Search Results

Search found 3314 results on 133 pages for 'certificate authority'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 85/133 | < Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >

  • How do I resolve the error "Binding already being used by a product other than IIS"

    - by magnifico
    I have an SSL cert with its own unique IP address on a 2008 R2 server. I have created a basic website using IIS Manager, with a file called “Hello.html” in the root. When trying to add an https binding I receive the following error after choosing my certificate: This binding is already being used by a product other than IIS. If you continue you might overwrite the existing certificate for this IP Address:Port combnation. Do you want to use this binding anyway?" I click Yes to this prompt and the binding is created. When I try to retrieve my file using the server’s own browser, the request times out. I have another server which has a shared configuration with this one, and it works fine. Does anyone have any suggestions how to find out which application may be using this binding other than IIS, and how to resolve?

    Read the article

  • Resolving “ssl handshake failure” error in PostgresQL

    - by Mitch
    I would like to connect to my Postgres 8.3 database using SSL from my XP client using OpenSSL. This works fine without SSL. When I try it with SSL (no client certificate), I get the error: error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure I have followed the instructions in the Postgres manual for SSL including creating a self-signed certificate. In my pg_hba.conf there is a line: host dbname loginname 123.45.67.89/32 md5 The version of OpenSSL on the server is 0.9.8g and on the client is 0.9.8j. I'd appreciate any suggestions for tracking down the problem. Edit: The uncommented lines from postgresql.conf are: data_directory = '/var/ebs0/postgres/main' hba_file = '/etc/postgresql/8.3/main/pg_hba.conf' ident_file = '/etc/postgresql/8.3/main/pg_ident.conf' external_pid_file = '/var/run/postgresql/8.3-main.pid' listen_addresses = '*' port = 5432 max_connections = 100 unix_socket_directory = '/var/run/postgresql' ssl = true shared_buffers = 24MB

    Read the article

  • Windows Server 2008 R2 LDAPS

    - by Chad Moran
    I have a Server 2008 R2 server with ADDS installed. I'm trying to configure HP's ILO utility to connect to it over SSL. I installed the Active Directory Certificate Service, after doing so I'm still not able to connect to LDAP over SSL. I checked the event log and it's showing warnings with Event ID 36886 saying that there aren't default credentials yet. I'm not too sure why this is happening. I haven't done anything with ADCS other than installing the service do I need to create a certificate for the server?

    Read the article

  • Resolving “ssl handshake failure” error in PostgresQL

    - by Mitch
    I would like to connect to my Postgres 8.3 database using SSL from my XP client using OpenSSL. This works fine without SSL. When I try it with SSL (no client certificate), I get the error: error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure I have followed the instructions in the Postgres manual for SSL including creating a self-signed certificate. In my pg_hba.conf there is a line: host dbname loginname 123.45.67.89/32 md5 The version of OpenSSL on the server is 0.9.8g and on the client is 0.9.8j. I'd appreciate any suggestions for tracking down the problem. Edit: The uncommented lines from postgresql.conf are: data_directory = '/var/ebs0/postgres/main' hba_file = '/etc/postgresql/8.3/main/pg_hba.conf' ident_file = '/etc/postgresql/8.3/main/pg_ident.conf' external_pid_file = '/var/run/postgresql/8.3-main.pid' listen_addresses = '*' port = 5432 max_connections = 100 unix_socket_directory = '/var/run/postgresql' ssl = true shared_buffers = 24MB

    Read the article

  • Dedicated IP for SSL

    - by MotionGrafika
    I'll be needing a Dedicated IP & SSL for a website. I've noticed that SSL will work for either www or canonical name - but not both. So does mean that Dedicated IP would be set to only one of them ? If I set SSL for www then if a user goes to a URL manually without the www it would show invalid certificate - how do I bypass this ? mod_rewrite in htaccess ? IF I need SSL for a subdomain, thats another SSL Certificate & Dedicated IP to purchase ?

