Search Results

Search found 14267 results on 571 pages for 'security certificate'.

Page 71/571 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >

Using Cloud Formation provisioned security group with specific subnet

- by Fred Clausen

Summary I'm attempting to create an AWS CloudFormation template which contains an instance for which I want to select a particular subnet. If I specify the subnet ID then I get the following error The parameter groupName cannot be used with the parameter subnet. From reading this thread it appears I need to provide security group IDs - not names. How can I create a security group in CloudFormation and then get its ID after the fact? Details The relevant part of the instance config is as follows "WebServerHost": { "Type" : "AWS::EC2::Instance", <..skipping metadata...> "Properties": { "ImageId" : { "ami-1234" }, "InstanceType" : { "Ref" : "WebServerInstanceType" }, "SecurityGroups" : [ {"Ref" : "WebServerSecurityGroup"} ], "SubnetId" : "subnet-abcdef123", and the security group looks as follows "WebServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP and SSH", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"} ] } }, How can I create and then get that security group's ID?

Read the article
Cisco adaptive security appliance is dropping packets where SYN flag is not set

- by Brett Ryan

We have an apache instance sitting inside our DMZ which is configured to proxy requests to an internal NATed tomcat instance inside our network. It works fine, but then all of a sudden requests from apache to the tomcat instance stop getting through with the following in the apache logs: [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header Investigating into the Cisco log viewer reveals the following: Error Message %ASA-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name. Explanation The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet. Recommended Action None required unless the adaptive security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent. All are machines are virtualised using VMware, and by default machines have been using the Intel E1000 emulated NIC. Our network administrator has changed this to a VMXNET3 driver in an attempt to correct the problem, we just have to wait and see if the problem persists as it's an intermittent problem. Is there something else that could be causing this problem? This isn't the first service where we have had similar issues. Our apache host is running Ubuntu 11.10 with a kernel version of 3.0.0-17-server. We have also had this issue on RHEL5 (5.8) running kernel 2.6.18-308.16.1.el5, this machine also has the E1000 NIC. NOTE: I am not a network administrator and am a software architect and analyst programmer responsible for these systems.

Read the article
"Checksum failed" during Kerberos SSO

- by Buddy Casino

This is an error that occurs when a mod_auth_kerb protected webapp is being accessed, and I have no idea what the cause might be. Can anyone give hints as into which direction I should look? Thankful for any help! Search Subject for Kerberos V5 ACCEPT cred (HTTP/[email protected], sun.security.jgss.krb5.Krb5AcceptCredential) Found key for HTTP/[email protected](23) Entered Krb5Context.acceptSecContext with state=STATE_NEW >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Checksum failed ! 16:36:30,248 TP-Processor31 WARN [site.servlet.KerberosSessionSetupPrivilegedAction] Caught GSS Error GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:95) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at org.alfresco.web.site.servlet.KerberosSessionSetupPrivilegedAction.run(KerberosSessionSetupPrivilegedAction.java:44) at java.security.AccessController.doPrivileged(Native Method) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:337) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doKerberosLogon(SSOAuthenticationFilter.java:994) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:438) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724) ... 24 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388) at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83) ... 30 more

Read the article
Amazon EC2 - HTTPS - Certificate body is invalid. The body must not contain a private key

- by Tam Minh

I'm very new to Amazon EC2. I am trying to setup https for my website, I follow the offical instruction from amazon doc: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html When I Upload a Signed Certificate using AWS command aws iam upload-server-certificate --server-certificate-name dichcumga --certificate-body file://mycert.pem --private-key file://signedkey.pem --certificate-chain file://mychain.pem And I got error A client error (MalformedCertificate) occurred when calling the UploadServerCert ificate operation: Certificate body is invalid. The body must not contain a private key. mycert.pem is a combination of private.pem and signedkey.pem (which return by VeriSign) copy private.pem+signedkey.pem mycert.pem Please help to shed a light. Thank you in advance.

Read the article
SSL cert issued to and SAN attribute

- by Jai

I have added a cert to my application cacerts file. The new cert is issued to one DNS(abc.com) and they have added few other DNS(XYZ.com, TEST.com) to the SAN attribute while creating. I tried accessing one of the DNS(XYZ.com) given in SAN attribute, it throws me the below mentioned error. <Certificate chain received from XYZ.com failed hostname verification check. Certificate contained abc.com but check expected XYZ.com> If we have more DNS for an application, Do we need to generate cert for every single DNS?

Read the article
GPO best practices : Security-Group Filtering Versus OU

- by Olivier Rochaix

Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

Read the article
Security log overflowing with filtering blocks

- by Jacob

I have a Windows 7 workstation whose security log is overflowing with the following errors: Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5157 Filtering Platform Connection "The Windows Filtering Platform has blocked a connection." Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5152 Filtering Platform Packet Drop "The Windows Filtering Platform has blocked a packet." These are not unexpected events; the firewall is expected to drop unsolicited traffic. However, I can't figure out how to tell Windows to stop writing these events to the security log. I've seen this problem before and have been able to find an answer with the use of Google, but I wasn't able to locate on this this time. Thanks!

Read the article
Generating SSL certificates

- by user73483

Hi, I was wondering if anyone has any idea in how to generate a signed CA cert and key using openssl? I have found this website (http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html) to generate the client and server certs for mysql server but the example is a self-signed certificate. I use the following command for running the server and client using openssl and the generated certs and keys: openssl s_server -accept 6502 -cert server-cert.pem -key server-key.pem -CAfile ca-cert.pem -www openssl s_client -connect 192.168.1.92:6502 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem The error output I get is "Verify return code: 18 (self signed certificate)". Paul

Read the article
Windows SteadyState - system's security log is full

- by Matt

Quick version: New computer, attached to Windows domain, with SteadyState w/ Disk Protection turned on, cannot log on as domain user because Windows states 'system security log is full' Troubleshooting performed: disabled all 'restrictions' listed in SteadyState, cleared system security log, changed security log settings to overwrite entries when it becomes full, restarted computer to commit changes, verified changes were commited - still cannot log on as domain user, changed Documents and Settings folder to another partition, still cannot log on as domain user Let me know if you need a more detailed description of any steps performed. I appreciate any help you can give me.

Read the article
unable to get local issuer certificate - Ubuntu 11.04

- by user1443867

I'm facing a strange issue. My vps from Linode has no issue connecting to apple push server with following command. openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert Test_dev_apns_cert.pem -key Test_dev_apns_key.pem However, I was using the same pem files with above command testing from my another low budget vps and I'm getting this: Verify return code: 20 (unable to get local issuer certificate) Both are running Ubuntu 11.04 and installed LAMP as usual. No special configuration is done to both servers for SSL. Am I missing something here?

Read the article
Help me set up ssl.conf for multiple domains (name-based vhosts in ssl.conf?)

- by mmattax

In my httpd.conf: If I have my virtual host configured as: NameVirtualHost *:80 <VirtualHost *:80 ServerName foo.com ServerAlias www.foo.com Include conf.d/foo.conf </VirtualHost <VirtualHost *:80 ServerName bar.com ServerAlias www.bar.com Include conf.d/bar.conf </VirtualHost Can I get by with a single domain SSL certificate or must I purchase a wildcard SSL certificate to handle the www subdomain? I am now trying to configure the ssl.conf file, can I use name-based vhosts in my ssl.conf file like this: NameVirtualHost *:443 <VirtualHost *:443 ServerName foo.com ServerAlias www.foo.com ... Include conf.d/foo.conf </VirtualHost <VirtualHost *:443 ServerName bar.com ServerAlias www.bar.com ... Include conf.d/bar.conf </VirtualHost or do I need IP based vhosts? If this is possible, what kind of cert would I need in order to do this?

Read the article
Wildcard SSL Certificates with Exchange 2010?

- by Hutch

Is anyone using a Wildcard Cert with Exchange 2010 please? We currently have a bunch of individual whatever.domain.com SSL certificates and as several are expiring soon it would be an ideal opportunity to move to a wildcard certificate. At some point though we will be moving from Exchange 2003 to Exchange 2010, and I've read conflicting reports over whether wildcard certs work with Exchange 2010 as many guides seem to recommend a UCC/SAN certificate. Our internal DNS domain name is the same as our external domain name. Godaddy look like good VFM given they allow use on unlimited physical servers. Thanks in advance.

Read the article
Windows Server 2008 - change security settings for multiple files at once

- by ovalsquare

On Windows Server 2008, is there an easy way to modify security permissions for multiple files at once (as with Windows Server 2003)? Right-click menu - properties does not provide a "Security" tab if more than one file/directory is selected (i.e. ctrl-click multiple files). Is there really a valid security reason for changing this in Windows Server 2008?

Read the article
Export SSL Cert from IIS and import into GlassFish keystore

- by Tim H

What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

Read the article
Apache not using the right SSL certificate [on hold]

- by user2420318

In my apache2 setup, I have one VirtualHost for my main site, and another for a static content site, like downloads, css, etc. I have ssl certificates for both, and the static content one is under a subdomain of the main site. I have configured the four virtualhosts altogether, as both sites need SSL ones as well. When I only had 1 SSL site, everything was OK, but now with the second, the first site uses the second site's certificate, even though it is told specifically to use its own in the VirtualHost section. I honestly have no idea why apache would do this. Any ideas? I have a feeling there may be some default/global setting or something that are set for some odd reason. I am using different IPs for the Virtual hosts.

Read the article
Create private key with CSR

- by Daniel Schlieckmann

I have a CSR file (as a text file) and the corresponding P7B certificate. My problem is that I have to create a P12 file on a machine where I do not have created the CSR. I have created the CSR in Firefox Key Manager. Before, I imported the P7B file into certificate store in msc, then exported a CER-file, imported it in Key Manager and then exported the P12 file. This doesn't work anymore because I have another machine now. If I try to import the CER file created by msc, Key Manager says that there is no private key. Is there a possibility to create a private key?

Read the article
Group Policy for IE Security Zones

- by Doug Luxem

We are currently using the following Group Policy to control the Internet Explorer security zones: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Then setting the Site to Zone Assignment List with the various values using the following chart: Value Setting ------------------------------ 0 My Computer 1 Local Intranet Zone 2 Trusted sites Zone 3 Internet Zone 4 Restricted Sites Zone This works well; however, users are then unable to edit (or especially add) to their zone settings. Is there a way to lock in our custom zone settings while still giving users the ability to add their own sites to the security zones? Yes, I do realize the slight security risk in opening this up.

Read the article
Export SSL Cert from IIS and import into GlassFish keystore

- by Tim H

What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

Read the article
Group policy not applying to security group

- by ihavenoideawhatimdoing

Preface: I have enough privileges to create GPOs in my OU, and have made a few of them for some simple tasks (like deploying a printer to certain users). Not actually a sysadmin...I'm a developer who is winging it. I wanted to create a GPO that would set a mapped folder for a certain security group (which I recently created and that contains only myself). Did the following: Created the GPO in MyOU - Users Removed the default Authenticted Users under Security Filtering Add the security group with my account to Security Filtering Set up the mapping via the User Configuration option Changed GPO Status to "Computer configuration settings disabled" Left WMI filtering to Closed the GPO at this point... Logged in as the target user; ran gpupdate /force Logged out, logged in, ran gpresult /r, no mention of my GPO Rebooted Logged in, re-ran gpupdate /force Logged out, logged in, ran gpresult /r, still no mention of my GPO If I log in with another completely different user, their RSOP information shows that the new GPO is being ignored due to a security restriction, so it appears to be "working" for other users. I just can't get it to actually show up in RSOP for the user it should be working. Is there anything else I can do short of rebooting endlessly and crossing my fingers?

Read the article
Installing SSL certs with nginx on Amazon EC2

- by Ethan

I finally got a cert from an authority and am struggling to get things working. I've created the appropriate combined certificate (personal + intermediate + root) and nginx is pointing to it. I got an elastic IP and connected it to my EC2 instance. My DNS records point to that IP. But when I point the browser to the hostname, I get the standard "Connection Untrusted" bit, with ssl_error_bad_cert_domain. Port 443 is open - I can get to the site over https if I ignore the warning. Weird thing is, under technical details, it lists the domain I tried to access as valid! When I try and diagnose with ssl testing sites, they don't even detect a certificate! What am I missing here? domain is yanlj.coinculture.info. Note I've got coinculture.info running on a home server without a dedicated IP and have the same problem, but I'll be moving that to the same EC2 instance as soon as I figure this thing out. I thought the elastic IP would solve things but it hasn't

Read the article
SSL Certificates, two-way authentication and loadbalancers

- by 5arx

We're looking to implement two-way authentication with client certificates for a privileged subset of our application users. The idea will be that if a certificate is detected the user will be asked for an additional password/PIN and that will be used to verify the certificate and user. Ordinary users will continue to authenticate themselves via the standard login mechanism. Our production environment (hosted by a well-known company) comprises load-balanced application servers and I'm unclear as to how this set-up will handle the certificates and I'm not certain if there are any pitfalls I should be aware of. I would very appreciate some thoughts, comments or real-world advice on the subject.

Read the article
How does Slackware handle security updates?

- by Abtin Forouzandeh

I use a distribution that uses apt for package management and am accustomed to letting apt grab a list of package changes. I generally let it install all the needed security updates. I've been considering migrating to slackware. However, it seems slackware does not have a package management system. How would I learn about new security updates? Is the only way to monitor http://www.slackware.com/security/?

Read the article
All Tasks..Advanced Operations option missing from Certificaces MMC Snap-In

- by JohnFx

I am trying to follow the instructions in this article to create a custom certificate to support SSL on a web server. I'm stick on the following step: Click on Personal – All Tasks – Advanced Operations – Create Custom request The problem is that on the web server (Windows Server 2003 R2) I don't have an "Advanced Operations" option under "All Tasks". I do on my desktop machine (Windows 7), but not on the server. All the documentation I can find indicates that it should be available on WS-2003-R2, but it just isn't. Note: I'm going through this manual process because I need to specify a alternate host names in the CSR, which you can't do through the IIS 6.0 console certificate managment functionality. Any suggestions for how to make this option show up?

Read the article
Windows Server 2012 File Security Warning

- by Technicolour

I've mapped my domain users to a remote share, and I'm trying to get rid of the security warning that appears whenever a file is run from the remote share. I've tried adding the FQDN to the intranet list with no prevail and I'm starting to go crazy. I've also turned off IE Enhanced Security Configuration for both Admins and Users. The group policies are being applied, and I can see the FQDN in the intranet list in internet options. Relevant group policy: Relevant security warning:

Read the article
Multiple SSL on same IP [closed]

- by kadourah

Possible Duplicate: Multiple SSL domains on the same IP address and same port? I have the following situation: first domain: test.domain.com IP: 1.2.3.4 Port: 443 SSL: Purchased from godaddy and specific to that domain Works fine no issues. I would like to add another site: test2.domain.com IP: the same Port: can be different SSL: different since I can't use the SSL above because it's specific to the site above. Now, when I add the HTTPS binding to the second site with IP:Port combination it appears to always load the first SSL ignoring the second certificate. How can I add second SSL binding to the same IP using a "different" certificate? Can this be done?

Read the article

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78 | Next Page >