ssl - Page 60 - Developer IT

Issues when upgrading OpenSSL?

- by Zed Said

We are running an old version of OpenSSL 0.9.7e and would like to upgrade to the most current. Our server is running Debian, and I am wondering if there would be any issues with just upgrading it using apt-get? Would we have to worry about anything breaking, or updating any configurations?

Read the article

force https with apache before .htpasswd

- by johnlai2004

I have this in my .htaccess file RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.myweb.com/phpmyadmin$1 [R,L] AuthUserFile /var/www/myweb/.htpasswd AuthGroupFile /dev/null AuthName "Sovereign Databases" AuthType Basic <Limit GET> require valid-user </Limit> But everytime I go to http://www.myweb.com/phpmyadmin, the .htpasswd prompts me for a credentials BEFORE i'm redirected to https://www.myweb.com/phpmyadmin. After I type in my username and password, I get redirected to https://www.myweb.com/phpmyadmin. The problem is that I don't want anyone to submit their username and password unencrypted via http. How do I force people to login via the https version even if they typed in the http version?

Read the article

Setting Up SNI with Apache 2.2.12 and openssl

- by CCG121

I am running Apache 2.2.12 and openssl 0.9.8g all of my Apache are in /etc/apache2/sites-available/default and i have 2 domains with certificates www.site.com & d7.site.com my <VirtualHost *:443> DocumentRoot /var/www/domain.com ServerAdmin [email protected] ServerName www.name.tld SSLStrictSNIVHostCheck off SSLVerifyClient None SSLEngine on SSLCertificateFile /var/www/sslcerts/name.tld/www_name_tld.crt SSLCertificateKeyFile /var/www/sslcerts/name.tld/private.key </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/d7 ServerAdmin [email protected] ServerName d7.domain.tld SSLStrictSNIVHostCheck off SSLVerifyClient None SSLEngine on SSLCertificateFile /var/www/sslcerts/d7.domain.tld/server.crt SSLCertificateKeyFile /var/www/sslcerts/d7.domain.tld/private.key </VirtualHost>

Read the article

compile ntp without ssl

- by Zulakis

I need to deploy ntp to a very space-critical pxe-imaging-system. (Yes, each KB matters.) Footprint needs to be as small as possible, so I want to compile ntp without linking openssl. According to the manual this is should be possible: If available, the OpenSSL library from http://www.openssl.org is used to support public key cryptography. The library must be built and installed prior to building NTP. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTP configure phase and the interface routines compiled automatically. Only the libcrypto.a library file and openssl header files are needed. If the library is not available or disabled, this step is not required. I already tried out ./configure --without-openssl however, this didn't help. This is my ldd output: ldd ntpd/ntpd linux-gate.so.1 => (0xb7706000) libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb76d5000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7582000) librt.so.1 => /lib/i686/cmov/librt.so.1 (0xb7578000) libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb741d000) /lib/ld-linux.so.2 (0xb7707000) libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7419000) libz.so.1 => /usr/lib/libz.so.1 (0xb7404000) libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb73eb000) The system I am compiling on is 32-bit debian lenny using openssl 0.9.8g-15+lenny16. What is the correct configure option to compile ntp without openssl?

Read the article

Google account gives ERR_SSL_BAD_RECORD_MAC_ALERT errors

- by Kjensen

A couple of days ago, I started being unable to connect to accounts.google.com, which handles logins to all kinds of google services. I get this error in Chrome: Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT): Unknown error. In IE I get this: I assume it is the same error, just wrapped up. I run Win8 RTM. On the SAME machine, using the same network card, in a VMWare workstation image running Win7, I am able to connect perfectly. On another of my machines on my network, I am also still able to connect with no problem. My girlfriend uses the same network and has also complained a couple of times about this error (google calendar) - but this is anecdotal, since her technical troubleshooting abilities stop at "xxxx is broken". Her machine runs Win7. ;) I have rebooted, cleared cookies, do not run any antivirus/firewall, have not changed network config. The first 3-4 days after installing Win8, I did not have any problems. I have also searched, and found a hint about enabling SSL2.0 in connection settings, which did not help. Anybody know something about this error and what I can do to fix it?