    Read the article

  • Exposing the AnyConnect HTTPS service to outside network

    - by Maciej Swic
    We have a Cisco ASA 5505 with firmware ASA9.0(1) and ASDM 7.0(2). It is configured with a public ip address, and when trying to reach it from the outside by HTTPS for AnyConnect VPN, we get the following log output: 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Built inbound TCP connection 2889 for outside:<client-ip>/51000 (<client-ip>/51000) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Built inbound TCP connection 2890 for outside:<client-ip>/50999 (<client-ip>/50999) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Teardown TCP connection 2889 for outside:<client-ip>/51000 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Teardown TCP connection 2890 for outside:<client-ip>/50999 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency We finished the startup wizard and the anyconnect vpn wizard and here is the resulting configuration: Cryptochecksum: 12262d68 23b0d136 bb55644a 9c08f86b : Saved : Written by enable_15 at 07:08:30.519 UTC Mon Nov 12 2012 ! ASA Version 9.0(1) ! hostname vpn domain-name office.<redacted>.com enable password <redacted> encrypted passwd <redacted> encrypted names ip local pool vpn-pool 192.168.67.2-192.168.67.253 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.68.250 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address <redacted> 255.255.255.248 ! ftp mode passive dns server-group DefaultDNS domain-name office.<redacted>.com object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.68.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=vpn proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 <redacted> quit crypto ca certificate chain ASDM_TrustPoint0 certificate f678a050 <redacted> quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.68.0 255.255.255.0 inside ssh timeout 5 console timeout 0 vpn-addr-assign local reuse-delay 60 dhcpd auto_config outside ! dhcpd address 192.168.68.254-192.168.68.254 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 inside ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside enable inside anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-3.1.01065-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-3.1.01065-k9.pkg 3 anyconnect profiles GM-AnyConnect_client_profile disk0:/GM-AnyConnect_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_GM-AnyConnect internal group-policy GroupPolicy_GM-AnyConnect attributes wins-server none dns-server value 192.168.68.254 vpn-tunnel-protocol ikev2 ssl-client default-domain value office.<redacted>.com webvpn anyconnect profiles value GM-AnyConnect_client_profile type user username <redacted> password <redacted> encrypted tunnel-group GM-AnyConnect type remote-access tunnel-group GM-AnyConnect general-attributes address-pool vpn-pool default-group-policy GroupPolicy_GM-AnyConnect tunnel-group GM-AnyConnect webvpn-attributes group-alias GM-AnyConnect enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:12262d6823b0d136bb55644a9c08f86b : end Clearly we are missing something, but the question is, what?

    Read the article

  • puppet master REST API returns 403 when running under passenger works when master runs from command line

    - by Anadi Misra
    I am using the standard auth.conf provided in puppet install for the puppet master which is running through passenger under Nginx. However for most of the catalog, files and certitifcate request I get a 403 response. ### Authenticated paths - these apply only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path ~ ^/certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # unconditionally allow access to all file services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * path /facts auth any method find, search allow * # this one is not stricly necessary, but it has the merit # of showing the default policy, which is deny everything else path / auth any Puppet master however does not seems to be following this as I get this error on client [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose --server bangvmpllda02.XXXXX.com [sudo] password for amisr1: Starting Puppet client version 3.0.1 Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /certificate_revocation_list/ca [find] at :110 Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [search] at :110 Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [find] at :110 Could not retrieve file metadata for puppet://devops.XXXXX.com/plugins: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /file_metadata/plugins [find] at :110 Error: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /catalog/blramisr195602.XXXXX.com [find] at :110 Using cached catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: Error 403 on SERVER: Forbidden request: XX.XXX.XX.XX(XX.XXX.XX.XX) access to /report/blramisr195602.XXXXX.com [save] at :110 and the server logs show XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/certificate_revocation_list/ca? HTTP/1.1" 403 102 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/file_metadatas/plugins?links=manage&recurse=true&&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22&checksum_type=md5 HTTP/1.1" 403 95 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:52 +0530] "GET /production/file_metadata/plugins? HTTP/1.1" 403 93 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:53 +0530] "POST /production/catalog/blramisr195602.XXXXX.com HTTP/1.1" 403 106 "-" "Ruby" XX.XXX.XX.XX - - [10/Dec/2012:14:46:53 +0530] "PUT /production/report/blramisr195602.XXXXX.com HTTP/1.1" 403 105 "-" "Ruby" thefile server conf file is as follows (and goin by what they say on puppet site, It is better to regulate access in auth.conf for reaching file server and then allow file server to server all) [files] path /apps/puppet/files allow * [private] path /apps/puppet/private/%H allow * [modules] allow * I am using server and client version 3 Nginx has been compiled using the following options nginx version: nginx/1.3.9 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/apps/nginx --conf-path=/apps/nginx/nginx.conf --pid-path=/apps/nginx/run/nginx.pid --error-log-path=/apps/nginx/logs/error.log --http-log-path=/apps/nginx/logs/access.log --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/nginx --add-module=/apps/Downloads/nginx/nginx-auth-ldap-master/ and the standard nginx puppet master conf server { ssl on; listen 8140 ssl; server_name _; passenger_enabled on; passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_min_instances 5; access_log logs/puppet_access.log; error_log logs/puppet_error.log; root /apps/nginx/html/rack/public; ssl_certificate /var/lib/puppet/ssl/certs/bangvmpllda02.XXXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } Puppet is picking up the correct settings from the files mentioned because config print command points to /etc/puppet [amisr1@bangvmpllDA02 puppet]$ sudo puppet config print | grep conf async_storeconfigs = false authconfig = /etc/puppet/namespaceauth.conf autosign = /etc/puppet/autosign.conf catalog_cache_terminus = store_configs confdir = /etc/puppet config = /etc/puppet/puppet.conf config_file_name = puppet.conf config_version = "" configprint = all configtimeout = 120 dblocation = /var/lib/puppet/state/clientconfigs.sqlite3 deviceconfig = /etc/puppet/device.conf fileserverconfig = /etc/puppet/fileserver.conf genconfig = false hiera_config = /etc/puppet/hiera.yaml localconfig = /var/lib/puppet/state/localconfig name = config rest_authconfig = /etc/puppet/auth.conf storeconfigs = true storeconfigs_backend = puppetdb tagmap = /etc/puppet/tagmail.conf thin_storeconfigs = false I checked the firewall rules on this VM; 80, 443, 8140, 3000 are allowed. Do I still have to tweak any specifics to auth.conf for getting this to work?

