Questions tagged as ['ssl']

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.
Score: 3
UncleBob avatar
Cannot connect to Amazon RDS with TLSv1.2
in flag

I set up a new machine with Ubuntu 20, and found I wasn't able to connect to my RDS databases anymore.

The spring-boot application that was supposed to connect to the development environment throws the following exception:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

So I dug out mySql workbench and tried with that. That resulted ...

Score: 0
thran avatar
Nginx puts browser into a redirect loop when using multiple server blocks
cn flag

I'm using Nginx to host a number of virtual hosts (or server blocks in Nginx nomenclature). These hosts all share the same domain with each assigned its own subdomain. One subdomain enters an endless redirect loop, obviously undesirable behavior.

NB: I've redacted my domain name and replaced it with <mysite>.

The root domain - www.<mysite>.com receives requests as expected. It also red ...

Score: 0
Typewar avatar
Setting up SSL for custom port in nginx - letsencrypt
in flag

I'm trying to enable SSL on a custom port (not 443), running a webpage. From searching around, I couldn't find much info that helped.

The server has unchangable ports, external: 26143, Internal: 80.

To enter the server (without SSL) you would type example.com:26143, and the system would see this as a connection to port 80.

How would I set up a certificate (lets encrypt) to enable SSL on this port?


Score: 1
Google Cloud Load Balancer + Instance Group + SSL Certificates
in flag

My project consist of a main website where users can register an account. After registering they each get a website (subdomain of my own domain) where they have an e-commerce shop managed by a platform hosted on my main site (the one they registered with) Like this

example1.com -> main website (login, register etc)
example1.com/platform -> management platform
store1.example1.com -> User 1' ...

Score: -1
mfghani avatar
decode/encode openssl sess.pem file
es flag

I'm using openssl sess_id -in sess.pem -noout -text to decode the ssl session parameters in sess.pem file (which i got using sess_out) into human readable text. I wanted to know if there is a way to do the opposite i.e convert the text into sess.pem kind of format. Basically i just want to change a couple of parameters (session-id, master-key etc) inside the sess.pem file but can't seem to find the r ...

Score: 1
Andrea Nobili avatar
ERROR: Site default does not exist! when I perfomr a2dissite default command after SSL certificate generation
mx flag

I am not a system administrator or a network administrator (I have a software developer background). I am finding some difficulties trying to follow this tutorial in order to implement SLL client authentication on an Ubuntu 20.04 version: https://www.makethenmakeinstall.com/2014/05/ssl-client-authentication-step-by-step/

I know that this tutorial is pretty old but it seems to works fine except a sin ...

Score: 1
George G. avatar
Internal website over SSL VPN (F5 Network) session issue
us flag

We have F5 Networks SSL VPN setup and added some internal websites in F5 portal. One website works good, but the other one has session problem.

When I sign in to F5 portal, from there I go to internal website (which F5 redirects) [see the image here]1, then I can sign in into that website with X user, but then when I want to sign in with other user, it stills signs me in with X user not matter what user you write. Eve ...

Score: 2
Adrian avatar
Initial connection (TCP handshake) takes 150 seconds first time with https only, but normal from then onwards - Apache - AWS EC2 - Route 53
in flag

I'm new to web deployment. I have this at this stack at the moment:

  1. Django
  2. Apache
  3. EC2
  4. Route 53
  5. Namecheap

When I access the website through the public IPv4, it is instantaneous.

However, when I access the web page through the domain, it takes 2 minutes and 30 seconds exactly.

This picture shows the waterfall graph

In more detail

I see that there's no problem with the DNS lookup, nor the SSL, so the  ...

Score: 0
Ferenc T avatar
Decrypt error in TLS handshake after ServerKeyExchange
co flag

I have a WEB application deployed to Tomcat server. I connect to it with Chrome browser with HTTPS but I have decrypt error during TLS handshaking on the client side after ServerKeyExchange.

Certificates (3 levels):

Server certificate, signed by...

CA certificate, signed by...

Root certificate (self signed)

I validated certificates with openssl and they seem to be fine (chain.cer contains CA and ro ...

Score: 1
perissf avatar
Curl SSL Certificate: unable to get local issuer certificate
ae flag

when using curl in verbose mode, I get this error: Command:

$ curl -vvI https://www.google.com

Error:

  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (OUT), TLS  ...
Score: 3
daylyroppo3 avatar
SSL converted page is not reachable on the internet
id flag

My web page is hosted on AWS.and it was SSL converted.

I can see the page from my own computer and smartphone in my home Network and Wifi area. But from the outside (ex: access website from a smartphone outside) the page is not reachable.

So I checked the Security group and port NO.

Inbound rules are below.

Inbound rules

According a manual I reffered it seems OK, but if there is something wrong please let me know.

Score: 0
daylyroppo3 avatar
SSL converted web system can not work with third pirty Payment service
id flag

My Web app works with a Payment service called Stripe. Stripe proceeds the payment by webhook.

I do have a Stripe webhook that is successfully caught and processed in Stripe's TEST MODE, on http local host server. http://3.129.28.206/subscriptions/webhook/

When switching to Stripe's LIVE MODE DATA, I need to SSL converted "http" to "https" So I set a Load Balancer and exposed the server over HTTPS by AWS. ...

Score: 2
deathvu avatar
TLS/SSL on http (80) with STARTTLS
ng flag

I'm researching the reason why TLS/SSL is not using over HTTP. Other protocols, such as SMTP, POP3, FTP, etc can be used on SSL ports (SMTPS, POP3S, FTPS) for the first way, and the second way is to use STARTTLS option in the current port with the extension (SMTP example) There is a popular way to use the second way (STARTTLS) on email protocols, but why is http not using STARTTLS? I found RFC TLS wit ...

Score: 1
em_bo avatar
Why do (non-browser) clients sometimes not trust valid, signed certs?
us flag

This is a somewhat canonical question ... I hope that's okay.

In my employ I often troubleshoot situations where a client running on a Linux server (usually a java application) doesn't trust a valid, signed certificate - a cert which is trusted by browsers. Our usual quick fix is to add the cert to the java cacerts trust store, but it nags me why this is needed.

In my understanding there are two pos ...

Score: 0
dm_pop avatar
HAproxy. Configure ssl connection with self-signed certificate between frontend and backend
us flag

I need some help to configure ssl connection with self-signed certificate between Haproxy and Squid. In my case - Haproxy (192.168.10.110) is a frontend and SQUID (192.168.10.149) is a backend. Without self-signed certificate it works perfectly. But I need to establish a secure connection between frontend and backend to prevent attack Man in the middle. So I created a self-signed certificate on backend  ...

Score: 1
Owen avatar
How to enable HTTPS for my marketplace
de flag

I'm building a marketplace platform that enables many merchants to sell to their customers. At the moment I serve stores on my own domain like so https://storeA.mydomain.com or https://storeB.mydomain.com (I'm able to use the subdomain to distinguish which store is to be served). However, I'd like to enable my merchants to use their own domains on my platform whilst being able to secure the site o ...

Score: 0
A. Petrov avatar
Is there exist in a market some usb->ethernet->wifi combo dongle?
cn flag

I have a USB-ended device which I want to connect to Enterprise Wireless network (EAP/TLS via FreeRadius). Is there any device in a market which can act as a WiFi client with EAP/TLS possibility?

Now this device connected to the network via USB-to-Ethernet adapter in a wall-mounted RJ45. Furthermore, is there any combo device in a market which can act as USB-to-Ethernet from one side and in the s ...

Score: 0
Bob5421 avatar
does SSL/TLS STARTLS full encrypt connexion for POP and IMAP
hm flag

I am configuring POP and IMAP accounts in thunderbird mail client.

Here are 2 options:

Security:

  • None
  • SSL/TLS
  • STARTLS

Authentication method:

  • Normal password
  • Encrypted password
  • Kerberos / GSSAPI
  • NTLM
  • OAuth2

I have 2 mails accounts: One POP and the other is an IMAP account.

I want to be sure nobody can listen my password and any mail content by sniffing network.

I have tried "SSL/TLS" and "STARTTLS" ...

Score: 0
200mg avatar
Windows Domain Controller - SSL Cert with Two Hosts In Subj. Alternative Name (SAN)
in flag

My Domain Controllers auto enroll and get a Computerv2 cert that handles server authentication. One of the apps we use requires an SSL cert with a SAN that contains multiple hosts. I know how to create a certificate request that contains multiple hosts in the SAN. I have a couple of questions.

  • Can I just delete the auto enrolled Computerv2 certificate and import the private key for the multi SAN c ...

Score: 1
Thomas avatar
NGINX Ingress on Kubernetes doesn't use HTTPS
in flag

I am setting a Kubernetes cluster on bare metal. I used Kubeadm for the installation. To make my services accessible from outside the cluster, I installed an NGINX Ingress, using the following documentation : NGINX doc

Because I don't want to communicate with my services without TLS security, I configured the certificate thanks to cert-manager : Cert-manager doc.

$kubectl get certificate
NAME     ...
Score: 1
FlyingPenguin avatar
Redirecting Error with google load balancer
mx flag

I'm trying to setup Google Load Balancer and couldn't get it work. It produces either 502 or 302 error.

Wanting to direct www to non-www, http to https.

This is my rewrite rule

    SetEnvIf X-Forwarded-Proto https HTTPS=on
    <VirtualHost _default_:80>
      DocumentRoot "/opt/bitnami/apache/htdocs"
      Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
      <IfModule mod_proxy.c ...
Score: 1
Adding Ciphers to Server 2012 R2
us flag

I need to add the following Ciphers to my server:

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

I found the following article: https://docs.microsoft.com/en-us/windows-server/security/tls/manage-tls

However, it's not too clear to me. The list I get from the "SSL Cipher Suites" field contains 39+ Ciphers and is A LOT longer than the allowed 1023 characters. While in ac ...

Score: 0
SMBClient does not accept domain.example.com@SSL URL format, until it sometimes does for a while - WebDAV redirect not triggering
pk flag

So I have set up an SMB server running over HTTPS, and am trying to connect to it via a URL like \\domain.example.com@SSL\path\to\file.txt

However, Windows fails to connect to it, and the SMBClient logs reveal an object not found error relating to domain.example.com@SSL - clearly it does not like that syntax

So I tried removing it - \\domain.example.com\path\to\file.txt, thinking that when SMB fails, th ...

Score: 2
FlyingPenguin avatar
From AWS to GCP - Is downtime unavoidable during migration?
mx flag

I'm trying to migrate a bitnami wordpress from AWS to GCP. I would like to avoid downtime during the migration. As a new learner, I am not sure how to best handle this.

I have encountered some roadblocks. Typically on Load Balancer and SSL

  1. I would like to use a load balancer on GCP. I prefer Google's managed certificate but the domain's IP is tied to AWS's server. I have to release them from AWS  ...

Score: 2
FlyingPenguin avatar
How can I remove a self signed root certificate?
mx flag

I'm using bitnami wordpress on GCP. I'm new to server networking.

There is this root signed certificate that I can't changed. I have not installed any SSL on the server. I've searched through the bitnami wordpress documentation but can't find any mention about this.

I've tried to delete the certificates I found on the server in the directory and generate a temp SSL but still it shows insecure connec ...

Score: 1
Using stunnel as proxy between SSL versions for SMTP with STARTTLS
in flag

I have a quite old software which doesn't support TLS 1.2. However SMTP Server only supports TLS 1.2.

Now I wanted to use stunnel to connect to SMTP server and and also listening for smtp access. I have already a valid certificate for this server. Before configuring different TLS versions I only wanted to test if this "stunnel proxy" works in general. I use Thunderbird to connect to :587 In [TLS_ ...

Score: 0
Sauron avatar
Installing a PFX with bundle-ca included, do I still have to install the ca-authority in root?
br flag

I have a Windows web server, and usually I install the ca-authority in "LocalMachine\Root" and the intermediary PFX certificate in "LocalMachine\My", everything works well. Now I wonder, if during the PFX certificate generation I include the ca-bundle, can I avoid to install the ca-authority in "LocalMachine\Root" and just install the PFX with included the bundle-ca in "LocalMachine\My"?

Score: 0
Alain avatar
Exchange 2019 ssl certificate invalid
ve flag

I have installed Exchange 2019 for testing purposes. I have purchased a domain name and a certificate. After I installed it, the status shows: invalid. Thank you. enter image description here

Here is the result of certutil -verify

Issuer:
    CN=ZeroSSL RSA Domain Secure Site CA
    O=ZeroSSL
    C=AT
  Name Hash(sha1): 082e3ff9058cfe8a7c18bd13efdf1d1660707a6b
  Name Hash(md5): ab1639dd9160fab0f92496ffe91dc2aa
Subject:
    C ...
Score: 0
Sauron avatar
Do I need to use the bundle-ca when generating a pfx?
br flag

I just bought a "Positive SSL certificate". The crt files and bundle-ca from the issuing company (Sectigo) arrived via email. To generate the pfx I use the "PEM TO PKCS #12" from this site https://decoder.link/converter. Is it necessary that in "Bundle File" I insert the bundle-ca received? The pfx certificate is still generated even without inserting it, so I wonder what is needed and if excludi ...

Score: 0
gelonida avatar
select an haproxy tcp back end depending on source ip
de flag

I have basic haproxy knowledge and know how to handle the selection of tcp backends depending on the SNI server name.

The relevant lines are

    acl is_myhost req.ssl_sni -i my.host.com
    acl is_otherhost req.ssl_sni -i other.host.com


    use_backend mybackend if is_myhost
    use_backend otherbackend if is_otherhost

Now I'd like to change them to something that allows me to chose the back end also  ...