Search Results

Search found 8613 results on 345 pages for 'ssl keys'.

Page 72/345 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

• Extract Certs from Apache

  - by user271619

  Recently I've had to uninstall a single Self-Signed SSL Certificate from one of my Apache boxes, specifically for an outside party. That's not really a problem for me, since it was easy. What confuses me is how they knew I had a self-signed certificate. The domain I provided them was not related to the domain with the self-signed certificate. Does this mean Apache publicizes the Virtual hosts in the httpd.conf file? I asked the outside party what software they used to extract information from my server, and they provided this GitHub link: https://gist.github.com/4ndrej/4547029 I figured I'd ask the community first, before I attempt installing the Java program.

  Read the article

• strategy /insights for avoiding document content loss due to encryption

  - by pbernatchez

  I'm about to encourage a group of people to begin using S-Mime and GPG for digital signatures and encryption. I foresee a nightmare of encrypted documents which can no longer be recovered because of lost keys. The thorniest issue is archiving. The natural way to preserve privacy in an archive is to archive the encrypted document. But that opens us up to the risk of a lost key when time comes to unarchive a document, or a forgotten password. After all it will be a long way in the future. This would be equivalent to having destroyed the document. First thought is archiving keys with documents, but that still leaves the forgotten pass phrase. Archiving the passphrase too would be tantamount to archiving in the clear. No privacy. What approaches do you use? What insights can you offer on the issue?

  Read the article

• ssl_error_rx_record_too_long error on IIS - site was working, suddenly stopped

  - by JK01

  I am suddenly getting this error connecting to localhost IIS on my development machine. It has been working fine for ages, and now suddenly has this error in Firefox: Secure Connection Failed An error occurred during a connection to localhost. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) I have googled and found no clear explanation. In IE it says: Internet Explorer cannot display the webpage\ In Chrome it says: Oops! This link appears to be broken.

  Read the article

• How to use chain.p7b with Apache?

  - by Debianuser

  I wanted to setup a SSL website on Apache and applied for a certificate from my local ISP. All they sent me was a single file named chain.p7b. I have always used certificates from other vendors without any issues but they usually provide two files to be configured as SSLCertificateFile and SSLCertificateChainFile in Apache. Following instructions from several online resources, I opened the p7b file in Windows and extracted 4 certificates from the file. I then tried configuring Apache with one of the files and it worked, but shows a warning: The certificate is not trusted because no issuer chain was provided. I though I have to use remaining 3 files as SSLCertificateChainFile and/or SSLCACertificateFile. I tried that but it didn't work so I am assuming it might be something completely different. Anyone faced this issue before? The following page http://www-01.ibm.com/support/docview.wss?uid=swg21458997 talks about using a keystore but is that relevant to Apache?

  Read the article

• New Secure Website with Apache Reverse Proxy

  - by jtnire

  I wish to set up a new website that will be accessed by users using HTTPS. I think it is good practise to put the "real" web server in a seperate subnet, and then install an Apache Reverse Proxy in a DMZ. My question is, where should I put the SSL cert(s)? Should I a) Use a self-signed cert on the "real" web server, and a proper cert on the reverse proxy? b) Use 2 real certs on both the "real" web server and the reverse proxy? c) Don't use any cert on the "real" web server, and use a proper cert on the reverse proxy? I'd like to use a) or c), if possible. I also don't want anyone's browser complaining of a self-signed cert. Thanks

  Read the article

• Avoid access to www subdomain on secure server

  - by user44654

  I have an SSL certificate that is valid for mysite.co.uk but not www.mysite.co.uk it seems. If I use mod_rewrite or .htaccess to redirect from one to the other will this prevent browsers from displaying an invalid certificate security warning if someone tries to access www.mysite.co.uk? (I've tried redirection but still get the warning if I type https://www.mysite.co.uk directly into the address bar of my browser. I want to know if this is because the redirection isn't working or if the browser will display the warning anyway.) I hope that makes sense.

  Read the article

• Function key taken by another program, how to default it

  - by Milox

  Everytime I press the F11 key it opens up a browser window with the same URL. This happens anywhere I press it and I need this key to have it's default behavior because I use it to program on Visual Studio (Windows 7). Any ideas why this is happening and how to go back to default function keys?, I haven't installed anything that I remember can cause this behavior. This is a standard Dell desktop key board, no multimedia keys, like this one: Firing URL is http://argos:8080/Login.jsp?jsessionid=55rh3obsahm9m seems like one of our company's internal addresses but IT guys say they have no idea about it. I don't see any suspicious software that can be causing this.

  Read the article

• Possible to redirect from HTTPS to HTTP behind load-balancer?