    Read the article

  • How to Fix Mail Server SSL?

    - by Noah Goodrich
    Our mail server was originally setup using self-created certificates, however when those expired and I tried to recreate them, the whole thing just blew up. Since I know it will be important, we are running a Debian server and Postfix. Now I see these errors generated in the mail logs: May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.cert May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.cert','r'): May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720: May 15 08:06:34 letterpress postfix/smtpd[22901]: cannot load RSA certificate and key data And when trying to access email from a client like Thunderbird from outside our local network, you receive "Unable to connect to smtp server". Update: I have verified that the file does exist. The current owner of the file is root:root. Does this need to be changed?

    Read the article

  • ADFS 2.0 and WebEx

    - by DavisTasar
    We have a brand new deployment going on, where our University has purchased WebEx MeetingPlace. We have the Cisco CallManager component working, but the integration with Single Sign On with ADFS 2.0 has been nothing short of torture. The biggest problem I'm working with is that we use Split-Brain DNS, and our internal domain name versus external domain name is different. Trying to determine what credentials are getting passed back and forth, certificate errors for using the self-signed certificate, etc. Does anyone have any experience with this, or something similar? Do you have any tips, or watch-out-for-this, etc.? I've not worked with a Federated Authentication system before, and this scenario is very black-box-esque. Sorry, I'm also partially ranting as I'm frustrated.

    Read the article

  • Secure Connection Failed using Firefox

    - by Saifallah
    I'm using Firefox 5 with some add-ons that require an external connection to a certain server (lastPass & Xmarks). I'm using the connection from my company, and every while & then I get a pop-up; Secure connection failed. This certificate in not trusted because the certificate issuer isn't trusted. (Error code: sec_error_untrusted_issuer) This also occurs using other versions of Firefox. Thanks in advance.

    Read the article

  • Using curl -s in *nix command line not working for some reason

    - by JM4
    I am trying to install composer (though to be honest I really have no idea how it fully works and documentation seems to be quite poor) on my MediaTemple DV machine. I am using their [instructions][1] Trying to install globally using: $ curl -s https://getcomposer.org/installer | php My command line (again using putty and logged into my server as root) thinks for a second, then sets up for next prompt. I run a simple ls -l to check for the file it should have downloaded with no luck. Any idea what could be causing the issue? I have tested and do in fact have curl installed. UPDATE 1 Based on the first answer, the verbose response is: > $ curl -vs https://getcomposer.org/installer | php > * About to connect() to getcomposer.org port 443 > * Trying 37.59.4.156... connected > * Connected to getcomposer.org (37.59.4.156) port 443 > * successfully set certificate verify locations: > * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none > * SSLv2, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server key > exchange (12): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS > handshake, Client key exchange (16): SSLv3, TLS change cipher, Client > hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change > cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL > connection using DHE-RSA-AES256-SHA > * Server certificate: > * subject: /C=CH/CN=dl.packagist.org/[email protected] > * start date: 2012-07-07 23:25:35 GMT > * expire date: 2013-07-10 02:55:12 GMT > * SSL: certificate subject name 'dl.packagist.org' does not match target host name 'getcomposer.org' > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > > > [1]: http://getcomposer.org/doc/00-intro.md

    Read the article

  • Puppet master/agent basic setup

    - by lewap
    I'm trying to setup a basic puppet agent/master use-case with an agent server and a master. I've setup two servers with puppet and puppet master respectively. After the following setup of both servers: puppet master --no-daemonize --verbose puppet agent --test puppet cert --list to get the list, puppet cert --sign to sign it. puppet agent --test I get the message: err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: hostname was not match with the server certificate What do I need to do in order to get the agent/master to be able to talk to each other?

