificateFile /etc/pki/CA/certs/redacted-ca.crt SSLOptions +ExportCertData +StdEnvVars SSLVerifyClient none SSLVerifyDepth 1 <LocationMatch "/(foo-one|foo-two|foo-three)"> SSLVerifyClient optional </LocationMatch> That works fine, but then large file uploads fail because of the behavior documented in bug 12355. The workaround for that is to set SSLVerifyClient require (or optional) as the default, so now the conf looks like this SSLCACertificateFile /etc/pki/CA/certs/redacted-ca.crt SSLOptions +ExportCertData +StdEnvVars SSLVerifyClient optional SSLVerifyDepth 1 <LocationMatch "/(bar-one|bar-two|bar-three)"> SSLVerifyClient none </LocationMatch> That fixes the upload problem, but the SSLVerifyClient none doesn't work for bar-one, bar-two, etc. Those directories are still prompted to present a certificate. Additionally, I also need the root URL to accessible without the user being prompted for a certificate. I'm afraid that will cancel out the workaround, though.

Read the article
Exchange 2010 certificate errors

- by Frederik Nielsen

I have a problem with my newly setup Exchange environment for our hosted customers. First off, when configuring the outlook client, it gives a certificate warning although the certificate has been bought and setup. I am using a setup like this: autodiscover.CUSTOMERDOMAIN.TLD CNAME autodiscover.exchange.COMPANYDOMAIN.TLD (Companydomain is our company that hosts the exchange servers, customerdomain being the customers domain) Shouldn't that work? I know that Microsoft does something like that for Office365, but I really don't think they buy a certificate for every customer.. So I guess some redirection should be setup somehow - any guidance? Next thing: When we accept that error, and move on to actually starting Outlook, it states that the certificate is not valid for the RPC proxy server exchange.COMPANYDOMAIN.TLD - this domain is not right, as that domain is not included in the certificate. I would instead like this domain to be mail.exchange.COMPANYDOMAIN.TLD I tried to run this script setting both internal and external URL's to be the same, with no luck. Any guidance on this one? I am running Exchange 2010 SP2, with CAS, HT and MBX split up on 3 different servers.

Read the article
Apache Server Status page in port 8443

- by batman

I'm very new to apache. I tried to enable the server status page of apache. I added the status.conf and status.load to mods-enabled directory. I changed the config of apache2.conf to include all mods-enabled directory. This is the config of staus.conf: <IfModule mod_status.c> # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. # <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 ::1 # Allow from 192.0.2.0/24 </Location> # Keep track of extended status information for each request ExtendedStatus On # Determine if mod_status displays the first 63 characters of a request or # the last 63, assuming the request itself is greater than 63 chars. # Default: Off #SeeRequestTail On <IfModule mod_proxy.c> # Show Proxy LoadBalancer status in mod_status ProxyStatus On </IfModule> </IfModule> The default settings. I restarted my server. I'm redirecting all ports to 8443. Which in turn turns my requests to localhost:8443/server-status. Which does throw an 404 error. Are there any way to get around this? Thanks in advance.

Read the article
certificate error while subdomain forwarding

- by rahulchandran

I have a website, call it http://sub.example.com, hosted on, say, 72.xx.xx.x. There is a certificate for https://sub.example.com. Now I go into the DNS management tool in my hosting provider, and I set up the standard subdomain forwarding wherein https://sub.example.com forwards to 72.xx.xx.x. Now when I try to browse to https://sub.example.com, I get a certificate error saying it is for the wrong website. I have also tried forwarding http://sub.example.com to 72.xx.xx.x, and tried it with domain masking in both cases. I am still getting the certificate error no matter what. Additional wrinkle: if someone types in https://sub.example.com then the domain forwarding does not seem to work and IE just spins endlesssly and finally fails. How can I domain forward the https://sub.example.com to 72.xx.xx.x?

Read the article
How would you change a home wireless router with a self-signed admin site certificate to be more secure?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article
Setting subversion "password-stores" does nothing?

- by Coderer

The Subversion documentation says that I can set a parameter in ~/.subversion/config like [auths] password-stores = gnome-keyring to have it cache my certificate password in gnome-keyring. I set the option, and nothing happens -- no error messages, no change in behavior, nothing. Maybe I'm missing a log somewhere? I know subversion has to be compiled to support this but AFAIK I'm using the RPM version, which (they say...) ships with it rolled in. Is there a way to check whether my binary supports keyring? Shouldn't it say something if it doesn't?

Read the article
Port-forwarding HTTPS web server

- by James Moore

I have port forwarded our front-facing IP to an internal HTTPS server. The browser does not connect. A wget command determines that the certificate is self-signed for the internal IP. Hence why the browser is refusing to display the page properly. What is the best-practice scenario for this sort of stuff? Thanks

Read the article
Root certificate authority works windows/linux but not mac osx - (malformed)

- by AKwhat

I have created a self-signed root certificate authority which if I install onto windows, linux, or even using the certificate store in firefox (windows/linux/macosx) will work perfectly with my terminating proxy. I have installed it into the system keychain and I have set the certificate to always trust. Within the chrome browser details it says "The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information. Error type: Malformed certificate" I used this code to create the certificate: openssl genrsa -des3 -passout pass:***** -out private/server.key 4096 openssl req -batch -passin pass:***** -new -x509 -nodes -sha1 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf If the issue is NOT that it is malformed (because it works everywhere else) then what else could it be? Am I installing it incorrectly? Update I tried changing the certificate attributes, but to no avail: openssl genrsa -des -passout pass:***** -out private/server.key 2048 openssl req -batch -passin pass:***** -new -x509 -nodes -sha256 -days 3600 -key private/server.key -out server.crt -config ../openssl.cnf

Read the article
Exchange - inbound email only works from some servers

- by Kryptonite

I am having a problem where inbound mail from outside only works when sent from certain hosts. For example, when I send myself an email from my personal gmail account all is well, as the logs show: 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 EHLO 250 - - 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 STARTTLS 220 - - 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 STARTTLS 220 - - 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 EHLO 250 - - 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 MAIL 250 - - 2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 RCPT 250 - - 2012-09-05 18:14:48 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 QUIT 240 - - However, if I sent from my personal Yahoo account, I get this response: Sorry, we were unable to deliver your message to the following address. <[email protected]>: Remote host said: 530 5.7.0 Must issue a STARTTLS command first [MAIL_FROM] (NB: Nothing appeared in the smtp log for this message.) Any suggestions where to start looking? EDIT ---- I don't know if it matters, but the certificate I am using for TLS is self signed.

Read the article
One user sometimes gets an unknown certificate error opening Outlook

- by Chris

Let me clarify a little. This isn't an unknown certificate error it's an unknown certificate error in so much as I can't figure out where the certificate comes from. This happens on a Win 7 Enterprise machine connecting to Exchange 2010 with Outlook 2010. The error he gets is that the root is not trusted because it's a self-signed cert. Take a look at this screenshot because even if I had generated this myself I wouldn't have put "SomeOrganizationalUnit" or "SomeCity" or "SomeState", etc. (Red block covers our domain name.) I'm a little concerned this is a symptom of a security breach. Exchange 2010 has three certificates installed but none of them are this certificate. They all have different expiration dates (one is expired) and different meta-data. edit: There are two scenarios that I see the certificate warning and one of them I can reliably repeat. When the user leaves his computer on over night Outlook pops the Security Warning window. I don't know what time this happens. Using Outlook Anywhere if I connect to Exchange externally via a cellular USB modem the Security Warning window will appear every time I close and reopen Outlook. Whether I say Yes or No does not make a difference on whether or not I can connect to Exchange and send/receive email. In other words, I can always connect to Exchange. I've checked my two Exchange servers and my Cisco router for a certificate that matches this one and I can't find it. edit 2: Here is a screenshot of the Security Alert window. (I've been calling it Security Warning... My mistake.) edit 3: I stopped seeing this error several weeks ago but I can't tie it to any single event (because I just sort of realized that warning had stopped showing up) but I think I found the source of the certificate. Last week I found out that the certificate on our website DomainA.com was invalid. I knew that our web admin had installed a valid certificate so when I look into the problem I found out I was being presented with the invalid certificate that this posting is in regards to. The Exchange server's domain is mail.DomainA.com so I can only guess that Outlook was passing this invalid certificate through as it did some kind of check on DomainA.com. This issue is still a mystery because the certificate warning stopped appearing several weeks ago whereas the invalid certificate issue on the website was only fixed last week. It ended up being a problem with the website control panel. The valid certificate was installed but not being served for some reason and instead the self-signed cert was being served.

Read the article
Add "secure" in cookie by httpd server

- by Abhishek

How do I have to configure my httpd server to add "Secure" in the cookies? I tried the one in the below link, http://blog.modsecurity.org/2008/12/fixing-both-missing-httponly-and-secure-cookie-flags.html but this did not seem to be working. I inspected the cookie via firebug and found that the cookies have "HttpOnly" but not "Secure". I double checked the configurations and they the same as mentioned in the link. I also noticed that the server response time goes bit high when doing it by mod_security. Is there a better way to do it? Any ideas or pointers to configurations would be helpful

Read the article
Host couldn't be reached by domain name, only by IP: Apache's fault?

- by MaxArt

I have this Windows Server 2003 R2 32 bit machine running Apache 2.4.2 with OpenSSL 1.0.1c and PHP 5.4.5 via mod_fcgid 2.3.7. This config worked just fine for some hours, but then the site couldn't be reached with its domain name, say www.example.com, but it could be still reached by its IP address. In particular, while https://www.example.com/ yielded a connection error, http://123.1.2.3/ worked just fine. Yes, first https then http. Error and access logs were clean, i.e. they showed no signs of problems. Just the usual messages, that were interrupted while the site couldn't be reached. After some investigation, a simple restart of Apache solved the problem. Unfortunately, I didn't have the chance to test if https://123.1.2.3/ worked as well, or if http://www.example.com/ was still redirected to https as usual. So, has anyone have any idea of what happened? Before I get tired of Apache and ditch it in favor of Nginx? Edit: Some log informations. The last line of sslerror.log is from 90 minutes before the problem occurred, so I guess it's not important. ssl_request.log shows nothing interesting, too: these are the last two lines before the problem: [28/Aug/2012:17:47:54 +0200] x.x.x.x TLSv1.1 ECDHE-RSA-AES256-SHA "GET /login HTTP/1.1" 1183 [28/Aug/2012:17:47:45 +0200] y.y.y.y TLSv1 ECDHE-RSA-AES256-SHA "POST /upf HTTP/1.1" 73 The previous lines are all the same and don't seem interesting, except 4 lines like these 30-40 seconds before the problem: [28/Aug/2012:17:47:14 +0200] z.z.z.z TLSv1 ECDHE-RSA-AES256-SHA "-" - These are the corrisponding lines from sslaccess.log: z.z.z.z - - [28/Aug/2012:17:47:14 +0200] "-" 408 - ... x.x.x.x - - [28/Aug/2012:17:47:54 +0200] "GET /login HTTP/1.1" 200 1183 y.y.y.y - - [28/Aug/2012:17:47:45 +0200] "POST /upf HTTP/1.1" 200 73

Read the article
IIS FTP 7.5 Data Channel Problem (SSL)

- by user59050

Hey there I wonder if anyone can get me in the right direction. I am setting up both a FTPS Client and Server, FTPS Server using Microsoft’s iis FTP 7.5. On the client side it will be running on Linux and I am using M2crypto for the openssl wrapping (python). I am worried the problem is on the server side (iis7.5) due to the following discovery : If I host using Filezilla with BOTH the control and data channel being forced to be encrypted it works 100% (100% file transmission), if i use iis as the server everything works up to the point when the data channel takes over... i.e. all data of the retrieved file is already received correctly in my basket! The ftp server just won't send the final '226 Transfer complete.' on the cmd socket. Why? If i force the client or server to close the connection the file is 100% intact....If i use iis 7.5 with forced encryption on control channel all works 100% as long as i don’t force data channel... Here are some screenshots to demo this... Client View after Kill Client : pics @ http://forums.iis.net/p/1172936/1960994.aspx#1960994 Summary : We can establish the connection, do directory listings, start the upload, see the file (0bytes) created on the server but then the client hangs. If we terminate the client, the uploaded file on the server suddenly jumps up to full size.

Read the article
Deciding on SSLRandomSeed values in Apache 2.2

- by sh-beta

What rules of thumb should you follow when choosing SSLRandomSeed startup and connect values in Apache?

Read the article

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72 | Next Page >