how can i change my http secure pages to https in cpanel
- by testkhan
how can i change my http sensitive pages to https while i don't now what is difference between http and https and how to do that
Search Results
Search found 5875 results on 235 pages for 'https'.
Page 20/235 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27 | Next Page >
-
-
Javascript + IFrame + Chrome + Https = strange issue
- by GuiDoody
Using a modal plugin for jquery, I'm opening an iframe in a modal with a click event and setting the source attribute to a relative url (should be within https). The page containing the click is an authenticated ssl page. In IE and Safari, this works as expected. In Chrome and Firefox, the source url is opened in http not https. If I set the source to an absolute url using https, same result. Example: // This doesn't work - resolves to http $('.lnkViewDetails').click(function(e){ var src = "/ThePage"; $.modal('<iframe src="' + src + '" height="500" width="425" style="border:0" frameborder="no">'); }); // This doesn't work - also resolves to http $('.lnkViewDetails').click(function(e){ var src = "https://MySite.com/ThePage"; $.modal('<iframe src="' + src + '" height="500" width="425" style="border:0" frameborder="no">'); }); Anyone know a way to get around this?Read the article
-
Facebook iframe app redirecting https to http, how?
- by Paul Whitrow
I'm trying to get an app working within Facebook, but it seems that no matter what I try including forcing just https in the app settings (see screen shot), the iframe source (Facebooks canvas) seems to change the https address to http (301) which is then producing SEC7111: HTTPS security errors in IE? (sorry I can't post screen shots or extra links yet:( ) Header dump of page in question: Request URL:https://[hidden] Request Method:POST Status Code:301 Moved Permanently Request Headers (13) Form Data (1) Response Headersview source Connection:keep-alive Content-Encoding:gzip Content-Length:253 Content-Type:text/html; charset=iso-8859-1 Date:Mon, 01 Jul 2013 09:42:32 GMT Location:http://[hidden] Server:Apache/2.2.22 Vary:Accept-Encoding I'm getting so confused by this, and would welcome any help that the community could offer.Read the article
-
Tomcat 6 HTTPS connector: keep alive timeout not being respected
- by sehugg
I'm using Tomcat 6.0.24 on Ubuntu (JDK 1.6) with an app that does Comet-style requests on an HTTPS connector (directly against Tomcat, not using APR). I'd like to set the keep-alive to 5 minutes so I don't have to refresh my long-polling connections. Here is my config: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="1000" keepAliveTimeout="330000" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> Unfortunately it seems that the server closes the connection after 65 seconds. The pcap from a sample session goes something like this: T=0 Client sends SYN to server, handshake etc. T=65 Server sends FIN to client T=307 Client sends FIN to server (I'm guessing the 5 minute timeout on the client is due to the HTTP lib not detecting the socket close on the server end, but in any case -- the server shouldn't be closing the connection that early) (edit: this works as expected when using the standard HTTP connector)Read the article
-
https post message fail, where is server log?
- by Samson
I am receiving an error when sending a https post message to my server and I am looking to get more information. I am looking for ssl error log in apache but I cannot find it. I have looked in /usr/local/apache/logs/secure and I don't see the proper error. Should I be looking in a different place? UPDATE: Fyi, the connection is timing out or being lost when I use https and I am trying to figure out why. When I use http it works fine.Read the article
-
SElinux stopping LVS from working with https
- by J Hoskins
LVS/piranha is setup and trying to get it to balance https instead of http. Setup https testing with wget - idea from this link. Works when I do it at the command prompt. With SELinux enforcing, the wget fails to run due to the lack of access to /dev/random. (Error - Could not seed PRNG; consider using --random-file. Disabling SSL due to encountered errors.) wget runs as system_u:system_r:piranha_lvs_t:s0 but the file/device /dev/random has system_u:object_r:random_device_t:s0 Also, wget is trying to getattr and read. How do you allow wget to use /dev/random so it will do ssl?Read the article
-
SVN on https easy setup
- by Webnet
What's the best way to setup SVN on https on a fresh ubuntu installation?Read the article
-
PHPMyAdmin works with https Only (not http)
- by 01010011
Hi I've been having a problem getting phpmyadmin to work consistently on my XP desktop and laptop computers for months now. When I type into Chrome's browser on both machines, localhost/phpmyadmin, I kept getting Error #1045 Access Denied for user at root@localhost (using password yes). Eventually, I realized that I had two (2) versions of mysql installed (XAMPP and MySQL Server 5.1) on both machines. So I uninstalled the MySQL Server 5.1I from the desktop and phpmyadmin worked. But when I uninstalled MySQL Server 5.1 from my laptop, it did not work. But I realized I could still get into MySQL Commandline Client using my password and that my databases were still intact. So I uninstalled and reinstalled XAMPP on the laptop and phpmyadmin worked after that. Now I have a new problem. On phpMyAdmin's home page has a message at the bottom: Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user 'root'. So I located the following lines in config.inc.php file: /* Authentication type and info */ $cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['AllowNoPassword'] = true; and I just changed the last 2 lines as follows: $cfg['Servers'][$i]['password'] = 'mypassword'; $cfg['Servers'][$i]['AllowNoPassword'] = false; As soon as I did that and I tried to access phpmyadmin again, I got the Error #1045 message again, but when I tried https://localhost/phpmyadmin/ I got a red page saying this sites certificate is not trusted would you like to proceed anyway. And now it only works using https. I would really like to settle all my phpmyadmin problems once and for all so here are my questions: 1. Why does my laptop only access phpmyadmin via https? 2. How do I change my password in my configuration file? Also, if you have any other tips regarding phpMyAdmin, they are very welcome. Thanks in advanceRead the article
-
How can we monitor a HTTPS URL?
- by Animesh
A couple of our recent customers have had their applications configured for HTTPS only. Currently we are using a tool which does a good job of monitoring customers' app-server state. For the existing customers, HTTP URLs also work, so the tool can monitor the health. But the recent one have only the HTTPS enabled so the tool fails automatically. To this end, I am looking for a tool which would monitor the app-server state and send email to the group. Simple monitoring like checking to see if the app-server is up or not is all I would need. But more features are also definitely helpful. Thanks!Read the article
-
SSL/https setup for herokuapp.com address rather than my actual domain
- by new2ruby
I have a subdomain of my site pointed to a rails app at mysite.herokuapp.com. I bought a certificate from godaddy and seem to have that all set up correctly. So that when I go to: http://mysite.herokuapp.com or http://dev.mysite.com it's redirected to: https://mysite.herokuapp.com or https://dev.mysite.com The problem is that when I visit dev.mysite.com, I get the error: Safari can't verify the identity of the website. But when I go to mysite.herokuapp.com, I don't get the error. I wanted this to be set up the other way, so that dev.mysite.com did not cause the error. I'm not sure where I went wrong. I used dev.mysite.com when generating the key and when setting it up at godaddy.com. Any ideas where I should look? P.S. The old site is hosted at dreamhost and the DNS info is stored there as well. So I created a subdomain there of type cname which points to mysite.herokuapp.com.Read the article
-
How to have Jetty redirect http to https
- by Noel Kennedy
I want to redirect all requests for http to https using Jetty (6.1.24). For some reason (my ignorance) this is eluding me. This is what I have: <New id="redirect" class="org.mortbay.jetty.handler.rewrite.RedirectPatternRule"> <Set name="pattern">http://foobar.com/*</Set> <Set name="location">https://foobar.com</Set> </New> In response I get 200 - ok, and the body is the page over http, ie the redirect doesn't occur.Read the article
-
Proxy the traffic in http and https from my iPhone/iPad to VirtualBox on my Mac
- by Nicolas BADIA
I've got a mac running a Debian VirtualBox which forward the traffic from 8080 on the mac to 80 in the box and from 8443 to 443. The domains with the extension .dev are redirected on the mac to 127.0.0.1 with dnsmasq. The traffic on IP 127.0.0.1 is forwarded from 80 to 8080 and from 443 to 8443 using ipfw. So with this settings, my Debian VirtualBox gets all the traffic of my .dev domains in http or https. What I want is to be able to proxy the traffic of my .dev domains in http and https from my iPad to my Debian VirtualBox on the mac. I've try to setup an HTTP proxy on the ipad but I can only do it for one port (and it's not working with the port 443). Any idea on how I could achieve that ?Read the article
-
Tomcat and HTTPS connect timeout (local Proxy resolves it)
- by smas
I have web application on the Tomcat with webservices. I've noticed that all web services connected to https get timeout. I run this app on my localhost in my company. When I redirect all my connections through Fiddler (local proxy) everything works correctly. I don't want to execute fiddler all the time. my computer -> [FIDDLER local proxy] -> [remote proxy] // WORKS my computer -> [remote proxy] // timeout How to increase tomcat logging to get more technical logs than only "timeout". Is there any other way to get more information what blocks the https URL?Read the article
-
Problem with domain getting turned to IP address for https
- by user229133
I have a website that is using Windows Server 2003. The site is called https://mysite.com/ and at ip address 111.1.1.1. Now when I log into the site all my relative links that are generated using NavURL (<%# NavURL("Images/Menu/img.gif")%) are saying "http://111.1.1.1/Images/Menu/img.gif" instead of "https://mysite.com/Images/Menu/img.gif". This is causing an error because it needs to be secure. I'm sure there is a setting on the server somewhere to point to the name and not the ip, but I don't know where. Thanks for your help.Read the article
-
Why is chrome slashing my HTTPS?
- by John Isaacks
In Chrome when I view my page the https in the URL has a red slash through it. When I click it, it says: Your connection to www.example.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. ... I am not getting the mixed content warning in IE or FF. Is there a way to get Chrome to tell you exactly what/where is causing the issue? I am having trouble finding what is causing Chrome to throw a hissy fit. I searched my source for any http that does not contained https but am not seeing any. It would be nice if there is an easy way to pinpoint the issue.Read the article
-
HTTPS load balancing based on some component of the URL
- by user38118
We have an existing application that we wish to split across multiple servers (for example: 1000 users total, 100 users split across 10 servers). Ideally, we'd like to be able relay the HTTPS requests to a particular server based on some component of the URL. For example: Users 1 through 100 go to http://server1.domain.com/ Users 2 through 200 go to http://server2.domain.com/ etc. etc. etc. Where the incoming requests look like this: https://secure.domain.com/user/{integer user # goes here}/path/to/file Does anyone know of an easy way to do this? Pound looks promising... but it doesn't look like it supports routing based on URL like this. Even better would be if it didn't need to be hard-coded- The load balancer could make a separate HTTP request to another server to ask "Hey, what server should I relay to for a request to URL {the URL that was requested goes here}?" and relay to the hostname returned in the HTTP response.Read the article
-
Safari can’t establish a secure connection to the server
- by Haris
I am using Mac OS X 10.5.8 behind a company firewall and have proxy settings and username / password through which I can connect to internet. The internet is working as I am posting this question through it, but if I try to open Facebook or Gmail the following message appears: Safari can’t open the page “https://www.google.com/accounts/ServiceLogin?[..]” because Safari can’t establish a secure connection to the server “www.google.com” What could be wrong?Read the article
-
Jungledisk file transfer security
- by JC
Does JungleDisk use https for file transfers? If so, does this mean a 3rd party cannot intercept content or even file names of files being backed up? (assume JungleDisks encrypt option is not being used)Read the article
-
RapidSSL not trusted using the check on "why no padlock"
- by Rippo
On http://www.whynopadlock.com/check.php whilst testing the following url https://www.bobclubs.com/pay I get the following message:- ERROR: cannot verify www.bobclubs.com's certificate, issued by `/C=US/O=GeoTrust, Inc./CN=RapidSSL CA': Unable to locally verify the issuer's authority. I am not 100 sure why this is as all issuer is OK, all items are secure and I get a padlock on all browsers. Can any one shed some light on this?Read the article
-
How can I force mail clients like Outlook or Thunderbird to load SSL images with invalid certificate?
- by Abel
Essentially, we only encounter this issue with our testing environments, where we send mail that contains HTTPS links that point to test servers with self-signed SSL certificates. In a browser I can select to accept the certificate. Is there something similar for mail clients like Thunderbird or Outlook that I can use? Currently, we don't see any images in our test mail, which greatly confuses the UAT team.Read the article
-
Translating CURL to FLEX HTTPRequests
- by Joshua
I am trying to convert from some CURL code to FLEX/ActionScript. Since I am 100% ignorant about CURL and 50% ignorant about Flex and 90% ignorant on HTTP in general... I'm having some significant difficulty. The following CURL code is from http://code.google.com/p/ga-api-http-samples/source/browse/trunk/src/v2/accountFeed.sh I have every reason to believe that it's working correctly. USER_EMAIL="[email protected]" #Insert your Google Account email here USER_PASS="secretpass" #Insert your password here googleAuth="$(curl https://www.google.com/accounts/ClientLogin -s \ -d Email=$USER_EMAIL \ -d Passwd=$USER_PASS \ -d accountType=GOOGLE \ -d source=curl-accountFeed-v2 \ -d service=analytics \ | awk /Auth=.*/)" feedUri="https://www.google.com/analytics/feeds/accounts/default\ ?prettyprint=true" curl $feedUri --silent \ --header "Authorization: GoogleLogin $googleAuth" \ --header "GData-Version: 2" The following is my abortive attempt to translate the above CURL to AS3 var request:URLRequest=new URLRequest("https://www.google.com/analytics/feeds/accounts/default"); request.method=URLRequestMethod.POST; var GoogleAuth:String="$(curl https://www.google.com/accounts/ClientLogin -s " + "-d [email protected] " + "-d Passwd=secretpass " + "-d accountType=GOOGLE " + "-d source=curl-accountFeed-v2" + "-d service=analytics " + "| awk /Auth=.*/)"; request.requestHeaders.push(new URLRequestHeader("Authorization", "GoogleLogin " + GoogleAuth)); request.requestHeaders.push(new URLRequestHeader("GData-Version", "2")); var loader:URLLoader=new URLLoader(); loader.dataFormat=URLLoaderDataFormat.BINARY; loader.addEventListener(Event.COMPLETE, GACompleteHandler); loader.addEventListener(IOErrorEvent.IO_ERROR, GAErrorHandler); loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, GAErrorHandler); loader.load(request); This probably provides you all with a good laugh, and that's okay, but if you can find any pity on me, please let me know what I'm missing. I readily admit functional ineptitude, therefore letting me know how stupid I am is optional.Read the article
-
How Do I Enable My Ubuntu Server To Host Various SSL-Enabled Websites?
- by Andy Ibanez
Actually, I Have looked around for a few hours now, but I can't get this to work. The main problem I'm having is that only one out of two sites works. I have my website which will mostly be used for an app. It's called atajosapp.com . atajosapp.com will have three main sites: www.atajosapp.com <- Homepage for the app. auth.atajosapp.com <- Login endpoint for my API (needs SSL) api.atajosapp.com <- Main endpoint for my API (needs SSL). If you attempt to access api.atajosapp.com it works. It will throw you a 403 error and a JSON output, but that's fully intentional. If you try to access auth.atajosapp.com however, the site simply doesn't load. Chrome complains with: The webpage at https://auth.atajosapp.com/ might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_TUNNEL_CONNECTION_FAILED But the website IS there. If you try to access www.atajosapp.com or any other HTTP site, it connects fine. It just doesn't like dealing with more than one HTTPS websites, it seems. The VirtualHost for api.atajosapp.com looks like this: <VirtualHost *:443> DocumentRoot /var/www/api.atajosapp.com ServerName api.atajosapp.com SSLEngine on SSLCertificateFile /certificates/STAR_atajosapp_com.crt SSLCertificateKeyFile /certificates/star_atajosapp_com.key SSLCertificateChainFile /certificates/PositiveSSLCA2.crt </VirtualHost> auth.atajosapp.com Looks very similar: <VirtualHost *:443> DocumentRoot /var/www/auth.atajosapp.com ServerName auth.atajosapp.com SSLEngine on SSLCertificateFile /certificates/STAR_atajosapp_com.crt SSLCertificateKeyFile /certificates/star_atajosapp_com.key SSLCertificateChainFile /certificates/PositiveSSLCA2.crt </VirtualHost> Now I have found many websites that talk about possible solutions. At first, I was getting a message like this: _default_ VirtualHost overlap on port 443, the first has precedence But after googling for hours, I managed to solve it by editing both apache2.conf and ports.conf. This is the last thing I added to ports.conf: <IfModule mod_ssl.c> NameVirtualHost *:443 # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here NameVirtualHost *:443 Listen 443 </IfModule> Still, right now only api.atajosapp.com and www.atajosapp.com are working. I still can't access auth.atajosapp.com. When I check the error log, I see this: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) I don't know what else to do to make both sites work fine on this. I purchased a Wildcard SSL certificate from Comodo that supposedly secures *.atajosapp.com, so after hours trying and googling, I don't know what's wrong anymore. Any help will be really appreciated. EDIT: I just ran the apachectl -t -D DUMP_VHOSTS command and this is the output. Can't make much sense of it...: root@atajosapp:/# apachectl -t -D DUMP_VHOSTS apache2: Could not reliably determine the server's fully qualified domain name, using atajosapp.com for ServerName [Thu Nov 07 02:01:24 2013] [warn] NameVirtualHost *:443 has no VirtualHosts VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1) port 443 namevhost api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1) port 443 namevhost auth.atajosapp.com (/etc/apache2/sites-enabled/auth.atajosapp.com:1) *:80 is a NameVirtualHost default server atajosapp.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost atajosapp.com (/etc/apache2/sites-enabled/000-default:1)Read the article
-
iphone: is there any secure way to establish 2-way SSL from an application
- by pmilosev
Hi I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server. However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue). From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (http://stackoverflow.com/questions/2037172/iphone-app-with-ssl-client-certs). The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate). The whole security protocol should look like this: - HTTPS 2-way SSL to authenticate the application - OTP (token) based user registration (client side key pair generated at this step) - SOAP / WSS XML-Signature (requests signed by the keys generated earlier) Any idea on how to establish the first layer of security (HTTPS) ? regardsRead the article
-
Is it valid to replace http:// with // in a <script src="http://...">?
- by Darryl Hein
I have the following tag: <script type="text/javascript" src="https://cdn.example.com/js_file.js"></script> In this case the site is HTTPS, but the site may also be just HTTP. (The JS file is on another domain.) I'm wondering if it's valid to do the following for convenience sake: <script type="text/javascript" src="//cdn.example.com/js_file.js"></script> I'm wondering if it's valid to remove the http: or https: ? It seems to work everywhere I have tested, but are there any cases where it doesn't work?Read the article
-
How does HTTP Analyzer works?
- by Rampage
Halo, i am interest in methods, which http analyzer uses to capture data. I would like to write program which saves emails sent via web based clients. The problem is https and HTTP Analyzer solves it, but i dont know how. I got one interesting answer on my question before, but it doesnt reveal as much as i would like to know. Programs like HTTP Analyzer can catch the HTTPS data because they insert themselves in the HTTPS stack. As a result, they get the data after it's generated but before it's being encrypted and put in IP packets. This is highly non-trivial. How it is possible to make? If you have any interesting articles solving this issue, please let me know.Read the article
