Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 55/216 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62 | Next Page >

ISA Server 2006 SSL Certificate Dilemma

- by JohnyD

I'm making so great headway in offering our services over https with help from a Go Daddy certificate, later to be upgraded to Thawte SSL123 certs. But, I've just run into one whopper of a problem. Here's my setup: I run an ISA 2006 firewall. Our web services are distributed over 2 servers. One is Windows 2000 (www.domain.com) and the other is Windows 2003 (services.domain.com). So, I'll need to purchase 2 certs for both www and services, import them into IIS6 on their respective machines, then export them with the primary key (making sure to Include all certificates in the certification path if possible... that had me stumped for a while), and then to finally import them into ISA's local computer Personal store. The problem I've just run into is that I have separate firewall rules for services.domain.com and www.domain.com... because requests need to be forwarded to different web servers. Each of these firewall rules use the same httplistener. I have just found out that you can only use 1 certificate per httplistener. To make matters worse you can only have a single httplistener per ip / port. Is this correct? I can only use a single certificate for a single ip address? This would seem to be a severe limitation. Am I wrong? If I'm not then I've got a whole lot more work ahead of me as I'll have to set up extra ip's, add them to the firewall's network interface, create new listeners using that ip, etc... Can someone please confirm that I'm doing this correctly / incorrectly? Once I got my head wrapped around it all it seemed easy... then this. Thanks in advance.

Read the article
Error 720 on VPN (PPTP) attempt

- by Andy Shulman

When I attempt to connect to a server running XP x64 (so essentially Server 2003) using a PPTP connection, it fails with client-side error Registering your computer on the network... Error 720: A connection to the remote computer could not be established. You might need to change the network settings for this configuration. and server-side error Event ID: 20050 The user WINSERV3\Andy connected to port VPN8-1 has been disconnected because no network protocols were successfully negotiated. I have configured the router to pass both TCP packets on 1723 and GRE packets. I have used Wireshark (filtering out ARP, UDP, and all TCP ports other than 1723) to observe the packets received by the server. Wireshark does not explicitly name any protocol GRE, but it does tell me the server sent and received TCP, PPTP, PPP LCP, PPP CHAP, PPP CBCP, and PPP IPCP. The connection seems to go wrong at packet 30, where the protocol is PPP LCP, with the payload of the packet being labeled "Protocol Reject". Obviously, this is going from server to client. This would seem to lead to the conclusion that there is something wrong with my client, which runs Windows 7 Ultimate x64. However, it is able to connect to my house's router, which runs the DD-WRT firmware and is thus a PPTP endpoint. I'm thoroughly at a loss. Please help!

Read the article
CSR, SSL and load balancers?

- by RadiantHex

Hi folks, do I need to generate a CSR on the load balancer or on the individual servers?

Read the article
How to detect VPN disconnection with vpnc?

- by Abhinav

What is the easiest way to detect that a vpnc connection on Linux/Ubuntu has disconnected? Manually, I think the way to detect is to check whether the interface (tun0) appears in /sbin/ifconfig output. Is there a better way to find out immediately, so that a script can be run to restart the connection?

Read the article
Force SSL on one page via .htaccess without looping

- by Will Martin

Okay, I have this code: RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/borrowing/ill/request\.php$ RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] The way I would expect this to work is: A request for /borrowing/ill/request.php comes in on HTTP. The rule matches. The server redirects to HTTPS. The rule does not match, because HTTPS is now on. The way it actually works is: A request for /borrowing/ill/request.php comes in on HTTP. The rule matches. The server redirects to HTTPS. The rule matches. The server redirects to HTTPS. The rule matches. The server redirects to HTTPS ... And so on. I know that the second condition (matching the file name) is working, because the redirect loop only hits that specific page. The question is, why isn't the switch to HTTPS causing the first condition to not match? EDIT: I put the exact same .htaccess rules into a test area on another server -- same file and path info. And they worked just fine. There's got to be something wrong with the server configuration elsewhere.

Read the article
proxy/vpn by dns entry

- by rcourtna

I've been using a service by unblock-us.com, which provides a proxy to Canadians/others allowing access to services that are locked down to only US ip addresses. This is easy enough to achieve by setting up a reverse proxy (eg: squid) on a US-hosted server, and then configuring your browser or OS to use that proxy. However, there is something that unblock-us does that I'm not sure how to duplicate. Rather than configuring your OS to use them as a proxy, you can simply change the DNS Server settings on your router to point to their addresses. Any requests to services they support are automatically proxied. The advantage to this is that you don't have to set up every computer in your house, and it "just works" with clients like ps3, xbox, android, etc. Disadvantage is you really don't have control over what gets proxied, as well as there are privacy concerns I suppose. How can I achieve this same functionality on my own us-based slice?

Read the article
SSL TurnKey Linux

- by ralexandru

Hi there. I have a TurnKey Mantis linux appliance and I want to make the connection secure.I've bought from GlobeHost a certificate and got the following files :sub-domain_domain_net.ca-bundle and sub-domain_domain_net.crt.I've got the Sftp connection to work.How can I install the certificate ?

Read the article
UFW blocks SSL connections Varnish/Apache2 on Ubuntu 12.04

- by user1383815

I have installed Virtualmin on a Ubuntu 12.04 server and I'm using LAMP stack with Varnish (:80) in front of Apache (:8000). However, I cannot access https when UFW is enabled. When I disable UFW, all works fine. Here is what UFW logging shows when I attempt to access a website via https: Dec 14 05:42:29 localhost kernel: [64491.327263] [UFW BLOCK] IN=eth0 OUT= MAC=e4:11:5b:e5:ef:8c:00:d0:02:8f:f0:00:08:00 SRC=MY_IP_ADDRESS DST=SERVER_IP_ADDRESS LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=2524 DF PROTO=TCP SPT=56430 DPT=20000 WINDOW=8192 RES=0x00 SYN URGP=0 Here is my UFW ruleset: $ ufw status Status: active To Action From -- ------ ---- 2221 ALLOW Anywhere 10000 ALLOW Anywhere 80 ALLOW Anywhere 21 ALLOW Anywhere 8000 ALLOW Anywhere Apache Secure ALLOW Anywhere 2221 ALLOW Anywhere (v6) 10000 ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6) 21 ALLOW Anywhere (v6) 8000 ALLOW Anywhere (v6) Apache Secure (v6) ALLOW Anywhere (v6) Does anyone have any pointers how to fix this problem? Thank you for your time.

Read the article
BES 5.0 SSL Certificate

- by Superfly

I have recently installed BES 5.0 on a Hyper-V (i know it's not officially supported) 64-bit Server 2008 box with a remote SQL 2005 database. I successfully installed and was able to access the Blackberry Administration Service but was getting untrusted certificate errors so I followed the documentation for importing CA and BAS certificates with the Java keytool. They imported successfully but now the BAS webpage shows a "page cannot be displayed" error. TSupport is no help at all. Any ideas?

Read the article
Cant logon to domain over site-to-site vpn

- by 3molo

Tied together branch office with main office over two Cisco ASAs. The (internal) networks on either side can communicate with the other. I can ping, use the DC's DNS service and even join a domain on a new client. I can't however logon, I get the "domain controller is not available" error message on client. I find nothing peculiar in DC's event logs. Sicne it's site-to-site (with ping), it's always up so it should work. No firewall rules (except allow any any) between the two networks (of either side). Main site internal net: 10.10.10.0/24 Branch office net: 10.180.3.0/24 Am I overlooking something here? Where should I start investigating this?d

Read the article
Connecting Small business network to Azure Site to Site VPN

- by MarkKGreenway

Would like to have connectivity between azure virtual machines and on LAN users. My current network has a Cisco ISA550 connected to the WAN (one Ethernet cable into the office the fiber transceiver is on a different floor)and any public servers can be one-to one NAT-ed to have a public and private IP. What is the best way to get a reliable connection. Between end users and the cloud? I want to know the preferred on site endpoint. Do the azure vm's have to have a local ip in the LAN subnet? (Right now 10.10.0.0/20 or 255.255.240.0 to give room if this is the case). If in purchased an asa550 would I put it behind or in front of the isa550. Would it be ahead or peer with the users switches? What is the best way to get a reliable connection. Between end users and the cloud servers?

Read the article
ssl certificate for www.domain.com and domain.com

- by user12145

I used make-dummmy-cert that comes with apache 2.2 and ssl_mod to make a self-signed certificate, I tried www.domain.com domain.com *.domain.com, none of them would work for both www.domain.com and domain.com. The browser would say The certificate is only valid for domain.com( or www.domain.com or *.domain.com respectively) how do I make a self-signed cert that would work for both cases?

Read the article
SSL certificate for ISAPI redirected Web Site

- by Daniel

I have a Win 2003 server and I'm using Ionics Isapi Rewrite Filter to redirect requests made to a Web Site configured in IIS to another Apache2 Server in a server not exposed to the Internet. The Web Site has its host headers configured to catch requests for the specific site, and the redirection is being done with the ProxyPass directive. This is working OK. So far the scenario, my question is: I'd like to add a server certificate to the Apache server, but I don´t know if I need to add the certificate to both Apache and IIS sites. I think I still don´t get the theory behind this and would like to know from someone with expertise in the field the right way to implement this. Thank you in advance.

Read the article
Apache SSL configuration testing

- by jldugger

When I run configtest on our Apache server, I get the following: `Syntax error on line 1023 of /www/conf/httpd.conf: Invalid command 'SSLEnable', perhaps mis-spelled or defined by a module not included in the server configuration` I know this part of the configuration works. Is there a trick to make configtest mod_ssl aware?

Read the article
Configuring IIS 7.5 to be FIPS 140.2 compliant

- by tomfanning

I need to configure IIS 7.5 (Server 2008 R2) to be FIPS 140.2 compliant. Specifically, this involves disabling all SSL protocols other than TLS 1.0. I have set the following registry keys: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server to Enabled(DWORD) = 0 as per this KB, but SSL Labs' checker says "SSL 2.0+ Upgrade Support" is enabled. (Everything other than that and TLS 1.0 is not available, so we're getting somewhere). It also says "FIPS ready - no" - presumably because SSL 2.0+ Upgrade Support is still enabled. serversniff.net says SSL 2.0 is turned off, and doesn't say anything about SSL 2.0+ Upgrade Support. Could this be an anomaly with SSL Labs' checker?

Read the article
vsFTPD mixed SSL and plain text mode

- by stan31337

Is it possible to configure vsFTPD to use Explicit FTP over TLS for all connections except those coming from 127.0.0.1? Joomla website is being hosted on a server, and it's unable to use FTPES, so I had to set: force_local_data_ssl=NO force_local_logins_ssl=NO But I want to force content managers to use FTPES, and I am unable to control whether they have chosen FTP or FTPES in their client's connection properties. Thank you!

Read the article
PFSense VPN Routing

- by SvrGuy

We use PFSense firewalls at three installations with the following LAN networks: 1.) Datacenter #1: 10.0.0.0/16 2.) Datacenter #2: 10.1.0.0/16 3.) HQ: 10.2.0.0/16 All of these locations are linked via an IPSEC tunnel that works properly. Hosts in any of the above networks can communicate with hosts in any other of the above networks. Now, for our laptops etc. we established a road warrior network 10.3.0.0/16 and have implemented OpenVPN to link the laptops etc. to Datacenter #1. This works great too, so our laptops can connect and communicate with any host in Datacenter #1 (anything on 10.0.0.0/16) The problem is the laptops can't communicate with any hosts that Datacenter #1 can reach by its IPSEC tunnel to Datacenter #2 (and/or the HQ for that matter). Does anyone know what to do configuration wise on the PFSense box in Datacenter #1 to configure to route packets received on the OpenVPN tunnel to Datacenter #2 over the IPSEC tunnel? It could be a setting on the OpenVPN or some sort of static route or some such. Any ideas?

Read the article
apache and SSL certificate

- by user12145

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) When connecting to https://www.xxx.com, it just says connecting, then timed out. ServerAdmin [email protected] ServerName www.xxx.com:443 DocumentRoot /var/www/vhosts/xxx SSLCertificateFile /etc/pki/tls/certs/xx.com.crt

Read the article
Chrome - SSL Security issue on Windows platforms?

- by al nik

Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is RC4 cipher, 128-bit key This encryption is weak, and it's the one used by old browsers like IE6. Chrome works fine on Fedora9 and it uses AES cipher, 256-bit key as more modern browsers do (i.e.Firefox) I consider this a security issue. I'm considering to switch back to Firefox in Windows. Do you know if it's possible to change the default encryption key in Chrome?

Read the article
Do any well-known CAs issue Elliptic Curve certificates?

- by erickson

Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it? I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications. Bounty Criteria To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion. Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

Read the article
How Can I Force SSL in nginx?

- by Cata

I need to redirect all traffic from http://mydomain.com to ? What is the right way to do this in nginx?

Read the article
VPN: What should my Gateway remote ID be?

- by Lynn Owens

I have a Netgear ProSafe UTM. I set the Gateway local ID to it's WAN IP. But I'm not sure what to put for it's Remote ID. I want to be able to connect to it from a laptop across the internet. I can chose between: Remote IP FQDN Client FQDN Cert DN Frankly I've tried them messing around with them all but I'm just shooting in the dark, and the help desk docs are worthless. Also, Googling around seems to end up with lots of pages not really related to what I want. A lot of pages on configuring Cisco or Windows home networking or privacy advocates.

Read the article
Is there a way to change the string format for an existing CSR "Country Code" field from UTF8 to Printable String?

- by Mike B

CentOS 5.x The short version: Is there a way to change the encoding format for an existing CSR "Country Code" field from UTF8 to Printable String? The long version: I've got a CSR generated from a product using standard java security providers (jsse/jce). Some of the information in the CSR uses UTF8 Strings (which I understand is the preferred encoding requirement as of December 31, 2003 - RF 3280). The certificate authority I'm submitting the CSR to explicitly requires the Country Code to be specified as a PrintableString. My CSR has it listed as a UTF8 string. I went back to the latest RFC - http://www.ietf.org/rfc/rfc5280.txt. It seems to conflict specifically on countryName. Here's where it gets a little messy... The countryName is part of the relative DN. The relative DN is defined to be of type DirectoryString, which is defined as a choice of teletexString, printableString, universalString, utf8String, or bmpString. It also more specifically defines countryName as being either alpha (upper bound 2 bytes) or numeric (upper bound 3 bytes). Furthermore, in the appendix, it refers to the X520countryName, which is limited to be only a PrintableString of size 2. So, it is clear why it doesn't work. It appears that the certificate authority and Sun/Java do not agree on their interpretation of the requirements for the countryName. Is there anything I can do to modify the CSR to be compatible with the CA?

Read the article
Windows 2012 VPN setup without Active Directory

- by iss42

I have followed the guide here: http://www.youtube.com/watch?v=9qbpxKRb-94 But my situation differs with respect to there being no AD (Active Directory) setup. When I try to connect I get this in the server event log: "The user xx connected from x.x.x.x but failed an authentication attempt due to the following reason: The account does not have permission to dial in." Is there a way to enable this without AD?

Read the article
The SSL certificate doesn't established

- by Andrey Eagle

situation following: Windows Server 2008 R2 platform. Certificate installation in the IIS Manager occurs successfully with *.cer file but if I refresh the manager (F5), the certificate vanishes from the list. And, respectively in the Bindings window, at https addition, the certificate is absent in the menu. Thus if to open certificates via the MMS console, it can be seen in the Personal store. Whether there is any possibility to make so that the web server could "see" this certificate or how to make so that it didn't disappear from the list? Prompt how to solve this problem, thanks in advance! P.S. The certificate is acquired in tawte. In total that to me provided, these are account data where it is possible simply with save-pastit the certificate in 2 options: PKCS#7 and X.509. Here is the manual I used. P.S.2 If Complete Certificate Request with *.p7b I get an error: Cannot find the certificate request that is associated with this certificate file. Acertificate request must be comleted on the computer where the request was created.

Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62 | Next Page >