    Read the article

  • CentOS openLDAP cert trust issues

    - by 84104
    # LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. # openssl s_client -connect ldap.domain.tld:636 -CApath /etc/ssl/certs <... successful tls negotiation stuff ...> Compression: 1 (zlib compression) Start Time: 1349994779 Timeout : 300 (sec) Verify return code: 0 (ok) --- openssl seems to think the certificate is fine, but openldap's libraries (pam_ldap exhibits similar behavior, which is how I got on to this mess) disagree. What am I doing wrong?

    Read the article

  • How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?

    - by Alexander Artemenko
    I want to force ssl client verification for on of my virtual hosts. But get "No required SSL certificate was sent" error, trying to GET something from it. Here are my test configs: # defaults ssl_certificate /etc/certs/server.cer; ssl_certificate_key /etc/certs/privkey-server.pem; ssl_client_certificate /etc/certs/allcas.pem; server { listen 1443 ssl; server_name server1.example.com; root /tmp/root/server1; ssl_verify_client off; } server { listen 1443 ssl; server_name server2.example.com; root /tmp/root/server2; ssl_verify_client on; } First server replies with 200 http code, but second returns "400 Bad Request, No required SSL certificate was sent, nginx/1.0.4". Probably, it is implossible to use ssl_verify_client on the same IP? Should I bind these servers to different IPs, will it solve my problem?

    Read the article

  • Setting up SSL with 389 Directory Server for LDAP authentication

    - by GioMac
    I've got 389 Directory Server running on RHEL 5 with groups, users, posix etc. RHEL clients are authenticating users with LDAP - no problems, everything works perfect, but passwords are sent in plaintext and are visible with network sniffer. So, decided to run with SSL: Created CA - got both private and public CA certificates Using CA certs: generated both of private and public certificates and combined (1st file) for 389DS according to 389DS certificate request, imported with CA public cert to 389DS from graphical console (2nd file). Enabled SSL in 389DS On the client, using authconfig-gtk enabled SSL for LDAP, specified only CA public certificate Doesn't work. Howto? What is the best way to integrate safely?

    Read the article

  • stunnel: SSL-to-SSL? (for smtp/imap)

    - by nonot1
    Hello, How can I configure stunnel to accpet SSL connections, and connect then to an SSL port on a different server? Here is my setup: Our ISP's server, "Mail Server", supports smtp/imap over SSL. (Not starttls. Just over ssl.) But, I have a bunch of client machines that will only trust a specific, internal, root certificate. Thus, they can not connect to "Mail Server". For these client machines, I'd like to make a dedicated "Mail Tunnel" host that uses stunnel to listen with an in-house signed SSL certificate, and just forward data to "Mail Server" using a 2nd SSL connection. Can this be done? What would be the specific steps for Ubuntu Server 10.10? (I'm not too familiar with persistent service configuration.) Thank you

    Read the article

  • SVN help:: svn: invalid option: --trust-server-cert

    - by JP19
    Hi, I want to bypass certificate checking. I tried using svn --trust-server-cert update, but I get an error, svn: invalid option: --trust-server-cert. I am on ubuntu and the svn version is 1.5.4. Is there any other way to bypass the certificate? Ubuntu won't automatically update my svn to 1.6.xx, which I think has this option. (In any case, I have heard that 1.6.xx has compatibility problems with some apache modules so is not fully safe to install?). Anyone with a suggestion? Thanks JP

    Read the article

  • Apache Redirect from https to https

    - by Nikolaos Kakouros
    I am trying to redirect without a rewrite rule from eg https://www.domain.com to https://www.domain.net . I have a wildcard certificate for *.domain.net . This yields the following warning in my error_log [warn] RSA server certificate wildcard CommonName (CN) `*.domain.net' does NOT match server name!? This makes sense and I understand why the warning. I would like to ask if there is a way to use the Redirect directive to accomplish the above without the warnings. Here is my virtual hosts in ssl.conf: <VirtualHost *:443> SSLEngine on ServerName www.domain.net DocumentRoot /var/www/html/domain SSLOptions -FakeBasicAuth -ExportCertData +StrictRequire +OptRenegotiate -StdEnvVars SSLStrictSNIVHostCheck off </VirtualHost> <VirtualHost *:443> SSLEngine on ServerName www.domain.com ServerAlias www.domain.info Redirect permanent / https://www.domain.net </VirtualHost> Also, if there is a solution, can it be used for redirection from htps://domain.com to htps://www.domain.com? Thanks a lot!

    Read the article

  • apache, shibboleth, load balancing aliase, ssl

    - by Nikolaidis Fotis
    Good morning folks Could you give me a bit of help with the following problem ? I have a dns load balancing mechanism and an alias (hostAlias) which may point to host01, or host02 I want to configure apache and shibboleth to work with that alias. What happens is ... User types : https://hostAlias (it points to host01) apache host01 : redirect to shibboleth shibboleth host01 : redirect to **https://hostAlias.cern.ch/Shibboleth.sso/ADFS** Now, there are two cases. Either this time hostAlias will point again to host01 , or it will point to host02. If it points to host02, host01 will not get the anwser and the authentication fails. Also, about ssl certificates, I guess that each host will need its own certificate. right ? Should I need a certificate with DNS aliases ? Thanks in advance !

    Read the article

  • Outlook Anywhere remote https connection issue

    - by holian
    We have SBS 2003, and we use DYNDNS. We forward dyndns address 443 to local server ip 443 port. mycompany.dyndns.org:443 -- server.mycompany.local:443 In android phone i can check my mails with Outlook Active Snyc. From remote machine i can check my mails in owa (https://mycompany.dyndns.org/exchange) But i can't set up outlook 2013 to remote connect. I installed server.mycompany.local to remote machine trusted cert container, but i got error message: "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Outlook is unable to connect to the proxy server. (Error Code 10)" Is it possible to connect exchange, via dnydns? Whats the problem? Thank you

    Read the article

  • Issue with https:// url going to an unknown location

    - by Brandon
    We have a website (ASP.NET/Plesk 9.5.5) that can be accessed just fine through the regular URL (http://example.com). However when accessing the site through https://example.com the site displays the invalid security certificate warning, which is fine since we don't have an SSL certificate. If I add an exception, I'm sent to a completely separate site that is apparently hosting a malware script (I'm still on https://example.com though). Because of this Google has flagged the site as dangerous. I can't find anything in the Plesk panel that would help fix this, and as far as I can tell those files don't exist on our server. How do I tell where the https:// link is sending me? I'm not that familiar with DNS, but is that what is causing this behavior?

    Read the article

  • Outlook 2007 Autodiscover Out Of Office Assistant

    - by Adam
    Hi We are having an issue trying to set the Out Of Office Assistant through Outlook 2007. It works fine through OWA but all of the users cannot set it through Outlook. They get: your out of office settings cannot be displayed because the server is unavailable We have run through: https://www.testexchangeconnectivity.com/ and we get this error: Certificate name validation error More info: Host name xxxxxxxxxxxx.com does not match any name found on the server certificate CN=*.securedwebspace.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT93715821, O=*.securedwebspace.com, C=GB Any ideas on how we can fix this? (Everything else seems to work fine - Its just the Out of Office through Outlook) Server is SBS 2008 with Exchange 2007 installed. Thanks

    Read the article

  • Client side certificates in client browsers with unix server for management

    - by user146253
    We are currently running Unix dedicated servers for everything (Web cluster, database, FTP, batch, ...) except for a Microsoft Active Directory Certificate Services. The sole purpose of this Windows box is to provide client side certificates to our clients browsers. All our clients are required to install a client side certificate on order for them to be able to access our website. Is there an alternative in the Unix space? The purpose is to make sure only the approved hardware of an approved client can access our website. I'm open for any solution that provides me with this level of security. We are however talking about thousands of certified computers just so you can factor that in in a proposed solution. Optionally we would also like to be able to revoke access. With Regards.

    Read the article

  • How to add entry for primary and secondary intermediate cert in ssl apache

    - by Huzefa
    I have 1 intermediate certificate with name intermediate.crt But my providing is saying to add 2 certificates primary and secondary. But how to add it in ssl configuration file. Currently I have added only secondary certificate as below SSLCertificateChainFile "/usr/local/apache2/conf/extra/intermediate.crt" But now as my ssl provider is saying to add 2 certificates then what entry i have to do in my ssl.conf file. Or I can also use bundle.pem file which contains both the certificates in 1 file. Let me know how to add bundle.pem file also.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >