Search Results

Search found 3868 results on 155 pages for 'wildcard ssl'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 66/155 | < Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >

  • How often is CRL refreshed, and how to force it to be?

    - by lockstock
    I have a web service running under IIS 7 that requires an X509 client certificate. I know that the server that it rus on needs access to DigiCert.com in order to be able to get the CRL (Certificate Revocation List). There is a need to change our proxy so I am attempting to investigate the impact of doing so. I have removed the global proxy settings using the command netsh winhttp proxy refesh, and also deleted the CRL cache using the command certutil -URLcache CRL delete. However, after doing this, all calls to the web service still succeed. This suggests to me that I am missing something here. So; If the CRL cache is cleared and the server has no way of refreshing the CRL, why do web service requets not return http 403?. I have been unable to find adequate information from googling nor from my colleagues. The reason I want it to fail is that I will not be confident that the new proxy settings work until I can see it broken first, if that makes sense. I would also like to be able to force the CRL to be refeshed in order to ensure that the new proxy settings work

    Read the article

  • Why is my RapidSSL Certificate chain is not trusted on ubuntu?

    - by olouv
    I have a website that works perfectly with Chrome & other browser but i get some errors with PHP in CLI mode so i'm investigating it, running this: openssl s_client -showcerts -verify 32 -connect dev.carlipa-online.com:443 Quite suprisingly my HTTPS appears untrusted with a Verify return code: 27 (certificate not trusted) Here is the raw output : verify depth is 32 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=27:certificate not trusted verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 So GeoTrust Global CA appears to be not trusted on the system (Ubuntu 11.10). Added Equifax_Secure_CA to try to solve this... But i get in this case Verify return code: 19 (self signed certificate in certificate chain) ! Raw output : verify depth is 32 CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify error:num=19:self signed certificate in certificate chain verify return:1 depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 Edit Looks like my server does not trust/provide the Equifax Root CA, however i do correctly have the file in /usr/share/ca-certificates/mozilla/Equifax...

    Read the article

  • Troubleshooting certificate issues

    - by Weezy
    I'm trying to access my (European Parliament) Webmail from a Linux/Firefox machine at the following address and I get security warning messages explaining that the identity of the site cannot be verified (the error message is in french). But this only happens with Linux/Firefox from one machine. Here's the address: https://webmail.europarl.europa.eu/ (and I'm trying to access it from my home, not from the EP). And here's the detailed error message: webmail.europarl.europa.eu utilise un certificat de sécurité invalide. Le certificat n'est pas sûr car l'autorité délivrant le certificat est inconnue. (Code d'erreur : sec_error_unknown_issuer) So basically, if I translate, it is telling that the webmail.europarl.europa.eu certificate is invalid because the authority that delivered the certificate is unknown. I do only get this invalid certificate thing on Linux/Firefox. From a MacBookPro running Safari, I go to what looks like the correct webmail login page. From the same Linux machine, but using another user account and Chrome instead of Firefox, I go to what looks like the correct webmail login page. So there are several possibilities, here are a few ones: Firefox is right and my Linux box has been hacked Firefox is right and detecting something that neither Chrome nor Safari is detecting (like, say, my router that may be hacked) Safari on the MacBook Pro and Chrome on Linux are both correct and it is just Firefox on Linux that is wrongly stressing me when everything is normal. How do I know which one of these possibilities (or any other) is correct? How can I troubleshoot what is going on with either Linux/Firefox or with the parliament's webmail?

    Read the article

  • Server unresponsive after successful OpenSSL connection

    - by Dan B
    I'm testing server connections using OpenSSL, with varying results Server A: connection is successful, as are user login and the other commands I expected to work Server B: connection is successful, but the server is unresponsive when I try to submit a command. I don't get an error, or even a disconnection – just a blank line from where I hit Enter or ^M My hunch is that Server B's configuration requires a different character encoding or something and it's simply not recognizing my Enter keystroke, but I've looked to no avail... any suggestions would be appreciated!

