Ssl What do CAs (Certificate Authority) deliver from CSR?

I need an SSL certificate for a web server. I can generate a self-signed SSL certificate with the following OpenSSL commands: openssl req -newkey rsa:512 -x509 -days 365 -nodes -out cert.pem -keyout cert.pem openssl dhparam -inform pem -in cert.pem -outform pem -out dhparam.pem 512 cat dhparam.pem >> cert.pem If I want to have a CA-signed certificate, I can generate a CSR (Certificate Signing Request) : openssl req -newkey rsa:512 -nodes -out cert.csr -keyout cert.key And send it

ssl on login form?

I have SSL on my website....when the user logs in from a http page the form action is sent to https page, would this still secure the posted data? Or would it be better to have the form and the page it is posted to both SSL? Thanks

Self-signed SSL certificates and stringWithContentsOfURL

I am requesting some data from a server with NSString#stringWithContentsOfURL:. The server is using a self-signed certificate, so stringWithContentsOfURL: simply returns nil and does not give a change to accept the certificate. This is all expected behaviour. I know how to properly do this with NSURLConnection and it's delegate methods instead, but I am looking for a shorter term fix instead of rewriting this code. (Yay deadlines) So my question is, is it possible to import the self-signed cer

Ssl HTTPS Adobe Policy crossdomain.xml Chrome / IE

With "crossdomain.xml" policy (Flash based http apps) folder applied to Http server, Https server is GET (failed) via Chrome /IE The Http server is behind a Firewall, does this prevent the Policy file from being prevented?

Ssl Will I be able to push notifications from WP8 to a Windows Store app?

I need to pass messages between a WP8 app and a Windows Store app. It's sort of a "peer-to-peer" situation in that they will both send and respond to messages from each other, but it's also sort of a "client/server" situation in that the Windows Store app will have 1..N WP8 apps that it is conversing with. After being beaten about the head and shoulders for my first ideas of trying to use either email or SkyDrive rather sneakily, I'm now considering these possible architectures: 1) Direct Push

JMeter SSL Manager doesnt work

Im trying to use client ssl certificate in JMeter to authenticate on website. The problem is that when i try to import it in SSL Manager, im not getting any message for password, anything. In configuration i've written: user.classpath=/home/m/Downloads/jre-1.7.0_09/usr/java/jre1.7.0_09/lib/ ssl.provider=com.sun.net.ssl.internal.ssl.Provider I've added user.classpath because jsse.jar stands there, but i think its not necessary. What am i doing wrong?

Sensible Way to debug SSL connections on Android (in app)

I'm looking for a sensible way to test the SSL Connections my android app is doing. I'm running charlesproxy for debugging iOS Apps, but haven't found a way to get it working yet on android. I see the connection attempts popping up in charles, but can't select them. Any idea?

SSL certificae for a local network website

My requirement is that I want to have an local network website behind ssl. I know I can create a self signed certificate but I would then need to install certificate on each client (which can be in hundreds and would not be on a domain). If I buy an ssl certificate. how would it help and what sort of ssl certificate do I need to buy? This web application communicates with two signalR servers which I also want to be behind ssl. I'll be using self signed certificate for that. I would greatly app

How to have node and django running under one SSL server?

is there a way to solve this: there is a domain example.com, on port 80 it redirects to 443 so it's always SSL connection and it passes to uwsgi via nginx. Now sockets run via a node connection on example.com:3000. Is there an easy way to have that example.com:3000 run as SSL? The reason why is that Chrome gives a warning that the site includes resources that are not SSL.

