Search Results

Search found 56753 results on 2271 pages for 'javax net ssl sslpeerunverifiedexception'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 208/2271 | < Previous Page | 204 205 206 207 208 209 210 211 212 213 214 215  | Next Page >

  • Can I have HTTPS and HTTP for a single instance of an application?

    - by Sivakanesh
    I'm planning a web application that will have its own server behind the corporate firewall. There will be two sets of users, internal and external to the organisation. Internal users will be located inside of the firewall as same as the application server and the external users are outside over the internet. All users will be authenticated via a login by the web application. I would like a setup where the external users will be required to access whole of the application using SSL and the internal users via standard http connection. I would like to know, if it is possible to setup a single instance the application so that it can be accessed via SSL for external (over the internet) users AND over http for internal users? Thanks

    Read the article

  • Generate a certificate with Openssl and import the same certificate using keytool

    - by Safari
    I have a question about the SSL during the use of CAS in LIferay. I have generate the certificate using Openssl (I flollowed this tutorial) on my CAS Server and now I would to import the certificate using keytool on the Liferay machine. To import the certificate with keytool I use this command: keytool -import -alias tomcatLiferay -file /myopensslcertificate.crt But when I import the .crt certificate file and I check the CAS connection I get the message: SSL Error. IF I try to generate the certificate using keytool (keytool -genkey...) on the CAS server end I import this certificate using keytool -import .... I can connect to the CAS server and I not see any errors... I think that I use a wrong way to generate the certificate with openssl or a wrong way to import the certificate (generated with openssl) with keytool.

    Read the article

  • Does openssl errno 104 mean that SSLv2 is disabled?

    - by David
    I want to check if my server has SSLv2 disabled. I am doing this by attempting to connect remotely with openssl with the following shell command. openssl s_client -connect HOSTNAME:443 -ssl2 Most literature I could find on the Internet says if I see something similar to the following error then SSLv2 is properly disabled. 29638:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: I do get the above error when connecting to my Ubuntu server with SSLv2 disabled in Apache Apache but when I connect to my Windows Server 2008 R2 server with SSLv2 disabled in the registry I get the following output and error. CONNECTED(00000003) write:errno=104 I can't find any literature explaining this output and error. If anybody could explain to me if and why this output and error means that SSLv2 is properly disabled, I would appreciate it. Thanks!

    Read the article

  • How to turn SSLCompression off in Apache 2.4.3?

    - by kumar
    I have installed Apache 2.4.3(OpenSSL 1.0.0j) on a machine and trying to do SSLCompression off in the ssl.conf file throws an error: Syntax error on line 219 of /etc/httpd/conf.d/ssl.conf: Invalid command 'SSLCompression', perhaps misspelled or defined by a module not included in the server configuration What could be wrong here? If it helps, I installed mod_ssl(2.4). Is that enough or is something more to be done to configure Apache with mod_ssl. I tried phpinfo() in php, and mod_ssl is reflected in the Loaded Modules section.

    Read the article

  • Http to https behavior for visits from Internet Explorer client

    - by Emile
    My website has an SSL cert (example url: https://subdomain.example.com). Under Apache it's set up for both port 80 and port 443. So under the following configuration, anyone who goes to http://subdomain.example.com is sent to https://subdomain.example.com . But for visits from Internet Explorer, the redirect doesn't happen. Instead, http visits get a "Internet Explorer cannot display the web page." with a list of client-side solutions to try. Any ideas on how to fix the config so IE visits have the same behavior as the other browsers (that is, send http to https automatically)? NameVirtualHost *:443 <VirtualHost *:80> DocumentRoot /var/www/somewebroot ServerName subdomain.example.com </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/somewebroot ServerName subdomain.example.com # SSL CERTS HERE </VirtualHost> *Tested IE8, IE9 beta

    Read the article

  • Cisco ASA SSL VPN options?

    - by JonH
    Disclaimer: I am not a network admin so I may be wrong here but I thought asking here would help. I'm a developer mainly on the .net framework as well as helping get a mobile intranet app working. Because this app is only allowed to be used on our network I can easily run this app on our wireless network connection within our building. All is fine and dandy but we'd also like to be able to run this mobile app at say a customer plant using VPN software. I thought surely this could be easy as we exclusively use Samsung s4 phones so I thought I'd download Cisco's Samsung any connect software to allow us to VPN...its right on the play store. Sure enough it doesn't work. I mention it to our network admin who says not possible since we have old technology that doesn't support SSL. He mentions we'd have to upgrade all of our hardware, the firewall, etc. to get this to work. We really need VPN on our phones not only for this app but other internal apps, etc. He did mention the following: We can’t upgrade the software on our ASA, because we don’t have enough memory for the new version.  (the asa is very old).  We can’t add more memory, so we would have to get a new firewall, which I have been told I cannot do. In addition he also mentioned: The Samsung AnyConnect client uses SSL to connect.  With the current (old) version of software that our firewall is running, the SSL connections are unreliable.  We need different hardware in order to upgrade our firewall, which we are unable to attain at this time.  This is the same reason that Windows 8 clients are not able to connect. I am curious hence me asking. vpns seem to be fairly simple to setup. What other options do I have aside from making this a public site or web service that consumes this data over the internet as this is a complete no no. What can we do to make this work without that much effort or cost.

    Read the article

  • Nginx Forward SSL for single site

    - by Will.brown
    I have a nginx server setup and it works fine for http however i would like to bypass the proxy for https connection. I want it so that when someone goes to my ip https:// ip1 (Nginx server) it bypasses ngix and forwards all traffic to https:// ip2(webserver) i do not need ngix to do this for any ssl website just one particular website. SO Client to https:// ip1 to https:/ /ip2 to https:// ip1 to client pc I just want the nginx to not intercept the connection and forward it on and on return forward the connection to client Im guessing i do this by nat mascarade buy not exactly sure how to do it and if i will need to tell nginx to ignore ssl aswell can someone help me please this has gone me stuck

    Read the article

  • Using SSLv3 - Enabling Strong Ciphers Server 2008

    - by Igor K
    I've disabled SSLv2 and SSLv3 is on. However I cannot connect to a remote server which fails with The client and server cannot communicate, because they do not possess a common algorithm Ran an SSL check (http://www.serversniff.net/sslcheck.php) on the remote server and ours, and noticed none of the ciphers they accept we have on our server. How can this be configured? (Windows Web Server 2008) Remote Server Accepted SSL ciphers: DHE-RSA-AES256-SHA AES256-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA AES128-SHA Our server by default accepts: DES-CBC3-SHA RC4-SHA RC4-MD5

    Read the article

  • How to handle user accounts for many sites running on same server

    - by Simon Courtenage
    Background to this question: I want to host multiple e-commerce sites on the same server, each with their own separate customer login application. Each site's login application needs to be secured by SSL. I'm unsure how best to handle this. For example, do I need to acquire a separate SSL certificate for each site (in which case, how do I do this dynamically, as the sites are created), or do I handle this using ONE login gateway-style application, which handles it on behalf of all the sites via a kind of transparent redirect? I'd be grateful for any pointers or advice. Thanks.

    Read the article

  • Allow from referer for HTTP-basic protected SSL apache site

    - by user64204
    I have an apache site protected by HTTP basic authentication. The authentication is working fine. Now I would like to bypass authentication for users that are coming from a particular website by relying on the HTTP Referer header. Here is the configuration: SetEnvIf Referer "^http://.*.example\.org" coming_from_example_org <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Deny from all Allow from env=coming_from_example_org AuthName "login required" AuthUserFile /opt/http_basic_usernames_and_passwords AuthType Basic Require valid-user Satisfy Any </Directory> This is working fine for HTTP, but failing for HTTPS. My understanding is that in order to inspect the HTTP headers, the SSL handshake must be completed, but apache wants to inspect the <Directory> directives before doing the SSL handshake, even if I place them at the bottom of the configuration file. Q: How could I workaround this issue? PS: I'm not obsessed with the HTTP referer header, I could use other options that would allow users from a known website to bypass authantication.

    Read the article

  • Facebook, Twitter, Yahoo doesn't work. CDN problem. Akamai?

    - by Toktik
    Some sites doesn't work normally, they are open, without css, images and javascript errors... Facebook stucks on static.ak.fbcdn.net Twitter stucks on a1.twimg.com Yahoo stucks on l.yimg.com On firefox I'm receiving Waiting for ...(any of those). I can access facebook only with SSL. Like https://facebook.com I ping them, only receive request timed out. Update: When I ping static.ak.fbcdn.net I refer to a749.g.akamai.net, when I ping this server I get Request timed out.

    Read the article

  • Environment variables in Weblogic Managed Server with SSL nodemanager

    - by Eric Darchis
    We have a C legacy application start with JNI that requires environment variables. Not java -Djava.library.path -Dvar=foo as these are purely java. I need real environment variables. When we setup our domains, we usually use the SSH method to start the node managers. This works fine and the env variables are set properly. Recently the sysadmin has decided for a few reasons to use the SSL mode for nodemanagers. The servers start but the environment variables are not set. I checked with "pargs -e" (this is a Solaris machine) that the env variable was indeed not present from the nodemanager and for the managed server. Is SSL starting the managed server without running the .sh scripts or I am missing a parameter somewhere ?

    Read the article

  • Naming standard for additional A records/IP addresses for IIS servers?

    - by serialhobbyist
    When you're adding another IP address to and IIS server, what naming standards do you use for the A records? Background: I've a bunch of sites on an IIS server which use (CNAME'd) host-headers and a single IP address. Server names (and A records) adhere to unfriendly (as in difficult-to-remember) naming standards whereas CNAMEs, and therefore host-headers, can be friendly. Now I've a need for several SSL certificates for different sites. I was thinking about using an additional IP address for each to-be-SSL'd site but still using friendly CNAMEs. So then I come to what to call the A record. What do you do? Related to this question.

    Read the article

  • Forwarding 80 to 443 on Nagios woes

    - by Ethabelle
    I perhaps just need some extra insight because I don't see where I'm going wrong. I used an SSL Cert to secure our nagios server. We want to specifically require all traffic over nagios (like 2 users, lol) to use SSL. So I thought, oh, mod_rewrite + Rewrite Rule in .htaccess, right? So I went into the DocumentRoot and did a vi .htaccess (one didn't already exist) and then I put in the following rule; RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://our.server.org/$1 [R,L] This does absolutely nothing. Does nada. Whhhyy.. Note: AllowOverride all in httpd.conf is on. Also, I verified that the module is not uncommented out ... but note, I couldn't find the mod_rewrite module installed so I copied it over from another server and placed it in modules/mod_rewrite.so . It was weird because it was enabled in the httpd.conf file, but then didn't exist in modules ... I'm a baddie :(

    Read the article

  • embedded tomcat 7 behind iis 7.5 proxy ssl problems

    - by user1058410
    I'm using embedded tomcat 7 behind a iis 7.5 proxy server, with requests being forwarded to tomcat with arr. Everything works fine unless iis is set to require ssl. Then things like links that are generated dynamically in .jsp files on tomcat don't work right. For example if a link is supposed to point to _https://somewhere.com:443 it will be wrote as _http://somewhere.com:8080 (8080 is the port tomcat is running on). The problem seems to come from when tomcat looks at itself to build out the url it sees correctly that it is running on _http://somewhere.com:8080, but i need it to think otherwise. Does anybody know how to accomplish this without using ssl between iis and tomcat? Sorry for the underscores in front of the imaginary urls.

    Read the article

  • Safari, IIS and optional Client Certificates

    - by Philipp
    I've a ASP.Net Webapp running on IIS7.5. The Webserver is configured to accept Client Certifcates. Unfortunately Visitors with Safari Browser are unable to view the Page. Same Problem as described under the following link: http://www.mnxsolutions.com/apache/safari-providing-an-ssl-error-client-certificate-rejected%E2%80%9D-when-other-browsers-work.html Does anyone knows how to solve this? I'd really appreciate your help. edit: Seems to be the same problem: http://superuser.com/questions/231695/iis7-5-ssl-question-safari-users-get-a-prompt-of-certificate-to-select

    Read the article

  • Client-side certificates

    - by walshms
    My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works. Now I'm required to generate x509 client-side certificates to issue for this subdomain. I'm following along this page: (http://www.vanemery.com/Linux/Apache/apache-SSL.html), starting with "Creating Client Certificates for Authentication". I've generated the p12 files and successfully imported them into Firefox. When I browse to the site now, I get an error in FireFox that says "The connection to the server was reset while the page was loading." I think my problem is coming from not signing the client-side correctly. When I sign the client-side certificate, I'm using the PEM file (RapidSSL_CA_bundle.pem) from RapidSSL (who we bought the certificate from) for the -CA argument. For the -CAkey argument, I'm using the private key of the server. Is this correct?

    Read the article

  • How can write a mod_rewrite rule to determine if the domain is not the main domain then change https:// to http://

    - by Oudin
    I've set up a WordPress multi-site with a wildcard ssl for example.com to access the admin area securely. However I'm also using domain mapping to map other domains to other sites e.g. alldogs.com to alldogs.example.com. The problem is when I'm trying to access the front end of a site from and admin for a mapped domain e.g. alldogs.com by clicking "Visit Site" the Link goes to https://alldogs.com because of the forced ssl applied to the admin area. Which produces a certificate warning since the certificate is for example.com and not alldogs.com. How can write a mod_rewrite rule to determine if the url/link clicked on is not the main domain e.g. example.com then change the https:// to http:// so the site can be accessed via port 80 and not generate a certificate warning for that mapped domains

    Read the article

  • Is visiting HTTPS websites on a public hotspot secure?

    - by Calmarius
    It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory. Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption. If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?

    Read the article

  • "Countersigning" a CA with openssl

    - by Tom O'Connor
    I'm pretty used to creating the PKI used for x509 authentication for whatever reason, SSL Client Verification being the main reason for doing it. I've just started to dabble with OpenVPN (Which I suppose is doing the same things as Apache would do with the Certificate Authority (CA) certificate) We've got a whole bunch of subdomains, and applicances which currently all present their own self-signed certificates. We're tired of having to accept exceptions in Chrome, and we think it must look pretty rough for our clients having our address bar come up red. For that, I'm comfortable to buy a SSL Wildcard CN=*.mycompany.com. That's no problem. What I don't seem to be able to find out is: Can we have our Internal CA root signed as a child of our wildcard certificate, so that installing that cert into guest devices/browsers/whatever doesn't present anything about an untrusted root? Also, on a bit of a side point, why does the addition of a wildcard double the cost of certificate purchase?

    Read the article

  • HTTPS subdomain does not load site under HTTP

    - by Mark Lawrence
    I recently installed an SSL certificate on a subdomain following the steps at cPanel. Lets just say the domain is example.com and the subdomain is sub.example.com. I updated the userdata file for the subdomain and changed the IP address to the IP I wanted to use I updated the example.com zone file and changed the IP for the A Name for the subdomain to the IP I wanted to use Using domain tools I checked that sub.example.com resolved to the new IP which it does. I then installed an SSL certificate on example.com and then on sub.example.com When I visit http://sub.example.com I get the default Apache account screen, and when I visit https://sub.example.com I get the cPanel 404 page. If however I enter https://sub.example.com/admin (the location of my admin section) the page loads and I can login. I thought that this might be a propagation issue however as the subdomain resolves to the IP and I can reach the admin page I suspect it is not a propagation issue and possibly an incorrect zone file. Any thoughts?

    Read the article

  • using main domain as a mail server

    - by zensys
    I have a mail server set up as mail.mydomain.com like most people do. Now I find out that if I want to secure both mail.mydomain.com and mydomain.com with ssl I need two SSl certificates (or one more versatile but more expensive certificate). Does it make sense to run my mail server under mydomain.com (it is the same physical machine anyway) to save certificate expenses (I am Dutch) or is this being pound foolish? What is the rationale of separating the mail server from the 'www' server apart from the intuitive 'neatness' appeal?

    Read the article

  • Authenticating SSL in Paros Proxy

    - by Chevi
    I need to inspect some traffic from my iPhone to debug an application, which is going and coming from an https address. Since I don't have a Mac at the moment, I tried with Paros proxy, which I had used before. It's working fine with http connections, but whenever I try to open a website with SSL encryption in Mobile Safari it says that the certificate is not trusted. I can "Continue" and it would work, but not on Applications. How can I set up a trusted certificate with Paros and the iPhone? Thanks in advance, Alex UPDATE: I'm going to try and create my own SSL certificate for testing with Windows' MakeCert UPDATE 2: For some reason I could get Windows SDK to install, so I haven't tried this yet...

    Read the article

  • Apache will not stop/start gracefully

    - by ddjammin
    CentOs 6 64bit running apache 2.2.15-29.el6.centos. When I try to stop/start or restart httpd I get an error that says it has failed. A tail of the error log is below. I also noticed that a httpd.pid file is not created even though it is configured in the main conf file. If I set selinux to permissive, it works just fine. I do not want to run it with selinux disabled. If I delete the SSL_Mutex file it will start. HTTPD was running fine until I tried to add the ssl configuration. I copied over the ssl.conf file from a working server into the conf.d folder. I also copied a sslcert folder into the conf folder. It contains the certs, key, csr and password file. I think the problem has to do with the selinux context for the sslcert folder that was copied but I am not certain and not sure how to fix it. Below is the security context for the sslcert folder after executing restorecon -R sslcert ls -Z -rw-r--r--. root root system_u:object_r:httpd_config_t:s0 httpd.conf -rw-r--r--. root root system_u:object_r:httpd_config_t:s0 magic **drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 sslcert** tail -f /var/log/httpd/error_log [Thu Oct 17 13:33:19 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 17 13:33:20 2013] [notice] Digest: generating secret for digest authentication ... [Thu Oct 17 13:33:20 2013] [notice] Digest: done [Thu Oct 17 13:33:20 2013] [warn] pid file /etc/httpd/logs/ssl.pid overwritten -- Unclean shutdown of previous Apache run? [Thu Oct 17 13:33:20 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations [Thu Oct 17 21:04:48 2013] [notice] caught SIGTERM, shutting down [Thu Oct 17 21:06:42 2013] [notice] **SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0** [Thu Oct 17 21:06:42 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Oct 17 21:06:42 2013] [error] (17)File exists: Cannot create SSLMutex with file `/etc/httpd/logs/ssl_mutex' I also saw mention of possible issues with semaphores. Below is the output of the current semaphores and apache is currently not running. ipcs -s ------ Semaphore Arrays -------- key semid owner perms nsems 0x00000000 0 root 600 1 0x00000000 65537 root 600 1 Finally selinux reports the following error. `sealert -a /var/log/audit/audit.log` 0% donetype=AVC msg=audit(1382034755.118:420400): avc: denied { write } for pid=3393 comm="httpd" name="ssl_mutex" dev=dm-0 ino=9513484 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_log_t:s0 tclass=file **** Invalid AVC allowed in current policy *** 100% doneERROR: failed to read complete file, 1044649 bytes read out of total 1043317 bytes (/var/log/audit/audit.log) found 1 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/sbin/httpd from remove_name access on the directory ssl_mutex.

    Read the article

  • All HTTPS, or is it OK to accept HTTP and redirect (secure vs. user friendly)

    - by tharrison
    Our site currently redirects requests sent to http://example.com to https://example.com -- everything beyond this is served over SSL. For now, the redirect is done with an Apache rewrite rule. Our site is dealing with money, however, so security is pretty important. Does allowing HTTP in this way pose any greater security risk than just not opening or listening on port 80? Ideally, it's a little more user-friendly to redirect. (I am aware that SSL is only one of a large set of security considerations, so please make the generous assumption that we have done at least a "very good" job of covering various security bases.)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 204 205 206 207 208 209 210 211 212 213 214 215  | Next Page >