  - by Derek Hunziker

  I have a basic ASP.NET application that sits behind an F5 load-balancer. Incoming SSL requests (over HTTPS) terminate at the load-balancer and all internal communication between the load-balancer and my application servers is unsecure (over HTTP). When a unsecure request comes in, my app is able to use Response.Redirect("https://...") to redirect a secure URL with no problems. However, the other direction appears to be impossible - I cannot redirect from HTTPS to HTTP using Response.Redirect() from my application. The URL remains HTTPS for the client and does not change. Could the F5 be preventing the redirect for ever reaching the client? Is there any special configuration necessary to let this happen?

  Read the article

• Can I pass HTTPS traffic from one port to another?

  - by Kit Sunde

  I'm doing a proxy_pass in nginx on port 80 to 8000 on my remote server, and then a port forward from 8000 to 80 from the remote to my localhost. This works great, but I'd also like to do it with https but it seems like nginx needs a valid cert to pass the traffic on. Is there a way for my remote server to simply forward the trafic from port 443 to say 8443 (and then I'll forward remote 8443 to local 443). Then terminate ssl on my development machine instead instead of needing to do it on the remote server? My remote runs ubuntu and my localhost runs osx.

  Read the article

• using modrewrite to change http to https? (not redirect)

  - by PaulHanak

  This might sound a little crazy, but bare with me. I basically have an include file, lets say inc-navigation.html, that has absolute paths (http://www.pathtoimage.com/image.com) that are on EVERY PAGE. Well, using SSL, I can't use that same include file because it is not referencing https:// What a pain! SO, I was maybe thinking of using htaccess to do a url rewrite of all references of HTTP to HTTPS when the browser requests a https page. Again, just to be clear, I don't want to "redirect", just "replace". So, I have this.... RewriteCond %{HTTPS} !=on RewriteRule ^http$ https but it doesn't seem to be working. I probably have the syntax wrong though. :) Of course, this is even if this type of thing is even possible!?

  Read the article

• Trouble with apache starting on boot with ssl api key

  - by molleman

  Im Running on Centos, the trouble is when i restart my server i need to start my apache and varnish service I use this to start both of them service httpd restart && service varnish restart But i would likw both of them to start when i reboot the server I read i could use this chkconfig httpd on But this is only for apache could i do this chkconfig varnish on Finally when i do y usual start of httpd , i am asked for my api key for SSL , am i able to incorporate this into resarting both varnish and httpd on start up. Or am i doomed to run this command everytime i resart

  Read the article

• SSL on app - nginx web server

  - by Adam

  I am running an nginx web server where I redirect all http requests to https (with a self signed cert). Here is how I REDIRECT all http requests to https in the nginx config file: server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name my.server.ip; return 301 https://$server_name$request_uri; Problem is - I cannot seem to do so for an app running on a port. Example: http://my.server.ip:1234 does not redirect to https://my.server.ip:1234 ir works fine on all other urls like http://my.server.ip/temp etc. How can I modify the nginx config file to force that app url through ssl?

  Read the article

• Replace Certificate using Plesk 11

  - by Lambda Dusk

  I am not an admin, but a programmer. But how it is, if you're the only guy who knows about computers, everyone shoves those tasks to you. A certificate of a domain recently expired. The domains are managed using Plesk 11, on a Linux system, Apache2.2. I was given a new certificate from the host, and it is one single .pem file. However, Plesk asks me for a .crt file, a private key and some CA file. I have neither, only this single .pem file the host claims to be the certificate. Since I myself never did anything with SSL certificates, I would really appreciate if anyone can tell me what to do with this file and how to properly add a new one so the old one can be removed.

  Read the article

• is it possible to ssh into ubuntu server with keys and from another computer using password?

  - by Sandro Dzneladze

  I have ubuntu server at home, and I use SSH keys to log in via terminal from my laptop. Rarely, but mostly from work, I need to access this server, but I dont want to copy keys on my work laptop - Id rather just use plain password for that. So if I enable password log in from ssh config file, it will ask me password on my laptop too even though it contains keys, right? Is there a way to stop this behavior? Thanks.

  Read the article

• Random Connections to MySQL refused (Error 111)

  - by joatis

  A Perl/CGI webapp that has been running fine for almost a year has started to randomly been unable to connect to a remotely hosted MySQL. The Error thrown is : Can't connect to MySQL server on 'xx.x.xxx.xx' (111) Reloading the page often solves the problem The client is using Perl, DBI and SSL to connect to MySQL using the same configuration file each time. MySQL 5.0 Server Running RH EL5 Quad-Core AMD Opteron(tm) Processor 2374 HE, 8 cores Real Memory: 15.73 GB total, 11.81 GB used allows networking in my.cnf max-connections are not being met load is low. The servers firewall is open to the client's subnet. The mysql user has permissions from the client's subnet. I have my host looking into the problem but so far we're all stumped as to way the occasional connection is (increasingly getting refused) Any advice what to check that would cause the random refusal of connections?

  Read the article

• Should I host my entire web application using https?

  - by user54455

  Actually my only requirement for using SSL encryption is that when a user logs in, the password is transferred encrypted. However after reading a bit about protocol switching, that an HTTPS session can't be taken over as an HTTP session etc. I've been asking myself if it's so bad to just have the entire application use HTTPS only. What are the reasons against it and how would you rate their importance? Please also mention: How much performance do I lose on server side (roughly)? How much performance do I lose on client side (roughly)? Any other problems on server / client side?

  Read the article

• TCP handshake ok, then the client isn't receiving any packets from the server

  - by infgeoax

  Topology: Client ----- Intermediate Device ----- Server Client: win7 Intermediate Device: unknown Server: CentOS 5.8 The problem occurs when the client and server are trying to establish a SSL connection. It happens to one specific port, 2000. I haven't been able to replicate the problem with other port numbers. I captured packets on both client and server. After the TCP handshake, from the client's perspective, it's not receiving ACKs for its previously sent packets so it kept re-sending them. On the server side, however, it did receive those packets and sent ACK packets. The weird thing is, after the server sent those ACKs, it received a [RST, ACK] packet, from the intermediate device, for every packet it sent. What could be the cause?

  Read the article

• ftp-client works fine. ftp-tls-client fails on one computer and works on another

  - by ispiro

  Connecting to ftp - from a Windows Server 2012 - it works both secure (-over tls) and unsecure. From a Windows 7 it succeeds unsecure but fails when secure. (Using explicit TLS and passive mode.) filezilla: 234 AUTH command ok. Expecting TLS Negotiation. Initializing TLS... Connection timed out I've tried many things but nothing helps. (I'm also trying this programmatically. For details see: http://stackoverflow.com/questions/25393716/ftp-ssl-fails-after-expecting-tls-negotiation ) The fact that it does succeed from one computer proves that the ftp server is fine. And the fact that the Windows 7 computer succeeds without tls proves that it's not a NAT/firewall problem (besides, it failed even after disabling firewall etc.). I'm not sure where to start looking. Perhaps a difference between PC Windows and Windows Server? EDIT The ftp server is on a Windows Server 2012.

  Read the article

• WCF Http Bindings, Require SSL

  - by JoshKraker

  I have the following binding I'm using with my wsHttpBinding webservice. <binding name="wsHttpConfig"> <security> <transport clientCredentialType="None"/> </security> </binding> The issue is that it allows for the client to connect using either Http or Https. I would like to require them to use SSL. I tried adding the following: <system.web.extensions> <scripting> <webServices> <authenticationService enabled="true" requireSSL = "true"/> </webServices> </scripting> </system.web.extensions> But it had no effect; client could still connect with Http. I then tried checking the "Require SSL" in the IIS7 SSL Settings and had client certificates radio set to Accept. Now, when I try to view the service I am getting the error "Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding. Registered base address schemes are [https]." Anyone know exactly how to fix this error? I have been googling for the last 3 hours trying 500 different combinations (not 500, but too many to list) and could not get anything to run.

  Read the article

• java RMI newbie-- some basic questions about SSL and auth/.rate limiting an RMI service

  - by Arvind

  I am trying to work to secure a java based RMI service using SSL. I have some basic questions about the capabilities of using SSL. Specifically, from what I understand, the client and server connecting via SSL will need to have appropriate credential certificates in both client and server, for a client to be granted access to the server. Am I correct in my understanding? Also, what I want to know is, can a person who is already using my RMI service and has access to a client machine , make a copy of the certificate in the client machine to other client machines-- and then invoke my RMI service from those other machines as well? How do I prevent such a situation from occurring? I mean, in a REST API you can use OAuth authentication, can we have some kind of authentication in an RMI Service? Also, can I possibly limit usage of the RMI service? For eg, a specific client may be allowed to make only 5000 calls per day to my RMI service, and if he makes more calls the calls occurring after the 5000 calls limit are all denied? How do I do such rate limiting and/or authentication for my RMI Service?

  Read the article

• Can't send client certificate via SslStream

  - by Jonathan

  I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

  Read the article

• Problem to Import certificate to Apache tomcat: Failed to establish chain from reply