How to track down "Connection timout during SSL handshake" and "Connection closed during ssl handshake" errors

I have recently switched over to HAProxy from AWS ELB. I am terminating SSL at the load balancer (HAProxy 1.5dev19). Since switching, I keep getting some SSL connection errors in the HAProxy log (5-10% of the total number of requests). There's three types of errors repeating: Connection closed during SSL handshake Timeout during SSL handshake SSL handshake failure (this one happens rarely) I'm using a free StartSSL certificate, so my first thought was that some hosts are having trouble accepti

SSL session tickets vs session ids

To improve SSL handshake performance for not retaining(short) connections there are two separate features known widely: TLS session ids TLS session tickets In case of very many short connection sessions which mechanism in terms of performance overhead is preferable and should be used? I know server need to cache session ids, also session tickets are easily shareable in case of load balancing, but let's assume there is a single server listening on a single port(no load balancing) and it rece

LoadRunner SSL Certificate issue

I am trying to monitor a https URL using VirtualUser Generator, I have the pfx certificate of the user which is used to login as a user on the portal. I used the Openssl utility with Loadrunner to convert the same to PEM and used web_set_certificate_ex on my script but still I see the script demands user certificate for the user. Please help...

Ssl Instagram HTTPS User Profile

I'm working on a Facebook application. I want to display instagram user profile photos. So I need HTTPS URLs... And i'va find only this : http://images.ak.instagram.com/profiles/profile_183641024_75sq_1372016363.jpg Any idea? Thank you.

Ssl Single Logout with CAS

I have an environment with a cas server and any java clients. I'm facing a problem with single logout with all clients, because, the client do a redirect to path /cas/logout and only this session is logged out. The ticket inside the cookie CASTG is cleaned up, but the user yet can access other applications, but, when the client try access the application that user did redirect to /cas/logout, the cas server asks user credentials. According I saw when you do a request to a /cas/logout this works

Ssl Site functionality diminished over VPN/company network

We currently experience a diminished with one of our customers at our main production site. All subpages and resources seem to be affected as well. The customer reports a completely broken experience for themselves with the site not working correctly at all, mostly due to assets not loading correctly. We already started investigating and have found that - so far - nothing seems to be wrong with the site itself. Quick rundown: The production site has a Cloudflare layer and almost all of it'

Ssl cURL not respecting ciphers

I'd like to test the usage of certain ciphers with cURL, but it doesn't seem to respect the --ciphers option: curl -vvv --tlsv1.0 --ciphers 'RC4-SHA' https://my.url.com/alive * Hostname was NOT found in DNS cache * Trying ip... * Connected to my.url.com (ip) port 443 (#0) * TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * Server certificate: *.url.com * Server certificate: DigiCert SHA2 Secure Server CA * Server certificate: DigiCert Global Root CA > GET /alive HTTP/1.1 > U

Ssl Why do we need to install digital certificate?

The question may sound a bit stupid but I really want to know this. When we download a file, say abc.exe, it is digitally signed with some digital certificate of some organisation. Why do we need to install that certificate? What is the use of it? What if we dont install it? When I run certmgr.msc in my windows system, I see some certificates already installed. What do they mean?

GoProxy SSL interception in golang

I am trying to block requests to anything over HTTPS It works perfectly for HTTP, however HTTPS seems able to completely avoid my proxy. I am using foxyproxy in firefox to set it to use my proxy. The following code will print the URL when the request from the browser requests over HTTP, but over HTTPS I see nothing. Any ideas why?? func DropHTTPS() net.Listener { listener, _ = net.Listen(CONN_TYPE, CONN_HOST+":"+CONN_PORT) proxy := goproxy.NewProxyHttpServer() proxy.OnRequest().D

Ssl PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

I was trying to intall the WSO2 Private PaaS 4.0.0 on HP Helion Public Cloud (formerly HP Cloud). the install finished withe following errors Starting WSO2 IS core service... nohup: ignoring input and redirecting stderr to stdout Restoring from the Original template file /home/ubuntu/paas/resources/json/os/partition.json Deploying partition at /home/ubuntu/paas/resources/json/os/partition.json {"Error":{ "errorCode": " 400", "errorMessage": " Invalid Partition Detected : P1. Cause: sun.securit

Ssl Private Key not present after certificates chain importation

I have installed four certificates as my CA suggests me but once I list certificates any private key is showed: keytool -list -keystore ertstore02.keystore -storepass pass4certstore02 Keystore type: JKS Keystore provider: SUN Your keystore contains 4 entries root, Sep 4, 2015, trustedCertEntry, Certificate fingerprint (SHA1): XX:XX:X:XX latiendamiga.com, Sep 4, 2015, trustedCertEntry, Certificate fingerprint (SHA1): XX:XX:X:XX intermed, Sep 4, 2015, trustedCertEntry, Certificate fingerpri

Ssl CentOS7: Are you trying to connect to a TLS-enabled daemon without TLS?

I've installed Docker on CentOS7, now I try to launch the server in a Docker container. $ docker run -d --name "openshift-origin" --net=host --privileged \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp/openshift:/tmp/openshift \ openshift/origin start This is the output: Post http:///var/run/docker.sock/v1.19/containers/create?name=openshift-origin: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS? I have tried the s

SSL Page embedding Non-SSL video from Vimeo

I am using an iframe to embed video from Vimeo in our Moodle LMS. My code works perfectly in Chrome, IE and Firefox, but not Safari. I am using the standard Vimeo API to embed the video. I know the issue is SSL related because I can remove the S from HTTP in the url and the embedded video works perfectly. I can't run our LMS in an unsecured environment, and the videos are no threat, but vimeo will not stream their video using ssl because of the overhead. Anyone have a solution that works across

Ssl Loading intermediate certificate into Infoblox NIOS

We have an SSL/TLS certificate loaded into an infoblox NIOS appliance that is one of the newer/cheaper certificates that usually require an intermediate certificate to complete verification of authenticity in modern web browsers. The infoblox NIOS appliance server is no longer under support, and the documentation explicitly states that loading an intermediate certificate is supported. However, it does not specify how to accomplish that. Trying to load the certificate and intermediate as a bundl

Ssl How secure is the https connection if the client not passes certificate

We have a web server running on linux machine where we configured 'SSLVerifyClient' as 'require' in ssl.conf file. Does this needs client who is utilizing the service from web browser(like firefox or chrome) needs a certificate. If yes, then it is not possible to distribute client certificate to every user as there can be some thousands of users, how to overcome this problem. If no, then how the data passed over network is secure? I know that certificate helps in encrypting data so that no o

Why SSL certificates are signed with private key?

As far as I read all the SSL certificates are signed using public key of the asymmetric pub/priv key pair. But all (atleast what I checked) the examples out there on internet are using private key One way I found for self-signing is using below command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 Other way I found is: sudo openssl genrsa -out mykey.key 2048 sudo openssl req -new -key mykey.key -out mycsr.csr sudo openssl x509 -req -days 365 -in mycsr.csr -sig

Ssl HSTS preload list - possible SEO issue for www sites

Let me explain a real world situation here. I run the website https://www.liloo.ro and I want to enable HSTS (+HSTS preload) for it. The problem is that in order to submit it to the preload list the main domain has to respond with a HSTS header. Let me be more precise: In order to submit a site to the preload list and meet the requirements the first redirect has to be to the https version of the main domain. In my case I can't redirect from http directly to https + www -> I have to redirect

Squid reverse proxy single domain SSL

Trying to setup squid to cache content from our AWS Cloudfront distribution media.ourdomain.com is a CNAME for our Cloudfront distribution Squid configuration snippet (using 3.5.6) https_port 443 accel no-vhost defaultsite=media.ourwebsite.com cert=/var/squid/certs/media.ourwebsite.com.crt key=/var/squid/certs/media.ourwebsite.com.key cache_peer media.ourwebsite.com parent 443 0 no-query originserver ssl name=ourwebsite forceddomain=media.ourwebsite.com acl ourwebsite_1 dst

Ssl FTPS explicite talend issue

i can upload file on FTP server with tFTPPut Talend SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page

Realm Object Server - SSL configuration causes ROS to fail start

Ubuntu 16.04 / ROS v1.3.0 I am attempting to configure my ROS to use secure SSL connections. If I do not make any changes to the configuration.yml - ROS is fine. I can sync and use the dashboard as I would expect. I have obtained an SSL cert from Letsencrypt. I used the CertBot in standalone mode so that I did not have to install or configure Nginx. (My preference is to not install yet another tech/layer - keep it clean!) I have the following certificates/key stored in this folder: /etc/l

SSL certs on node.js servers running websockets secure (WSS)

So I have a bunch of express node servers that run websockets (ws) just fine and i am looking to transition into using wss (websockets secure). I've got the https server running and wss even works on local host using a self-signed certificate. But my problem is getting it working in a production environment. It seems self-signed certs close silently (without the user getting a prompt to sign) for wss connections. When I try to use a purchased cert from a domain authority, i get "NET::ERR_CERT_CO

Ssl Golang certificate validation

I'm using Go to perform HTTPS requests with a custom root CA. The root CA is the only certificate I have on my side. My code looks like this: // performRequest sets up the HTTPS Client we'll use for communication and handle the actual requesting to the external // end point. It is used by the auth and collect adapters who set their response data up first. func performRequest(rawData []byte, soapHeader string) (*http.Response, error) { conf := config.GetConfig() // Set up the certificate h

Ssl Playframework in production (http & https) - error

Do you have any idea what is going on? Is the path on conf file? How can I fix to find this file on production mode? On dev mode the project is working without problems. The idea is to run on production mode on the server. But when I generate in production mode -> sbt dist and execute to run I got the follow errors: [error] p.c.s.NettyServer - cannot load SSL context java.lang.reflect.InvocationTargetException: null at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native

Is it possible to have wildcard with SAN entries with `*` in 2nd label in single SSL certificate

please help to find the answer to 3 questions. 1. Is it possible to buy one single certificate for domain mydomain.com which would work as the wildcard for *.mydomain.com and has SAN record for label1.*.mydomain.com and label2.*.mydomain.com? 2. How much it would be costs to add one more SAN record like label3.*.mydomain.com? 3. How long it takes to add one more SAN record like label3.*.mydomain.com?

Mount dir gets error in GlusterFS storage cluster with SSL/TLS encryption

There is something wrong with my GlusterFS storage cluster using SSL/TLS encryption. I've been trying for several days in many ways. I hope someone could help me. First, I enabled GlusterFS's SSL and restarted glusterd in every peer node. Then, GlusterFS volume afr_vol_1's SSL would be enabled and be mounted on /mnt/gluster by GlusterFS native client. Normally, I can read or write repeatly if there are only sub-files in my mount dir. However, my mount dir would get error if sub-dirs in my m

Ssl HTTP Client error: asn1: structure error: base 128 integer too large

I have got a very basic app in Go, with the following code: var client = &http.Client{ Timeout: time.Duration(30 * time.Second), } // skipped payload ... response, err := client.Post(apiUrlLogin, contentType, &payload) err returns with: Post https://xxx/api/login: tls: failed to parse certificate from server: asn1: structure error: base 128 integer too large Go version is go version go1.10.2 darwin/amd64 The certificate is self issued (corporate), I tried making POST reque

Configuring Imported Self Signed SSL Certificate to SQL Server Express

I've created a self-signed certificate and configured with SQL Server Express. The encryption works fine on my PC. When I export the certificate to another PC I can import fine and can see the certificate in MMC under Personal > Certificates. However when I try to configure with SQL Server Express on the new PC, the certificate does not appear in the dropdown. Any suggestions? I have tried a few things suggested on other forums Making sure the private key is exported Making sure the cer

Ssl Customizing Client Authentication in IBM WebSphere

We have an application running in WAS 8.5 server. The application has two external Service invocations, hitting 2 different third-party systems, in which one Service (Service2/Server2) requires Client Authentication. Please refer the diagram for reference. Server2 <-- Client --> Server1 Handshake Diagram For Server1, we have shared a Client Certificate with them and the handshaking is perfect. For Server2, which doesn't required Client Aunthentication, fails during handshaking. What w

Ssl Kubernetes on AWS: Preserving Client IP with nginx-ingress + cert-manager

We have setup Kubernetes with nginx-ingress combined with cert-manager to automatically obtain and use SSL certificates for ingress domains using LetsEncrypt using this guide: https://medium.com/@maninder.bindra/auto-provisioning-of-letsencrypt-tls-certificates-for-kubernetes-services-deployed-to-an-aks-52fd437b06b0. The result is that each Ingress defines its own SSL certificate that is automatically provisioned by cert-manager. This all works well but for one problem, the source IP address of

ActiveMQ SSL - Reload truststore with out restart broker

Im using activeMQ as my messages server. In order to keep it secure between the server and the clients (producer/consumer), I added to the activemq.xml a ssl context section that tells the activemq when it starts, with which keystore and truststore file to use. In case the truststore has be updated with a new certifiate, I would like the activemq to reload the truststore without restart the broker itself. Is there any way t do it? I found something similer in the link below but I don't know this

Ssl certbot wildcard certificate mismatch

I am creating SSL certificate with certbot with this command: sudo certbot certonly --manual --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.foo.bar --email foo@bar.com in nginx configuration I am giving fullchain.pem and priveKey.pem for SSL handshake. everything is ok with no error. but the problem is when I am trying to reach https://jjj.foo.bar it says the certificate is not trusted. but I can accept and proceed to my request. so I check

Add SSL Cert to Net Core application in Windows VPS

So, I currently have a net core web api running in a windows VPS (amongst other things). When I make requests to this api, I would like to do so using https. It seems I need to have an SSL Cert on this VPS (which does not have a domain, just an IP). The https API is on xxx.xxx.xxx.xxx:443 The net core application is published into a self-contained package and run as an .exe (i think using IIS express) Ideally I would like to use a free SSL cert from something like zerossl.com or any viable al

Arduino (ESP8266) with AWS: Cant setup SSL connection

Im using a standart ESP8266 (No NodeMCU) to connect with AWS: and everything goes normally, I can upload the code to my module: Im using the libraries 2.5 for esp8266 I already did my part in AWS /* ESP8266 AWS IoT demo Simple demo code to provide static data into AWS IoT platform #include <ESP8266WiFi.h> #include <AmazonIOTClient.h> #include > Esp8266HttpClient httpClient; Esp8266DateTimeProvider dateTimeProvider; AmazonIOTClient iotClient; ActionError actionError; const

twisted check client SSL trustRoot value

I'm working on a twisted server where there should be a two way SSL handshake. I'm very new to working with these tools so I'm not sure how to set this option. This is my reactor: def main(reactor): with open('/opt/ssl/cert.pem') as f: certdata = f.read() with open('/opt/ssl/issuer.pem') as f: issuer_certdata = f.read() log.info("SSL Certificate Loaded.") certificate = ssl.PrivateCertificate.loadPEM(certdata) issuer_certificate = ssl.PrivateCertificate.loadPEM(i

Ssl Kafka Schema Registry - StoreInitializationException: Timed out trying to create or validate schema topic configuration

i'm trying to configure schema registry to work with SSL, i have already zookeeper and kafka brokers working with the same SSL keys. but whenever i start the schema-registry i get the following error ERROR Error starting the schema registry(io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication) io.confluent.kafka.schemaregistry.exceptions.SchemaRegistryInitializationException: Error initializing kafka store while initializing schema registry Caused by: io.confluent.kafka

Ssl Where can I pass the properties file in Datastage when using Kafka Connector

There are some properties that I want to change as, for instance, security.protocol from SASL_PLAINTEXT to SASL_SSL. But the Kafka Connector in Datastage has very limited number of properties (host, use kerberos, principal name, keytab, topic name, consumer group, max poll records, max messages, reset policy timeout and classpath) While reading this documentation the very first thing to do is to pass the JAAS configuration file. But my question is: Where should I put this file? In the Datasta

Pros and cons of configuring SSL certificate in webserver vs Kubernetes Ingress/OpenShift route level

Assume I have a Python application/JBoss application. I can setup my SSL certificate at server level For instance in Python 3 using SimpleHTTPServer: def main(): key_file = "/etc/letsencrypt/live/mydomain.fr/privkey.pem" cert_file = "/etc/letsencrypt/live/mydomain.fr/fullchain.pem" port = 9443 httpd = HTTPServer(('0.0.0.0', port), SimpleHTTPRequestHandler) httpd.socket = ssl.wrap_socket(httpd.socket, keyfile=key_file,

  1    2   3   4   5   6  ... 下一页 最后一页 共 39 页