    Read the article

  • How to create my own certificate chain?

    - by StackedCrooked
    I would like to setup my own OCSP Responder (just for testing purposes). This requires me to have a root certificate and a few certificates generated from it. I've managed to create a self-signed certificate using openssl. I want to use it as the root certificate. The next step would be to create the derived certificates. I can't seem to find the documentation on how to do this however. Does anyone know where I can find this information?

    Read the article

  • Plesk + Apache + PHP (FastCGI): Constant session permissions problems, conflicts between HTTP / HTTPS

    - by Hans Engel
    I've just moved a collection of sites over to a brand-new server, running Apache 2.2.3, PHP 5.3, and Plesk 10.1.1. I am having problems with file permissions on PHP sessions, which are being stored in /var/lib/php/session. I originally set the permissions like so for this folder: drwxrwx--- 2 apache psacln 8192 Mar 22 23:25 session This worked fine, for HTTP sessions. Files were being saved in that folder with these permissions: -rw------- 1 client1 psacln 0 Mar 22 23:24 sess_507... -rw------- 1 client2 psacln 0 Mar 22 23:25 sess_8o1... The problem, however, is that PHP scripts accessed via HTTPS do not seem to be run by the same client1 or client2 user. I deleted files in the session directory and accessed a login page via HTTPS to see how sessions were being saved when initiated via this protocol: -rw------- 1 apache apache 0 Mar 22 23:25 sess_507... So, for whatever reason, sessions initiated by clients browsing with HTTPS were being saved by apache:apache, while sessions from HTTP clients were saved with someclient:psacln. What I'd like to ask: How can I avoid this problem with session permissions? When sessions are created via unencrypted HTTP and a client visits an HTTPS portion of the site, permission errors are shown, since apache:apache tries to access the session save created by someclient:psacln. The converse is also true. Can I change the user which runs the Apache HTTPS server, via Plesk or the command line? If not, can I have PHP sessions save with rw-rw---- permissions, and then add apache to the psacln group? Any other suggestions on how to fix this issue?

    Read the article

  • Upload a Signed Certificate to Amazon EC2

    - by Tam Minh
    I'm very new to Amazon EC2. I am trying to setup https for my website, I follow the offical instruction from amazon doc: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html And I get stuck at Upload the Signed Certificate step aws iam upload-server-certificate --server-certificate-name <certificate_object_name> --certificate-body <public_key_certificate_file> --private-key <privatekey.pem> --certificate-chain <certificate_chain_file> As a instruction, I just create a private key (privatekey.pem) and A Certificate Signing Request (csr.pem), but in the command line they request 4 params 1. certificate_object_name 2. public_key_certificate_file 3. *private-key --> I only have this one* 4. certificate_chain_file I don't know where to get 3 remain params, please help to shed a light. Thank you in advance.

    Read the article

  • Can't connect to STunnel when it's running as a service

    - by John Francis
    I've got STunnel configured to proxy non SSL POP3 requests to GMail on port 111. This is working fine when STunnel is running as a desktop app, but when I run the STunnel service, I can't connect to port 111 on the machine (using Outlook Express for example). The Stunnel log file shows the port binding is succeeding, but it never sees a connection. There's something preventing the connection to that port when STunnel is running as a service? Here's stunnel.conf cert = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode client = yes ; Service-level configuration [gmail] accept = 127.0.0.1:111 connect = pop.gmail.com:995 stunnel.log from service 2010.10.07 12:14:22 LOG5[80444:72984]: Reading configuration from file stunnel.conf 2010.10.07 12:14:22 LOG7[80444:72984]: Snagged 64 random bytes from C:/.rnd 2010.10.07 12:14:23 LOG7[80444:72984]: Wrote 1024 new random bytes to C:/.rnd 2010.10.07 12:14:23 LOG7[80444:72984]: PRNG seeded successfully 2010.10.07 12:14:23 LOG7[80444:72984]: Certificate: stunnel.pem 2010.10.07 12:14:23 LOG7[80444:72984]: Certificate loaded 2010.10.07 12:14:23 LOG7[80444:72984]: Key file: stunnel.pem 2010.10.07 12:14:23 LOG7[80444:72984]: Private key loaded 2010.10.07 12:14:23 LOG7[80444:72984]: SSL context initialized for service gmail 2010.10.07 12:14:23 LOG5[80444:72984]: Configuration successful 2010.10.07 12:14:23 LOG5[80444:72984]: No limit detected for the number of clients 2010.10.07 12:14:23 LOG7[80444:72984]: FD=156 in non-blocking mode 2010.10.07 12:14:23 LOG7[80444:72984]: Option SO_REUSEADDR set on accept socket 2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail bound to 0.0.0.0:111 2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail opened FD=156 2010.10.07 12:14:23 LOG5[80444:72984]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.10.07 12:14:23 LOG5[80444:72984]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 stunnel.log from desktop (working) process 2010.10.07 12:10:31 LOG5[80824:81200]: Reading configuration from file stunnel.conf 2010.10.07 12:10:31 LOG7[80824:81200]: Snagged 64 random bytes from C:/.rnd 2010.10.07 12:10:32 LOG7[80824:81200]: Wrote 1024 new random bytes to C:/.rnd 2010.10.07 12:10:32 LOG7[80824:81200]: PRNG seeded successfully 2010.10.07 12:10:32 LOG7[80824:81200]: Certificate: stunnel.pem 2010.10.07 12:10:32 LOG7[80824:81200]: Certificate loaded 2010.10.07 12:10:32 LOG7[80824:81200]: Key file: stunnel.pem 2010.10.07 12:10:32 LOG7[80824:81200]: Private key loaded 2010.10.07 12:10:32 LOG7[80824:81200]: SSL context initialized for service gmail 2010.10.07 12:10:32 LOG5[80824:81200]: Configuration successful 2010.10.07 12:10:32 LOG5[80824:81200]: No limit detected for the number of clients 2010.10.07 12:10:32 LOG7[80824:81200]: FD=156 in non-blocking mode 2010.10.07 12:10:32 LOG7[80824:81200]: Option SO_REUSEADDR set on accept socket 2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail bound to 0.0.0.0:111 2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail opened FD=156 2010.10.07 12:10:33 LOG5[80824:81200]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.10.07 12:10:33 LOG5[80824:81200]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.10.07 12:10:33 LOG7[80824:81844]: Service gmail accepted FD=188 from 127.0.0.1:24813 2010.10.07 12:10:33 LOG7[80824:81844]: Creating a new thread 2010.10.07 12:10:33 LOG7[80824:81844]: New thread created 2010.10.07 12:10:33 LOG7[80824:25144]: Service gmail started 2010.10.07 12:10:33 LOG7[80824:25144]: FD=188 in non-blocking mode 2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on local socket 2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail accepted connection from 127.0.0.1:24813 2010.10.07 12:10:33 LOG7[80824:25144]: FD=212 in non-blocking mode 2010.10.07 12:10:33 LOG6[80824:25144]: connect_blocking: connecting 209.85.227.109:995 2010.10.07 12:10:33 LOG7[80824:25144]: connect_blocking: s_poll_wait 209.85.227.109:995: waiting 10 seconds 2010.10.07 12:10:33 LOG5[80824:25144]: connect_blocking: connected 209.85.227.109:995 2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail connected remote server from 192.168.1.9:24814 2010.10.07 12:10:33 LOG7[80824:25144]: Remote FD=212 initialized 2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on remote socket 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): before/connect initialization 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client hello A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server hello A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server certificate A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server done A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client key exchange A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write change cipher spec A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write finished A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 flush data 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read finished A 2010.10.07 12:10:33 LOG7[80824:25144]: 1 items in the session cache 2010.10.07 12:10:33 LOG7[80824:25144]: 1 client connects (SSL_connect()) 2010.10.07 12:10:33 LOG7[80824:25144]: 1 client connects that finished 2010.10.07 12:10:33 LOG7[80824:25144]: 0 client renegotiations requested 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server connects (SSL_accept()) 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server connects that finished 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server renegotiations requested 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache hits 2010.10.07 12:10:33 LOG7[80824:25144]: 0 external session cache hits 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache misses 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache timeouts 2010.10.07 12:10:33 LOG6[80824:25144]: SSL connected: new session negotiated 2010.10.07 12:10:33 LOG6[80824:25144]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2010.10.07 12:10:34 LOG7[80824:25144]: SSL socket closed on SSL_read 2010.10.07 12:10:34 LOG7[80824:25144]: Sending socket write shutdown 2010.10.07 12:10:34 LOG5[80824:25144]: Connection closed: 53 bytes sent to SSL, 118 bytes sent to socket 2010.10.07 12:10:34 LOG7[80824:25144]: Service gmail finished (0 left)

    Read the article

  • Is there a way to extract a "private certificate key" from Chrome and import it into Firefox ?

    - by user58871
    This is a classical Catch-22 situation. I was using online banking the other day under Chrome. I had to order a digital certificate so that I could extend my privileges. The stupid thing is that when I got approved and opened the certificate installation menu, I saw only versions for IE/Firefox available. What the heck, I said, and chose FF - the result I got was Error 202 - ERR:CERT:INVALID. I opened FF, got to the same page, and tried to install the damn thing from there, but got a message basically saying that I must have been given a private key which obviously FF doesn't find. I read a bit, and it turned out that I really must have been given such a key but only to the browser that I ordered the cert with, i.e. Chrome. The worst thing is that if I deactivate my order, and reissue a new cert, this time from FF, I MUST go to a bank office (!!!WTF), but I am currently studying abroad, so I can't just go back. Is there a way, that I could extract that key from Chrome's profile, and import it into FF under Windows ? I will be glad to know

    Read the article

  • Setting up HTTPS across multiple servers

    - by JohnyD
    I'm looking to offer our online services over https and I'm having a couple of problems understanding how to accomplish this. To access our services you must pass through our ISA firewall to a Win2000 server running IIS6. About half our services are located here and the other half take you to a Win2003 server also running IIS6. So, in order to achieve this must each server have the proper certificate installed? ISA, IIS6_1 and IIS6_2? Is there a separate configuration that must be made to our ISA firewall? The other problem is with the CA and knowing how many certificates I need. It's important to note that the domain name for our services on IIS6_1 is www.domainname.com but the domain name on IIS6_2 is services.domainname.com. I believe that this will require me to purchase more than one certificate. It looks as though we will be going with Thawte's SSL123 as it's a good name and it's fast to get. Will I need to purchase 2 certificates (one for www that will be installed on our ISA firewall as well as IIS6_1, and one for services.domainname.com on IIS6_2)? Or will I need to purchase 3, the extra one being used on our firewall server? Another side question is about SAN's (subject alternative names). Is this basically adding sub-domains to your cert? So I could purchase one cert with 1 SAN for my www and services.? Thanks a lot for your help! Please let me know if I can provide any further information.

    Read the article

  • Import a bunch of certificates into the correct certificate store using a script

    - by Jesse Weigert
    I have a collection of certificates in a p7b file, and I would like to automatically import each certificate into the correct store depending on the certificate template. What is the best way to do this with a script? I tried using certutil -addstore root Certificate.p7b, and that will correctly place all of the root CAs into the root store, but it returns an error if it encounters any other type of certificate. I'm willing to use batch scripts, vbscript or powershell to accomplish this task. Thanks!

    Read the article

  • Disable all but RC4 in apache

    - by Daniel
    Our PCI compliance vendor requires that we disable all but RC4 encryption on our web server. Currently our apache config file looks like this: SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH:!AES256-SHA:!ECDHE-RSA-AES256-SHA384:!AES128-SHA:!DES-CBC:!aNull:!eNull:!LOW:!SSLv2 However, https://www.ssllabs.com reports the following ciphers are allowed: TLS_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA How can I configure apache to only allow RC4?

    Read the article

  • Extract cert and private key from JKS keystore to use it in Apache2 httpd

    - by momo
    I tried to find this but no luck. I created a JKS keystore and generated a CSR, then imported the signed cert and intermediate and root CA certs. Used this keystore on Tomcat without problems. Now I want to use the same cert for Apache2 http server on the same machine. I actually want to set up mod_jk to redirect /*.jsp and servlets paths to Tomcat and serve the static content and PHP from Apache2. I tried to convert JKS to PKCS12 with keytool to afterwards handle it with openssl with a command like this: keytool -importkeystore -srckeystore foo.jks \ -destkeystore foo.p12 \ -srcstoretype jks \ -deststoretype pkcs12 The problem is only the cert is exported but not the rest of the chain. I actually used this keystore on Apache and it complained about key and cert don't matching (not sure if it's related to the chain or not). Can anyone point me on the right direction? I am not a server guy and I am kinda lost with all this things :-(

    Read the article

  • Exchange 2003 ActiveSync problem

    - by colemanm
    We're having problems getting iPhones to sync properly with SBS 2003 Exchange. When you add a new Exchange ActiveSync account on an iPhone and enter all the pertinent information, it shows a "Verifying Exchange account info" message for a minute or so, then says everything's verified and asks what you want to sync, Mail, Contacts, Calendars... so it looks like it's working. However, when you go to the Mail app and select the Exchange email account, it just shows an "Inbox" folder with nothing in it. When you try refreshing, it attempts for a second, then says "Last Updated" with a timestamp, as if it worked, but there's no mail and no error message/feedback at all. I think I've narrowed it down to some sort of certificate issue, but I'm having trouble finding out where to go from here... I ran MS's Exchange connectivity testing tool with these results: Our cert was purchased from Network Solutions, and I'd already added it to the IIS Default Website for OWA purposes. But this report makes it look like the cert is somehow problematic. I don't know what to do now... Here's a shot of the cert details, just in case:

    Read the article

  • Can't connect to STunnel when it's running as a service

    - by John Francis
    I've got STunnel configured to proxy non SSL POP3 requests to GMail on port 111. This is working fine when STunnel is running as a desktop app, but when I run the STunnel service, I can't connect to port 111 on the machine (using Outlook Express for example). The Stunnel log file shows the port binding is succeeding, but it never sees a connection. There's something preventing the connection to that port when STunnel is running as a service? Here's stunnel.conf cert = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode client = yes ; Service-level configuration [gmail] accept = 127.0.0.1:111 connect = pop.gmail.com:995 stunnel.log from service 2010.10.07 12:14:22 LOG5[80444:72984]: Reading configuration from file stunnel.conf 2010.10.07 12:14:22 LOG7[80444:72984]: Snagged 64 random bytes from C:/.rnd 2010.10.07 12:14:23 LOG7[80444:72984]: Wrote 1024 new random bytes to C:/.rnd 2010.10.07 12:14:23 LOG7[80444:72984]: PRNG seeded successfully 2010.10.07 12:14:23 LOG7[80444:72984]: Certificate: stunnel.pem 2010.10.07 12:14:23 LOG7[80444:72984]: Certificate loaded 2010.10.07 12:14:23 LOG7[80444:72984]: Key file: stunnel.pem 2010.10.07 12:14:23 LOG7[80444:72984]: Private key loaded 2010.10.07 12:14:23 LOG7[80444:72984]: SSL context initialized for service gmail 2010.10.07 12:14:23 LOG5[80444:72984]: Configuration successful 2010.10.07 12:14:23 LOG5[80444:72984]: No limit detected for the number of clients 2010.10.07 12:14:23 LOG7[80444:72984]: FD=156 in non-blocking mode 2010.10.07 12:14:23 LOG7[80444:72984]: Option SO_REUSEADDR set on accept socket 2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail bound to 0.0.0.0:111 2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail opened FD=156 2010.10.07 12:14:23 LOG5[80444:72984]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.10.07 12:14:23 LOG5[80444:72984]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 stunnel.log from desktop (working) process 2010.10.07 12:10:31 LOG5[80824:81200]: Reading configuration from file stunnel.conf 2010.10.07 12:10:31 LOG7[80824:81200]: Snagged 64 random bytes from C:/.rnd 2010.10.07 12:10:32 LOG7[80824:81200]: Wrote 1024 new random bytes to C:/.rnd 2010.10.07 12:10:32 LOG7[80824:81200]: PRNG seeded successfully 2010.10.07 12:10:32 LOG7[80824:81200]: Certificate: stunnel.pem 2010.10.07 12:10:32 LOG7[80824:81200]: Certificate loaded 2010.10.07 12:10:32 LOG7[80824:81200]: Key file: stunnel.pem 2010.10.07 12:10:32 LOG7[80824:81200]: Private key loaded 2010.10.07 12:10:32 LOG7[80824:81200]: SSL context initialized for service gmail 2010.10.07 12:10:32 LOG5[80824:81200]: Configuration successful 2010.10.07 12:10:32 LOG5[80824:81200]: No limit detected for the number of clients 2010.10.07 12:10:32 LOG7[80824:81200]: FD=156 in non-blocking mode 2010.10.07 12:10:32 LOG7[80824:81200]: Option SO_REUSEADDR set on accept socket 2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail bound to 0.0.0.0:111 2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail opened FD=156 2010.10.07 12:10:33 LOG5[80824:81200]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010 2010.10.07 12:10:33 LOG5[80824:81200]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.10.07 12:10:33 LOG7[80824:81844]: Service gmail accepted FD=188 from 127.0.0.1:24813 2010.10.07 12:10:33 LOG7[80824:81844]: Creating a new thread 2010.10.07 12:10:33 LOG7[80824:81844]: New thread created 2010.10.07 12:10:33 LOG7[80824:25144]: Service gmail started 2010.10.07 12:10:33 LOG7[80824:25144]: FD=188 in non-blocking mode 2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on local socket 2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail accepted connection from 127.0.0.1:24813 2010.10.07 12:10:33 LOG7[80824:25144]: FD=212 in non-blocking mode 2010.10.07 12:10:33 LOG6[80824:25144]: connect_blocking: connecting 209.85.227.109:995 2010.10.07 12:10:33 LOG7[80824:25144]: connect_blocking: s_poll_wait 209.85.227.109:995: waiting 10 seconds 2010.10.07 12:10:33 LOG5[80824:25144]: connect_blocking: connected 209.85.227.109:995 2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail connected remote server from 192.168.1.9:24814 2010.10.07 12:10:33 LOG7[80824:25144]: Remote FD=212 initialized 2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on remote socket 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): before/connect initialization 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client hello A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server hello A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server certificate A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server done A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client key exchange A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write change cipher spec A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write finished A 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 flush data 2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read finished A 2010.10.07 12:10:33 LOG7[80824:25144]: 1 items in the session cache 2010.10.07 12:10:33 LOG7[80824:25144]: 1 client connects (SSL_connect()) 2010.10.07 12:10:33 LOG7[80824:25144]: 1 client connects that finished 2010.10.07 12:10:33 LOG7[80824:25144]: 0 client renegotiations requested 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server connects (SSL_accept()) 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server connects that finished 2010.10.07 12:10:33 LOG7[80824:25144]: 0 server renegotiations requested 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache hits 2010.10.07 12:10:33 LOG7[80824:25144]: 0 external session cache hits 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache misses 2010.10.07 12:10:33 LOG7[80824:25144]: 0 session cache timeouts 2010.10.07 12:10:33 LOG6[80824:25144]: SSL connected: new session negotiated 2010.10.07 12:10:33 LOG6[80824:25144]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2010.10.07 12:10:34 LOG7[80824:25144]: SSL socket closed on SSL_read 2010.10.07 12:10:34 LOG7[80824:25144]: Sending socket write shutdown 2010.10.07 12:10:34 LOG5[80824:25144]: Connection closed: 53 bytes sent to SSL, 118 bytes sent to socket 2010.10.07 12:10:34 LOG7[80824:25144]: Service gmail finished (0 left)

    Read the article

  • Using Apache / Kerberos / Keytab to Authenticate Redmine Users Against Active Directory

    - by David Kaczynski
    Please bare with me, as I am still fresh to these technologies. We have a Debian (squeeze) server to which I have root access. It is running Apache, and Redmine is deployed to the server (currently using a local MySQL database for authentication). Apache is configured to use Kerberos and a keytab file to authenticate users against Active Directory. With the current configuration, as soon as a user attempts to access anything over https, the user is prompted for a username / password, which is successfully authenticated against Active Directory. I understand (somewhat) that Redmine has its own LDAP configuration that can be used to authenticate users against an existing Active Directory, but this would require the user to enter their credentials one time for Apache and then a second time for Redmine. I am wondering, Can I somehow configure Redmine to share the Apache authentication method as opposed to requiring the user to enter their credentials a second time? (Using Apache to authenticate against Active Directory is a requirement for a separate application on the server)

    Read the article

  • Plesk 10 Postfix with multiple IP adresses and SSL certificates

    - by JulianB
    We are currently running a root server with Debian 6 and Plesk 10.4.4. We have some virtual hosts using one IP adress (shared) - e.g. example1.com - and another virtual host using a dedicated IP address (example2.com). Is there a way to configure postfix to do the following Always use the IP address of the virtual host to which the e-mail account belongs (so that an e-mail from [email protected] will originate from the shared IP-Address and an e-mail from [email protected] will originate from the dedicated IP? Use different certificates for TLS for example1.com and example2.com? If the latter is not possible: Could any problems arrive when using example1.com as certificate for example2.com users? Of course, example2.com users would have to configure their clients to use example1.com as the SMTP server name to avoid annoying security warnings. But if we still would be able to get the effect of the first point that would still be acceptable.

    Read the article

  • Install self-signed certificate on local server (iis)

    - by ile
    On this page there are instructions on how to create self-signed cert (on apache) and how to install this certificate on server. I found this page (http://www.visualwin.com/SelfSSL/) with instructions on how to create self-signed certificate on windows (iis). I followed instructions and when I type https://myip/myapp (this leads to localhost because I set my router's port forwarding to go to localhost on my pc) this part works. From the first link, the most important part is this: What needs to be installed in IE is actually the Root CA Certificate. In the how-to above, the Root CA Certificate is called ca.crt. Copy this file to the server that is running QuickBooks. The following is for IE6: - Open IE - Tools - Internet Options - Content - Certificates - Trusted Root Certification Authorities Tab - Import, Next, Browse to 'ca.crt' - Next, Next, Finish, Close, OK The part that is missing in second link is that there is no instruction on how to get .crt file, so I tried to get it myself. What I did was following: I opened https://myip/myapp in Firefox and then "This Connection is Untrusted" screen appeared. Then I clicked on "Add Exception" and then below "Certificate Status" I clicked "View". Under the Details tab I clicked on Export and choosed Save as type: "X 509 Certificate (PEM)" and file was saved with .crt extension. Then I opened IE8 and followed above instructions. After opening https://myip/myapp in IE8 I always get warning screen. Does anyone knows what am I doing wrong? Thanks, Ile

    Read the article

  • generate correctly a self signed certificate Zimbra

    - by rkmax
    I have a Single mail server with Zimbra 8.0.0 for generate certificate I'm following Generate the cert. ORG=MyOrganization CN=mail.mydomain.com COUNTRY=myCountry CITY=myCity /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subject "/C=$COUNTRY/ST=N/A/L=$CITY/O=$ORG/OU=ZCS/CN=$CN" /opt/zimbra/bin/zmcertmgr deploycrt self -allserver su - zimbra "zmcontrol restart" Veririficate with /opt/zimbra/bin/zmcertmgr viewdeployedcrt. i can see the new cert In Chrome go to https://mail.mydomain.com and export the .cer test in a Windows client certutil.exe -addstore root \path\to\exported.cert root "Root Certification Authorities trusted" You can add a root certificate to the root store CertUtil:-addstore command error: 0x8007000d (WIN32: 13) CertUtil: Invalid data. even from chrome i've tried to add the cert without successful results. can anyone help me with this problem?

    Read the article

  • Firefox: This connection is untrusted + Behind corporate firewall

    - by espais
    I've seen some similar issues strewn throughout Google's results about this, but none seem to be corporate-specific. I continually get the 'This connection is untrusted' screen every time I attempt to log into a secure site...for instance Gmail. This is pretty annoying as sometimes I have to go through the process of adding the exception two or three times before it finally lets me into Gmail. I am behind a corporate firewall, going through an internal proxy server to get to the Internet, so there is no possibility for me to update the firewall...etc. Does anybody know a way around this? Can it simply be disabled (and is that safe)? EDIT I'm going to reopen this question with a bit of new information. I have been using Google Chrome lately until today, and one thing that I noticed was that I never had this issue when using either Chrome or Internet Explorer. Is there something that these other browsers do that I need to manually do in FF?

    Read the article

  • Apache 2 Symbolic link not allowed or link target not accessible

    - by djechelon
    While the title of this question matches an already asked question, in my case I already set Options +FollowSymLinks. The setup is the following: my hosting setup includes htdocs/ directory that is the default document root for HTTP websites and htdocs-secure that is for HTTPS. They are meant for sites that need a different HTTPS version. In case both share the same files I create a link from htdocs-secure to htdocs by ln -s htdocs htdocs-secure but here comes the problem! Log still says Symbolic link not allowed or link target not accessible: /path/to/htdocs-secure Vhost fragment Header always set Strict-Transport-Security "max-age=500" DocumentRoot /path/to/htdocs-secure <Directory "/path/to/htdocs-secure"> allow from all Options +FollowSymLinks </Directory> I think it's a correct setup. The HTTP version of the site is accessible, so it doesn't look like a permission problem. How to fix this? [Add] other info: I use MPM-itk and I set AssignUserId to the owner/group of both the directories

    Read the article

  • Tortoise SVN Error Validating Server Certificate

    - by theplatz
    I just updated the certificate on one of my sites due to the old one expiring. The new certificate verifies fine in Internet Explorer 9, Chrome, and Firefox 4 - but when trying to browse/check out the repository with TortoiseSVN, I get the following error: Error validating server certificate for https://xxx.xxx.com:443: Unknown certificate issuer. Fingerprint: 96:b3:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0 Distinguished name: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by reference, Entrust, Inc., US Do you want to proceed? Accept permanently | Accept once | Reject Clicking Accept permanently will work, but this is less than ideal. This problem seems to be related to TortoiseSVN and not the certificate, which checks out fine at http://sslinstallcheck.entrust.net/SIC/jsp/MainWebAddress.jsp and http://www.digicert.com/help/. Any ideas on what could be wrong?

    Read the article

  • Using TLS-PSK on IIS

    - by ralu
    We are doing embedded device and due to low memory contraints and closed enviroment best option there would be using one of TLS-PSK ChiperSuites (pre shared key - no asymetric cryptography). As far as I see there is no TLS-PSK support in Schannel http://msdn.microsoft.com/en-us/library/aa374757%28VS.85%29.aspx but is there any way to use TLS-PSK on IIS?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >