Openshift trustwave intermediate ssl cert issue
ssl,https,ssl-certificate,openshift
Ok solve it after lots of searching, and Trustwave still reports it as wrong but all browsers seem to accept it. So I got the main cert file (I was using my-domain.com.pem) copy and paste the contents into a new file (something like combined.pem) then open your intermediate file (chain.cer...
HTTP to HTTPS mapping using proxy servers
this should be easy with apache. in your virtual host add ProxyPass /myapp https://somehost.com/myapp ProxyPassReverse /myapp https://somehost.com/myapp then you can use yourinternalhost.company.com/myapp/ then watch your error log about SSLProxyCheck* messages (depends on the ssl certificate) see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn mod_proxy: httpd.apache.org/docs/2.4/mod/mod_proxy.html (see proxyremote for using another (corporate) proxy...
Automate HTTPS Login
I figured it out. In the Authentication section there are 3 "input names", but I was only sending 2. I added the "btlog" item (see below), and it came back with a set-cookie and a link to the page I needed to go to. QUrlQuery urlQuery; urlQuery.addQueryItem("btlog", "Connection"); urlQuery.addQueryItem("user_sys", username);...
Redirect to a 3rd party HTTP page from HTTPS without the certificate error
java,jsp,security,https,warnings
Even if you find a way to circumvent this it (hopefully) will be only a shortlived solution: you would undermine a security measure. Perhaps not implementing this in the foreground = browser but transferring this to the backend might help: have your JSP talk to some code on your server...
Copied ssl cert to a test site, how do I remove it?
http,ssl,drupal,https,softlayer
https://www.drupal.org/https-information has some information on how to use SSL certs in drupal specifically. Since you didn't provide the actual error your browser is giving you, I'm going to guess its a domain name mismatch error (like this https://www.digicert.com/ssl-support/certificate-name-mismatch-error.htm ). Basically you will either need to access your site via the...
Instaling updated SSL Certificates breaks Java web integration?
The likely reason why Java clients are not handling the new server certificate well is simply that the Java version of these clients is out-of-date. Each installation of Java Runtime Environment (JRE) comes with a trust store file called cacerts (at <java-home>/lib/security/cacerts), which includes all the Certificate Authority (CA) and...
REST HTTPS login with Ruby - Connection Reset by peer
Turned out that I needed to set form data for this work. require 'net/http' require 'openssl' uri = URI.parse("https://.../login.jsp") https = Net::HTTP.new(uri.host,uri.port) https.use_ssl = true req = Net::HTTP::Post.new(uri) req.set_form_data('userid' => '[email protected]', 'passwd' => 'mypassword') res = https.request(req) puts res ...
Reverse Tunnel over JSCH (SSH) and HTTPS
java,apache,ssh,https,http-tunneling
Unfortunatly no any one has tried to reply; I found the solution. The solution is based on the HTTP 1.1 CONNECT command and doesn't support direct tunnel. On the Java client // Install the all-trusting trust manager final SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); JSch jsch = new...
SSL certificate multiple domain. Reuse certificate
Each certificate can be used just by one domain, despite, you can use it for all your subdomains. https://ssl.comodo.com/wildcard-ssl-certificates.php...
IE10 Page can't be displayed, other browsers can
web-services,internet-explorer,ssl,https,windows-server-2012
A combination of hardening for PCI DSS(securing servers) and the webservice provider not announcing protocols that were enabled was causing the issue. Moving the server out of PCIDSS policy made the webservice connection function normally. The changes were displayed only after restarting the server, because of registry modification. Thanks to...
Permission denied when implementing JavaScript within an iframe from the parent page
javascript,jquery,iframe,https,tinymce
fiddle.jshell.net (the parent document domain) is different to jsfiddle.net (your iframe domain). I've changed your code to point to the jshell.net url instead (You can get this by using the URL of the frame in the bottom right of jsfiddle rather than the address bar). https://jsfiddle.net/GarryPas/5f4ct5ph/7/ showIt() and hideIt() don't...
Problems connecting via HTTPS/SSL through own Java client
java,ssl,https,sslhandshakeexception
According to https://www.ssllabs.com, the server supports cipher suites TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA They are listed as "unavailable cipher suite" as you can see in the debug messages. In the JRE/lib/security/local_policy.jar, we see // Some countries have import limits on crypto strength. This policy file // is worldwide importable....
htaccess force https on specific query param and remove www generally
regex,apache,.htaccess,mod-rewrite,https
Try using THE_REQUEST in first 2 rules: RewriteCond %{THE_REQUEST} !/index\.php\?param=foo[&\s] RewriteCond %{HTTPS} on RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R] RewriteCond %{THE_REQUEST} /index\.php\?param=foo[&\s] RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] RewriteCond %{HTTP_HOST} ^www\. RewriteCond %{HTTPS}s ^on(s)|off RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$ RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L] Make sure to clear your browser cache for testing this...
some of my https requests in Jmeter arbitrarlily switches to plain http but keeps the port on 443
I solved it by removing a HTTP Request Defaults config element. That config must have confused the rest of the script. I also got the same tips from Blazemeter on Twitter, after I had solved it....
Excluding certain pages from being redirected to https
wordpress,.htaccess,redirect,https,http-redirect
Try using THE_REQUEST instead of REQUEST_URI: <IfModule mod_rewrite.c> RewriteEngine On # Go to https if not on careers RewriteCond %{SERVER_PORT} =80 RewriteCond %{THE_REQUEST} !/careers/[\s?] [NC] RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R,L] # Go to http if you are on careers RewriteCond %{SERVER_PORT} !=80 RewriteCond %{THE_REQUEST} /careers/[\s?] [NC] RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R,L] </IfModule>...
Replace IIS Express certificate with sha-256 certificate
In mmc's Certificate plug in, add your new certificate to local computer's Personal store. At command prompt, use netsh http to change certificate mapping from the old one to your new one. ...
Htaccess: HTTPS redirection on page + sub pages
apache,.htaccess,mod-rewrite,redirect,https
# HTTPS page Redirects RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?enrolments/(.*) https://%{SERVER_NAME}/enrolments/$1 [R,L] #END https redirects ...
Https upload MultipartForm returns 401 unauthorized
c#,forms,file-upload,https,http-status-code-401
Something possibly changed on Coverity's end, since this was working two weeks ago. Based on this other question here How to upload files to Asp.Net MVC 4.0 action running in IIS Express with HttpClient class included in .Net 4.0 I've found what I think is the solution. You need to...
mobile vs dektop authentication with client certificate HTTPS
c#,authentication,ssl,https,x509certificate
There's no difference in the protocols, but installation of the certificates on the devices and later access to them is much different. How did you install the device certificate on Windows, and how on the iPhone?
ServiceStack Soap 1.2 HTTPS Client
c#,soap,https,servicestack,soap1.2
The problem with config file is that it isn't always straightforward and sometimes plain unpractical. On top of this ServiceStack promotes config-less coding model. I managed to achieve the required functionality with the following SSL-neutral client: public class SoapServiceClient : Soap12ServiceClient { public SoapServiceClient(string uri) : base(uri) { if (uri.StartsWithIgnoreCase("https://"))...
X.509 versus Whte Listing Authentication
security,ssl,amazon-web-services,https,x509
Ok, I figured out the answer. I found an excellent webpage by Maxim Porges that explained everything that I needed, http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/ Yes, I can authenticate both the server and client. No code changes are needed on the server side. I just need to place the client certificate in the server...
Tomcat support for HTTP/2.0?
tomcat,https,tomcat7,tomcat8,http2
I'm the HTTP/2 implementer in Jetty, and I watch out other projects implementing HTTP/2. Tomcat's Mark Thomas has outlined support for HTTP/2 for Tomcat 9. Considering that Servlet 4.0 is going to have as a target HTTP/2 support, and that HTTP/2 support requires ALPN support in the JDK (which also...
GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"
angularjs,http,ssl,https,flask
It was a weird case that came down to removing a forward slash from the end of a URL fixing everything. Somehow, whenever we made a GET request using $http in Angular like baseurl + inventory.id + "/", it would make a http request but as soon as remove that...
forcing silex framework to generate https links
php,symfony2,https,routing,silex
For that specific case, I solved the problem declaring a base url like so in app.php: $app['customBaseUrl'] = 'https://mybaseurl'; then prefixed all my links with this custom baseUrl. Those links aren't generated by the url() twig function anymore. Not the prettiest way to do it though. I would recommend Artamiel's...
Flask ssl. Always writes connection is unsecure
I'm assuming you server.crt and server.key yourself. In that case, the Firefox warning is correct. What you've done is created a "self-signed" certificate, and almost all browsers will warn when they encounter one of these certificates, as they aren't created by a trusted source (you). If you want to use...
Ruby OpenSSL Errors - Missing CA Certs (Who is Justin?)
ruby,windows,ssl,https,openssl
RubyInstaller issue #153 OpenSSL::X509::DEFAULT_CERT_FILE with personal hardcoded path The problem is OpenSSL that has hardcoded values. Search to closed issues and also RubyInstaller group and will see this happens from time to time. OpenSSL needs to be fixed, but no patch to solve this issue has proposed to OpenSSL itself....
Pattern matching in htaccess rewrite condition
apache,.htaccess,mod-rewrite,https
You need to tell the RewriteCond what to match !/go/ against. Change the second line to: RewriteCond %{REQUEST_URI} !/go/ [NC] ...
Configure Apache as reverse proxy and tomcat over https
apache,tomcat,https,reverse-proxy
any issue as in "anything else but additional setup requirements, more performance issues and more things to break"? I can't think of some, but refuse to give a blank "pass" to go with this. You'll have to argue for what you want to achieve. If you can't trust the connection...
Check if request comes over HTTP or HTTPS in socket listener
If I understood correctly, you have a single port where the client may use HTTP or HTTPS to connect and you want to immediately know how the request was made, before any data is transferred. There is no way of knowing this before you receive data from the client. HTTP...
How does DNS server know the IP address of an SSL's URL?
When you enter an URL in your browser the DNS server is asked for the URL's IP first by your system, before even connecting to the server. So SSL is not even in the game at this point. SSL encrypts between the client (e.g. your browser) and the server, but...
Is there a command-line alternative to SOAP-UI for linux, for sending SOAP to HTTPS Service?
java,linux,web-services,soap,https
Found a guide for this here, which does load tests. For normal functional tests, the official documentation is here. A sample command for functional tests goes like: sh /opt/app/home/SOAP-UI/SoapUI-5.0.0/bin/testrunner.sh -a -s"Test_Suite2" -r -f/opt/app/home/SOAP-UI/test-project/reports/ /opt/app/home/SOAP-UI/test-project/test-soapui-project.xml ...
Certificate chain valid in Chrome, not Firefox or Android
google-chrome,firefox,ssl,https,certificate
This is typically the case when the server does not send all necessary intermediate certificates. Chrome on Desktop will go and fetch them. Firefox will use any intermediate certificates cached from previous connections to other sites but will not fetch missing certificates, thus some Firefox instances might work while others...
How to set up a meteor server on https connection?
Deploy the app using Meteor Up which have built in SSL support. Or use common web server like Nginx or Apache, setup SSL and reverse proxy back to meteor app. Example: Nginx configuration server { listen 80; server_name www.example.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl ;...
Not able to access Server-Sent-Events over Mobile 3g Network
nginx,https,proxy,server-sent-events
I suspect the mobile network is forcing use of an HTTP proxy that tries to buffer files before forwarding them to the browser. Buffering will make SSE messages wait in the buffer. With SSE there are a few tricks to work around such proxies: Close the connection on the server...
Loading Deezer Javascript SDK over https times out
In the docs, it is written that the url for https should be https://cdns-files.deezer.com/js/min/dz.js Note the s at the end of cdns. You can check this information here. Hope it helps....
Redirect domain.com/folder with www to non-www and at the same time http to https
.htaccess,redirect,https,subfolder,no-www
Inside /webapp/.htaccess use this rule: RewriteEngine On RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteRule ^ https://domain.com/%{REQUEST_URI} [R=301,L,NE] ...
How To Improve Security For Simple File Download From A Web Server?
Yes, that is insecure. You should insist on using TLS. For this they need to install a certificate from a Certification Authority to verify that they own the domain OurFlavorOfTheirSite.com. This will enable the URL to use HTTPS which means communication is encrypted, and authenticated (i.e. another website cannot spoof...
HTTPS request in twisted that checks the certificate
python,ssl,https,twisted,twisted.web
I'm using Twisted 15.1.0. Actually, the default init function of Agent will pass in BrowserLikePolicyForHTTPS as contextFactory and have the ablility to verify server certificate. Simply using this: agent = Agent( reactor ) will produce the following error: failure: [Failure instance: Traceback (failure with no frames): <class 'twisted.web._newclient.ResponseNeverReceived'>: [<twisted.python.failure.Failure <class...
Error in android application: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
Indeed, the problem was that my Android SDK does not support SNI . It helped me:
Tomcat SSL Cert Renewal Issue (SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
Oh my god I feel a fool, I thought when creating the keystore when it asks for a password for tomcat it wanted my tomcat manager password, nope just keep it the same as your keystore. Also, gdroot-g2.crt is the correct crt needed for the root alias, you can get...
Web Service Client - Construction Failing Due To Timeout (Proxy Issue)
java,web-services,soap,https,proxy
I was able to get this to work by adding the following code before the server instantiation: System.setProperty("proxyHost", "myproxy.com"); System.setProperty("proxyPort", "8080"); Strangely this worked when I tested it by setting the VM options -DproxyHost and -DproxyPort so then searched for how to set it programmatically....
https site not working on php upgrade
All the httpd configurations have been overwritten.Had to recopy the configurations and restart the service and everything was fine.
First authentification in order to get token
1 - it is not true that passwords don't have to be encrypted on HTTPS. The best approach would be your server encrypting the plain password just received and then try to authenticate the user, generating a token. This token should only last during this connection. 2 - yes, post...
Unable to Resolve PKIX Path Building Failed
https,certificate,mobilefirst,mobilefirst-adapters
The instructions you've followed are incorrect when using MobileFirst Platform. Follow the steps described in this user documentation topic (for Worklight 6.2, but valid for MFPF 6.3 and above as well). Do not export the certificate from a browser because this action adds browser metadata and other artifacts which shouldn't...
Wordpress: Changed HTTP to HTTPS, now security certificate error
After several hours of trying to fix this problem, I found a great youtube video. "Fix WordPress Site URL: General Settings Change, Cant Login" I will say how to fix this though in case anyone ever does what I did. You login to you CPanel>Databases>phpMyAdmin. Go to the database for...
2 way SSL authentication not working using Apache httpclient: JAVA
java,apache,ssl,https,apache-httpclient-4.x
By default HttpClient does not take system properties into account Try replacing CloseableHttpClient httpclient = HttpClients.createDefault(); with CloseableHttpClient httpclient = HttpClients.createSystem(); ...
Does an HTTP tunnel take place on the same socket than CONNECT?
When a client connects to an HTTP proxy, CONNECT is used to have the proxy establish a persistent TCP connection with the target TCP server. Then the proxy blindly passes data as-is back and forth between the two TCP connections until either the client or server disconnects, then the proxy...
How to change a connection to Github from SSH to HTTPS?
git,github,ssh,https,git-remote
Assuming your remote is called origin, run git remote set-url origin https://... git remote set-url --push origin https://... You can view the configured remotes with git remote -v, which should now show your updated URLs. See the documentation for git-remote for more details....
Why use HTTPS for Azure Blob Storage
security,azure,ssl,https,azure-storage-blobs
With HTTPS the secure connection is done at the TCP layer before any HTTP traffic is transmitted. Only the host name and port number are submitted unsecured (since they are used to establish the TCP connection) and then once the secure connection is established then the remaining HTTP content (the...
What is the best and current way to move to HTTPS on a large website?
SPDY is definitely dying, now that HTTP/2 is an official specification. Firefox and Chrome already support HTTP/2, and servers start to deploy it instead of SPDY - Google, Twitter, etc. Internet Explorer support will arrive soon with IE 11. HTTP/2 is definitely gaining momentum, and the future will be on...
Apache blocking (not simply rewriting or redirecting) standard http request
The problem was as I suspected in my comment above. Because there was an explicit VirtualHost being defined for port 80 only, any thing that made it though the redirect filter (which had previously been filtering everything) was then falling on deaf ears because there was not a host set...
Camel http4 download file using Basic authentication over Https
https,apache-camel,basic-authentication
You cannot start from http4 as the exception tells you, you need a timer or something to trigger the route from("timer:foo?period=5000") .to("http4://ebc.cybersource.com/ebc/DownloadReport/xxx.csv?authMethod=Basic&authUsername=scott&authPassword=tiger") .to("file:target/messages/download"); In this example the timer triggers every 5th second....
IBM MobileFirst adapter call ssl error
ssl,https,mobilefirst,mobilefirst-server
You did not configure SSL between the adapter and the backend. The keystore that you should be looking at is defined in the worklight.properties file of the project (by default located like this: workspace\CustomLoginModule\server\conf). Make sure to follow the instructions provided here: https://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.installconfig.doc/admin/t_configuring_SSL_WL_adapters_backend_servers_certificates.html...
Get client's IP address from an HTTPS hosted website using jquery
javascript,jquery,https,ip-address
Check out http://www.freegeoip.net/ They provide a service where you can look up the geolocation of an IP, If no IP or hostname is provided, then your own IP is looked up. Jquery : $.get('freegeoip.net/{format}/').success(function(response) { //code to retrieve ip var ip = response.ip; }); Note: Supported formats are: csv, xml,...
set the OpenSSL_HOME variable
amazon-web-services,https,path,openssl,command-prompt
My openSSL is installed in c:\OpenSSL, so would I write set OpenSSL_HOME=C:\ OpenSSL? Yes, but without the space after C:\: set OpenSSL_HOME=C:\OpenSSL Do I enter such command in Command Prompt? You can. Do note, however, that with this approach, you would be modifying the OpenSSL_HOME environment variable for that...
How to make a website work only with https [duplicate]
Sure, assuming you are using IIS to host your site, open IIS Manager and select your web site and then binding on the right: make sure you only have a binding for https not for http. This way IIS will only send https traffic to that web site. Edit: What...
Clojure: wrap-ssl-redirect on heroku?
Long live lib-noir and its wrap-force-ssl fn. I just needed to change it a bit to fit my needs (I have a SSL cert. for one subdomain even if my clojure app handles more then one domain) Here's my fn: (defn wrap-force-ssl "Almost like in lib-noir. If the request's scheme...
Jquery load https url
A mixed content error happens when: you try to load secure content SSL(https) on a page served insecurely (http) served Or the opposite you try to load insecure content (http) on a page served securely SSL(https) served Your error message is warning that your calling page has been loaded in...
How to log in to an HTTPS website with Jsoup?
The signing in is handled by ajax. I'm using chrome, so this is what I did. Try to login via the form from a browser. Press F12 and then press Console. You will see something like this XHR finished loading: POST "https://www.tickld.com/ajax/login.php". . When you make the POST request, you...
.htaccess - rewrite with https and trailing / in one step has unintended conseqences
apache,.htaccess,mod-rewrite,redirect,https
The following worked. I separated into 2 cases - one where the trailing slash was absent and needed to be rewritten in, and on where it was present and so an extra slash was unwanted. RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTP_HOST} ^markfisher.photo$ [OR] RewriteCond %{HTTP_HOST} ^www.markfisher.photo$ RewriteCond %{REQUEST_URI} !^/$...
Error on Downloading .msi File from my Website
c#,asp.net,.net,https,windows-installer
Check this out Getting around Chrome's Malicious File Warning https://productforums.google.com/forum/#!topic/chrome/r-9JQIboUmc. Multiple options specified. Try one of them. This will surely help you....
Get image with curl via https
I have solved it by installing curl ssl /scripts/easyapache option 7 on the menu select PHP scroll down and select CURL with SSL exit save Everything is working now...
Getting images from https with Java
There are two problems. You can use your browser to access the site, and see the errors. The server certificate is self-signed, not trusted by Java. you can add it to the trust store. The server certificate does not match the host name "ns6.host.md", and you need a HostnameVerifier that...
Chrome under Windows 7 and 8 cannot connect to embedded Jetty 9.2.x over HTTPS
google-chrome,https,operating-system,restlet,embedded-jetty
It has been identified that the originally used certificate was at fault. More specifically, its Common Name contained a value, which was not recognised as a suitable domain name. Generating a new certificate, signed with a self-established CA, but providing a suitable (albeit not registered) domain name in property Common...
Consume Web service over ssl using XFire
java,ssl,https,webservice-client,xfire
Managed to solve my own problem. This is how I did it. XFire use Apache Http client internally so setting Security certifect detail on this Api will do the job. We will use no-yet-common-ssl.jar for this purpose. First we will create org.apache.commons.ssl.TrustMaterial using commons and then set it in HttpSecureProtocol...
Is this a secure connection?
The "text/html" part of the argument is the content-type, it has nothing to do with the transport protocol http or https. However, what you are doing is simply displaying the results of the POST in a new window, you are not performing a new request to the server. So, you...
Client certificate authentication
authentication,ssl,https,ssl-certificate,x509
I've to break down your question into two parts. Part one: Let's say a hacker X sends a CA issued certified to the server as part of handshake. Then server would automatically trust it and grant access. If X aquires the client certificate of an authentic client then that's ok....
How can I send this XML request to my server and have it send to and get a response from another server
Try this... First, save the packet. <cfsavecontent variable="theXMLPacket"> <cspinput appID="asdfasdf" appPassword="asdf1234" > <account userid="johndoe" action="authenticate"> <password>mypasswd1234</password> </account> </cspinput> </cfsavecontent> Then we use cfhttp to post it to the processing server. <cfhttp method="post" url="https://someurl.com/endpoint" result="xmlResult"> <cfhttpparam type="xml" value="#XMLParse(theXMLPacket)#" /> </cfhttp> Then process the...
Mixed Content Page: requested an insecure stylesheet error
javascript,php,css,.htaccess,https
Here's your problem: RewriteCond %{SERVER_PORT} ^443$ RewriteRule (.*) http://www.example.com/$1 You don't allow SSL requests (443 port number is used for HTTPS requests). Try removing these lines....
How to configure SSL / HTTPS on Spring?
Problem seems to be the specified encryption algorithm. I was generating the key using keytool, with -keyalg AES. Changed it to use RSA with -keyalg RSA and it works now.
squid ssl-bump 3.5.4: error - Error negotiating SSL connection on FD 10: Success (0)
https,proxy,ssl-certificate,squid,man-in-the-middle
Response got on Squid mailing lists: http://squid-web-proxy-cache.1019090.n4.nabble.com/Error-negotiating-SSL-connection-on-FD-12-Success-td4671090.html Summary: use http_port for handling the requests from browsers, which have proxy information directly specified. Use https_port with ssl-bump and corresponding tag "intercept" or "tproxy" to use in transparent mode....
Wildcard SSL - Which to chose and what is the key differences?
ssl,https,certificate,ssl-certificate
The main things to consider when purchasing a wildcard certificate are: If you want the certificate to support the domain itself (e.g., domain.com) in addition to subdomains (*.domain.com), then make sure that the wildcard vendor you choose supports Subject Alternative Name extension. Before you buy, make sure you know who...
Getting SSLHandshakeException in java
java,eclipse,ssl,https,digital-certificate
If importing to keystore not resolving your issue.. as i was not able to resolve it. Then add following line of code. It worked for me. System.setProperty( "javax.net.ssl.keyStore", "D:\\G2B.p12" ); // The path to the .p12 file System.setProperty( "javax.net.ssl.keyStorePassword", "****" ); // The password of the p12 file System.setProperty( "javax.net.ssl.keyStoreType",...
SSL certificate is not installing
You did not generate the certificate request via IIS Manager. Thus, you should not use IIS to complete the request. Instead, you need to use OpenSSL to generate a PFX file, create a pfx file from a .cer and a .pem file Then you can import it to IIS....
https for main domain and http for subdomain
.htaccess,http,mod-rewrite,redirect,https
You can use: RewriteEngine On # maindomain -> https RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.com)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [R,L] # subdomain -> http RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} ^(?:www\.)?(sub\.website\.com)$ [NC] RewriteRule ^ http://%1%{REQUEST_URI} [R,L] ...
PHP Fat-Free-Framework plus Node.js and Secure Websockets
php,node.js,https,websocket,fat-free-framework
Well, actually your question is how to enable CORS support on node.js?! A short google search gives you a hand full for resources for doing this in express.js. Once you send the right CORS headers in your node application, your browser will not shout for exceptions anymore. Nevertheless, if you...
Redirecting http to https
apache,.htaccess,redirect,ssl,https
You can use this in your .htaccess file. Just replace example.com with your domain and all bases should be covered. IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. [NC,OR] RewriteCond %{HTTPS} !^on RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] </IfModule> ...
Check if URL is HTTPS or HTTP protocol?
I think this works, at least it seems to be working, what do you guys think? I place this if statement just before the httpsYes = True and httpYes = True. It seems that when the HTTPS protocol is selected it wants to redirect using response code 302, but for...
Neo4J force HTTPS
No, I don't think there's a native neo4j way of doing this. And there are so many other methods, that it would probably be best not to get neo4j involved in that layer of an application's architecture. I think the best practice is to use something like an HTTPS reverse...
Java client certificates and keystores
java,ssl,https,ssl-certificate
My understanding is that if you have to store a certificate with an alias matching the target domain name (in our case i.domain.io or r.domain.io) so java can provide the associated certificate as a client certificate when you are attempting a SSL connection to that domain e.g. https://r.domain.io That's...
Load images from “HTTPS” type of url and display in UIImageview
ios,objective-c,https,uiimageview,xcode6
Issue resolved by modifying some parameters into the framework for webservice calling created by me. All those changes were as per the server which I was calling to. Thanks...
wget ssl alert handshake failure
It works from here with same OpenSSL version, but a newer version of wget (1.15). Looking at the Changelog there is the following significant change regarding your problem: 1.14: Add support for TLS Server Name Indication. Note that this site does not require SNI. But www.coursera.org requires it. And if...
Send http form post attributes via https
As EdgeCaseBerg stated above, the biggest thing would be if you had explicit links that have the "http://" in them, which you would need to change to "https://". You should be using relative links, and the browser will automatically form the right paths and query the server securely to fetch...
How to connect to a Tor bridge from node.js?
A Tor-Bridge is used for people who are not able to connect to the normal Tor-Network because their ISP is blocking the publicly known Tor-Servers. If the first connection is done through a Bridge you wont have problems afterwards because usually these Bridges are not known to everyone so they...
Downloading website over HTTPS fails
If you look at the SSLLabs report for this domain you will see two possible certification path: The first (shorter) one ends expects that the "COMODO RSA Certification Authority" is trusted by the client. Although this CA is valid since 2010 it got only recently (about half year) ago included...
Does case matter in HSTS header Strict-Transport-Security?
The HTTP specification RFC 7230 section 3.2 says header names are case-insensitive. So you can send them as lower case if you like. However it is traditional to send them using the specification documents casing. If only to make life easier for people troubleshooting the traffic....
Encryption of message in client and server communication
php,encryption,https,client-server
There is little sense in applying two encryption layers on top of each other. If you use https that should be a) secure and b) sufficient, except for very special cases. Apart from that: there is no reliable way to implement a secure encryption between a web client and server...
How do I accept a self-signed SSL certificate using iOS 7's NSURLSession
ios,swift,ssl,https,self-signed
Both connection:canAuthenticateAgainstProtectionSpace: and connection:didReceiveAuthenticationChallenge: are deprecated in iOS 8 anyway so you should use other methods. What I am using in my projects is a delegate method of NSURLSessionDelegate. Adhere to that protocol then add this method: func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential!) -> Void) {...
How to set up SSL (TLS) / HTTPS on Spring Boot using AES-256?
Got it. Solved it. Key algorithms have little to do with the cipher you want to use (AES 256, in my case). Got it to work with a regular RSA, PKCS12 key. Then, set the next properties in application.properties: server.ssl.ciphers=ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA server.ssl.protocol=TLS ...
Require https with Spring Security behind a reverse proxy
java,https,spring-security,reverse-proxy
If your site is HTTPS and you're running Apache Tomcat behind another system that's handling TLS termination, you can tell Tomcat to "pretend" that it's handling the TLS termination. This makes request.isSecure() return true; To do so, you need to add secure="true" to your Connector config in server.xml. https://tomcat.apache.org/tomcat-7.0-doc/config/http.html See...