Read the article

Intermediate certificates on NLB load balanced servers

- by MrVimes

I am fairly sure I know how to install the 'main' certificate on load balanced servers (install on one, export, import to the others) but I'm not quite sure what to do about the intermediate certificate (the one you install using the certificates snap in in mmc) Do I manually install it using mmc on each server? or is there a similar process involved to the main cert (install, then export, then import on the others?)

Read the article

Dovecot and StartSSL problems with issuer

- by knoim

I am using dovecot (1) and trying to get my StartSSL certificate running. ssl_key_file points to my private key I tried pointing ssl_cert_file to my public key, with and without using the class1 certificate from http://www.startssl.com/certs/sub.class1.server.ca.pem as ssl_ca_file aswell as combing them with cat publickey sub.class1.server.ca.pem chained My mail client keeps telling me the certificate has no issuer, but doing openssl x509 on my public certificate tells me it is C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA My option for the CSR were: openssl req -new -newkey rsa:4096 -nodes Dovecot's log doesn't mention any problems. EDIT: Doesn't seem to be a problem with dovecot. I am having the same problem with postfix. openssl verify gives me the same error.

Read the article

Web based interface for open SSL client certificates

- by Felix

Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I am using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

Read the article

Windows 7 will not install a root certificate

- by Farseeker

I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate brings with it. Using Windows 7, I'm going to: Start > Internet Explorer > Run as Administrator > Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import > (select file) > Next > OK, and Windows reports Import Successful However, the import is NOT successful. The certificate does not show in the list of trusted roots, and certificate errors still show up. If I import the certificate into the Trusted Publishers container, it imports correctly, but this does not solve my security errors. Any ideas?

Read the article

How to configure to URLs for One Server using wildcard supported certificates?

- by Amit

Hi, We have wildcard supported certificate installed in our production environment. One of our client wants his name to appear in the URL (e.g. companyname.sitename.net). How we should facilitate this? Do we need to make any entries for this in DNS? If yes can you please let me know about it? I need to set this up before Fridat PST, any help in this is highly appriciated. Thanks.

Read the article

Can I disable certificate error/warning in Firefox/Chrome/Internet Explorer?

- by Poni

Exactly as the title says; I don't mind which browser, I just want to type "https://........" and see the page normally without any certificate error, knowing that I might risk myself by allowing an invalid certificate! It seems like every browser producer thinks he knows better than me, the Super User !! =) Now, does anyone know how to remove warning/error related to this? In any of these browsers (Firefox/Chrome/Internet Explorer/[you-may-suggest])? Oh, and don't advise me a workaround like adding to exceptions. Please don't mention that. I'd highly appriciate a concise & precise answer! Edit: The answer I seek concerns ONLY the browser. No third-party objects to be used.

Read the article

PEM file to IIS 7

- by Jeremy

I have a PEM file issued by a 3rd party, whose API I'm leveraging. How can I get this into IIS 7?

Read the article

ssl_error_log apache issue

- by lakshmipathi

https://localhost works but https://ipaddress didn't cat logs/ssl_error_log [Mon Aug 02 19:04:11 2010] [error] [client 192.168.1.158] (13)Permission denied: access to /ajaxterm denied [root@space httpd]# cat logs/ssl_access_log 192.168.1.158 - - [02/Aug/2010:19:04:11 +0530] "GET /ajaxterm HTTP/1.1" 403 290 [root@space httpd]# cat logs/ssl_request_log [02/Aug/2010:19:04:11 +0530] 192.168.1.158 SSLv3 DHE-RSA-CAMELLIA256-SHA "GET /ajaxterm HTTP/1.1" 290 httpd.conf file NameVirtualHost *:443 <VirtualHost *:443> ServerName localhost SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /usr/share/ajaxterm > Options FollowSymLinks AllowOverride None Order deny,allow Allow from All </Directory> DocumentRoot /usr/share/ajaxterm DirectoryIndex ajaxterm.html ProxyRequests Off <Proxy *> # Order deny,allow Allow from all </Proxy> ProxyPass /ajaxterm/ http://localhost:8022/ ProxyPassReverse /ajaxterm/ http://localhost:8022/ ErrorLog error_log.log TransferLog access_log.log </VirtualHost> How to fix this ?

Read the article

Gmail uses RC4 128bit - is it strong enough?

- by al nik

I notice that a service like Gmail is using RC4 128 bit as encryption. Is this strong enough to ensure that my emails can't be read by anyone one the net?

Read the article

Setting subversion "password-stores" does nothing?

- by Coderer

The Subversion documentation says that I can set a parameter in ~/.subversion/config like [auths] password-stores = gnome-keyring to have it cache my certificate password in gnome-keyring. I set the option, and nothing happens -- no error messages, no change in behavior, nothing. Maybe I'm missing a log somewhere? I know subversion has to be compiled to support this but AFAIK I'm using the RPM version, which (they say...) ships with it rolled in. Is there a way to check whether my binary supports keyring? Shouldn't it say something if it doesn't?

Read the article

How would you change a home wireless router with a self-signed admin site certificate to be more secure?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article

How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article

How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article

SSLVerifyClient optional with location-based exceptions

- by Ian Dunn

I have a site that requires authentication in order to access certain directories, but not others. (The "directories" are really just rewrite rules that all pass through /index.php) In order to authenticate, the user can either login with a standard username/password, or submit a client-side x509 certificate. So, Apache's vhost conf looks something like this: SSLCACertificateFile /etc/pki/CA/certs/redacted-ca.crt SSLOptions +ExportCertData +StdEnvVars SSLVerifyClient none SSLVerifyDepth 1 <LocationMatch "/(foo-one|foo-two|foo-three)"> SSLVerifyClient optional </LocationMatch> That works fine, but then large file uploads fail because of the behavior documented in bug 12355. The workaround for that is to set SSLVerifyClient require (or optional) as the default, so now the conf looks like this SSLCACertificateFile /etc/pki/CA/certs/redacted-ca.crt SSLOptions +ExportCertData +StdEnvVars SSLVerifyClient optional SSLVerifyDepth 1 <LocationMatch "/(bar-one|bar-two|bar-three)"> SSLVerifyClient none </LocationMatch> That fixes the upload problem, but the SSLVerifyClient none doesn't work for bar-one, bar-two, etc. Those directories are still prompted to present a certificate. Additionally, I also need the root URL to accessible without the user being prompted for a certificate. I'm afraid that will cancel out the workaround, though.

Read the article

Exchange 2010 certificate errors

- by Frederik Nielsen

I have a problem with my newly setup Exchange environment for our hosted customers. First off, when configuring the outlook client, it gives a certificate warning although the certificate has been bought and setup. I am using a setup like this: autodiscover.CUSTOMERDOMAIN.TLD CNAME autodiscover.exchange.COMPANYDOMAIN.TLD (Companydomain is our company that hosts the exchange servers, customerdomain being the customers domain) Shouldn't that work? I know that Microsoft does something like that for Office365, but I really don't think they buy a certificate for every customer.. So I guess some redirection should be setup somehow - any guidance? Next thing: When we accept that error, and move on to actually starting Outlook, it states that the certificate is not valid for the RPC proxy server exchange.COMPANYDOMAIN.TLD - this domain is not right, as that domain is not included in the certificate. I would instead like this domain to be mail.exchange.COMPANYDOMAIN.TLD I tried to run this script setting both internal and external URL's to be the same, with no luck. Any guidance on this one? I am running Exchange 2010 SP2, with CAS, HT and MBX split up on 3 different servers.

Read the article

Google Chrome custom search engine for secure Wikipedia

- by gdejohn

I have this custom search engine set up in Google Chrome: https://encrypted.google.com/search?q=site%3Aen.wikipedia.org+%s&btnI=745 It searches Google for site:en.wikipedia.org {query}, and the btnI=745 is for I'm Feeling Lucky, so it automatically redirects to the first result. I like this better than using Wikipedia's search function directly because it gives me very effective approximate string matching, so I can misspell my search, or leave a word out, or just search for some keywords, and I still get what I'm looking for right away. What I'd like is for it to use Wikipedia's secure gateway: https://secure.wikimedia.org/wikipedia/en/wiki/ It's easy enough to set up a custom search engine that uses the secure version of Wikipedia's search function directly, but I can't figure out how to correctly incorporate it into my version going through Google. Nothing I've tried works.

Read the article

certificate error while subdomain forwarding

- by rahulchandran

I have a website, call it http://sub.example.com, hosted on, say, 72.xx.xx.x. There is a certificate for https://sub.example.com. Now I go into the DNS management tool in my hosting provider, and I set up the standard subdomain forwarding wherein https://sub.example.com forwards to 72.xx.xx.x. Now when I try to browse to https://sub.example.com, I get a certificate error saying it is for the wrong website. I have also tried forwarding http://sub.example.com to 72.xx.xx.x, and tried it with domain masking in both cases. I am still getting the certificate error no matter what. Additional wrinkle: if someone types in https://sub.example.com then the domain forwarding does not seem to work and IE just spins endlesssly and finally fails. How can I domain forward the https://sub.example.com to 72.xx.xx.x?

Read the article

Port-forwarding HTTPS web server

- by James Moore

I have port forwarded our front-facing IP to an internal HTTPS server. The browser does not connect. A wget command determines that the certificate is self-signed for the internal IP. Hence why the browser is refusing to display the page properly. What is the best-practice scenario for this sort of stuff? Thanks

Read the article

certutil -ping fails with 30 seconds timeout - what to do?

- by mark

Dear ladies and sirs. The certificate store on my Win7 box is constantly hanging. Observe: C:\1.cmd C:\certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\set PROMPT=$P($t)$G C:\(13:04:28.57)certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)set PROMPT=$P$G C:\ Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G

Read the article

Apache Server Status page in port 8443

- by batman

I'm very new to apache. I tried to enable the server status page of apache. I added the status.conf and status.load to mods-enabled directory. I changed the config of apache2.conf to include all mods-enabled directory. This is the config of staus.conf: <IfModule mod_status.c> # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. # <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 ::1 # Allow from 192.0.2.0/24 </Location> # Keep track of extended status information for each request ExtendedStatus On # Determine if mod_status displays the first 63 characters of a request or # the last 63, assuming the request itself is greater than 63 chars. # Default: Off #SeeRequestTail On <IfModule mod_proxy.c> # Show Proxy LoadBalancer status in mod_status ProxyStatus On </IfModule> </IfModule> The default settings. I restarted my server. I'm redirecting all ports to 8443. Which in turn turns my requests to localhost:8443/server-status. Which does throw an 404 error. Are there any way to get around this? Thanks in advance.

Search Results

Search found 3358 results on 135 pages for 'ssl'.

Page 60/135 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67 | Next Page >

- by Zed Said

- by johnlai2004

- by CCG121

- by Zulakis

- by Kjensen

- by MrVimes

- by knoim

- by Felix

- by Farseeker

- by Amit

- by Poni

- by Jeremy

- by lakshmipathi

- by al nik

- by Coderer

- by jldugger

- by jldugger

- by jldugger

- by Ian Dunn

- by Frederik Nielsen

- by gdejohn

- by rahulchandran

- by James Moore

- by mark

- by batman

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67 | Next Page >