  - by Ilya

  Hi, After I got certificate, I tried to import it as specified here: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File But I got this error: C:\Program Files (x86)\Java\jre6\binkeytool -import -alias tomcat -keystore C:\ SSL.keystore -file C:\SSL\SSL_Internal_Certificate_for_isdc-planning.cer Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply I need to import first chain certificate, by apache document Import the Chain Certificate into you keystore keytool -import -alias root -keystore \ -trustcacerts -file When I printed the certificate it's issuer is: Issuer: CN=Intranet Basic Issuing CA 2B I downloaded the chain certificates: Intranet Basic Issuing CA 1A(1).crt Intranet Basic Issuing CA 1A(2).crt Intranet Basic Issuing CA 1A.crt Intranet Basic Issuing CA 1B(1).crt Intranet Basic Issuing CA 1B(2).crt Intranet Basic Issuing CA 1B.crt Intranet Basic Issuing CA 2A(1).crt Intranet Basic Issuing CA 2A.crt Intranet Basic Issuing CA 2B(1).crt Intranet Basic Issuing CA 2B.crt Intranet Basic Policy CA(1).crt Intranet Basic Policy CA.crt Root CA.crt Issuer of Intranet Basic Issuing CA 2B.crt is Intranet Basic Policy CA and its Issuer is:Root CA certificate But I can't import 3 certificates into root alias. And imported "Intranet Basic Issuing CA 2B.crt" into root and then rerun import of tomcat alias But got the same error: keytool error: java.lang.Exception: Failed to establish chain from reply What is correct way to import correct chain certificate. Thanks in advance Ilya

  Read the article

• How can I connect to server using SSL(secure socket layer) on .NET Compact Framework

  - by net

  Hello. I want to change .NET framework v3.5 to .NET compact framework v3.5. But I can't change SSL Stream class to compact framework version. For resolving this problem, I already read some article and msdn library. http://blogs.msdn.com/cgarcia/archive/2009/08/21/enable-ssl-for-managed-socket-on-windows-mobile.aspx http://blogs.msdn.com/cgarcia/archive/2009/08/22/getting-a-managed-socket-to-talk-ssl.aspx http://msdn.microsoft.com/en-us/library/aa916117.aspx but I got an error that is "Unkown error 0x0ffffff", when invoking 'socket.connect(endPoint)' method based on thease article. In order to find the proper method, I try to use TcpClient class. but i can't solve this problem. When I try to connect to server on .NET compact framework, TcpClient class didn't work(Smart Device project and windows ce). As you can see below, I've got the error. In other hand, this code is work on .NET framework(C# console project). I can't understand why this socket can not access to server. Thanks for reading my question.

  Read the article

• QT QSslError being signaled with the error code set to NoError

  - by Nantucket

  My Problem I compiled OpenSSL into QT to enable OpenSSL support. Everything appeared to go correctly in the compile. However, when I try to use the official HTTP example application that can be found here, everytime I try to download an https page, it will signal two QSslError, each with contents NoError. The types of QSslErrors, including NoError, are documented here, poorly. There is no explanation on why they even included an error type called NoError, or what it means. Bizarrely, the NoError error code seems to be true, as it downloads the remote https document perfectly even while signaling the error. Does anyone have any idea what this means and what could possibly be causing it? Optional Background Reading Here is the relevant part of the code from the example app (this is connected to the network connection's sslErrors signal by the constructor): void HttpWindow::sslErrors(QNetworkReply*,const QList<QSslError> &errors) { QString errorString; foreach (const QSslError &error, errors) { if (!errorString.isEmpty()) errorString += ", "; errorString += error.errorString(); } if (QMessageBox::warning(this, tr("HTTP"), tr("One or more SSL errors has occurred: %1").arg(errorString), QMessageBox::Ignore | QMessageBox::Abort) == QMessageBox::Ignore) { reply->ignoreSslErrors(); } } I have tried the old version of this example, and it produced the same result. I have tried OpenSSL 1.0.0a and 0.9.8o. I have tried tried compiling OpenSSL myself, I have tried using pre-compiled versions of OpenSSL from the net. All produce the same result. If this were my first time using QT with SSL, I would almost think this is the intended result (even though their example application is popping up error warning message windows), if not for the fact that last time I played with QT, using what would now be an old version of QT with an old version of SSL, I distinctly remember everything working fine with no error windows. My system is running Windows 7 x64.

  Read the article

• JVM to ignore certificate name mismatch

  - by Heavy Bytes

  I know there were a lot of questions/answers about how to ignore SSL error in the code. On our dev region dev.domain.tld we have configured a app server over SSL. The certificate that is displayed is for somedev.domain.tld. There is no way to change the certificate, it will always be a domain mismatch. So when I deploy a web-service to https://dev.domain.tld and try to connect/call my webservice I get an exception: Caused by: java.security.cert.CertificateException: No name matching dev.domain.tld found And I have the somedev.domain.tld CERT in my trust store. Now, I saw a lot of samples how to change that in the code (using a Trust Manager that accepts all domains), but how do I specify to the JVM to ignore the domain mismatch when connecting to the server? Is there a -Djavax.net.ssl argument or something? Thank you! UPDATE: Or, since I am using Spring-WS, is there a way to set some property in Spring for that? (WebServiceTemplate) UPDATE I guess I'll have to do use something from Spring Security: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html

  Read the article

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >