Questions tagged as ['ssl']
My website will change url, I'm trying to apply a redirect (old-name.example.com to new-name.example.com), but I'm getting the following error:
nginx: [warn] conflicting server name "old-name.example.com" on 0.0.0.0:443, ignored nginx.
Here is my nginx config file on /etc/nginx/sites-enabled/myconf.conf:
server {
server_name old-name.example.com;
locatio ...
I have two servers A and B that host websites that work fine in a browser with https. The lock icon in the browsers show active and trusted SSL certificates.
I'm trying to run curl so that server A can talk to server B, but am running into an error.
- Server A -
$ curl https://dev.partsvu.com
CAfile: /etc/pki/tls/certs/ca-bundle.crt
curl: (60) Peer's Certificate issuer is not recognized.
I've done some ...
Thanks for reading :)
This is a super difficult issue and would like to receive any ideas or suggestions to figure out this issue.
Problem: The application on a user logging in initiates ~20 api requests in parallel. The first request will do the SSL handshake and then around the 10th to 13th request, I see two requests initiate the SSL handshake at the same time with each handshake getting stuck and t ...
I recently upgraded a DOCKER container running NGINX to use the NGINX repo at nginx.org instead of the Debian distro version, and for security purposes we are making some adjustments to the server config regarding SSL/TLS, etc. When I scan one of the server domains with a Qualsys ? scan it actually gets an A, but fails for some of the older browsers. Looking at the Log file, I am actually seeing error ...
I want to make a dynamic SSL HTTPS server in node.js without using SNICallback, maybe using open SSL?
My ssl certificate has expired and I generated a new one with the same private key. After I uploaded my new certificate on the server, chrome and other browsers still view the old one. Deleted cache and everything, tried in an incognito window, restarted the express js server. Could it be because I used the same private key?
I am configuring rsyslog to forward over TCP/TLS. I was curious why, unlike HTTPS, I had to add the certificate to my client, so I went against the README and commented out the cert config, leaving me with this:
# global(DefaultNetstreamDriverCAFile="/etc/ssl/cert.pem")
ruleset(name="fluentd") {
action(
type="omfwd"
target="<my domain>"
...
I have an Ubuntu 22.04 install and it is using OpenSSL 3. When I put my site on the server, I get this error:
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000126:SSL routines::unexpected eof while reading
Searching for answers just tells me there's a bug with PHP 8.1 and OpenSSL3 on a Laravel app. So, how is anybody hosing PHP apps on Ubuntu 22.04?
Excpectations / Target
- We have a domain as (say) example.com bought on Google Domains and a PC running with windows 10 Pro
- We intend to make this PC a server for hosting 2 of our web-apps app1 and app2 Currently we do not own a static IP address so lets refer the public address as: 192.0.2.0
- Web-applications app1 and app2 are running on tomcat in separate app-bases and port 8081 & 8082
- We wan ...
I want to disable some risky cipher suites (especially for TLS 1.1 and 1.0) which are 128-bit, in order to achieve a more secure server in Windows. But these cipher suites may be used by some client. They probably use a 256 bit version of some cipher suite. I just want to be sure this won't cause a problem.
I want to disable some weak cipher suites in Windows but TLS 1.2 is not so vulnerable and I don't want to cause any other problem in the server, so I just want to disable them for TLS 1.0 and 1.1.
Disable-TlsCipherSuite command works but disables a cipher suite for all TLS versions.
I have a subdomain, let's say it's abc.def.com. Currently, I set up this subdomain with the SSL cert. on the IIS server, we can call this server is server-A. Under server-A I have more than one app running for each path. For example, app-A running on abc.def.com/app-A, app-B running on abc.def.com/app-B.
I have another IIS server (we can call it server-B), and I would like to use the same domain as
When Nginx is configured to verify server's TLS chain like this:
proxy_ssl_trusted_certificate some.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 3;
and testing using a curl command, will both curl and Nginx perform server TLS chain verification?
(note: I intentionally wrote "httpz" instead of "https" because I got an error message when trying to post the question)
I have a web server (docker container) running on 8080. I want people going to httpz://mydomain.com to access it. I changed the port configuration for the container (docker compose) to map 443 to 8080, and that works. But I would rather route traffic going to my server from port 443 t ...
I am using this openssl OpenSSL 1.0.2k-fips 26 Jan 2017 command to convert cer to pem:
openssl x509 -inform der -in fullchain.cer -out fullchain.pem
but shows error:
unable to load certificate
140025671485328:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140025671485328:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=X509
Currently I'm trying to install a Cloudflare SSL certificate on my Ubuntu server that uses Nginx. I am following this guide on how to do so, but once I successfully install the certificate as per the instructions, my host seems to stop working and Cloudflare shows an Error 522 when visiting my domain.
My Nginx Configuration:
ubuntu:/etc/nginx/sites-available$ cat ascend.so
server {
listen 80; ...
I have an absolute requirement of extending the validity of my SSL certificate. I have an SSL certificate pinned in the SDK which cannot be updated in time. This will lead to a huge business loss. Any way, any hack that will help me circumvent this.
PS: I know expiry date intrinsic to SSL and that's how its supposed to work. But I am desperate right now.
I have read that
Load balancers/reverse proxies usually have 2 operation modes.
In the first one, the requests from the clients are forward to one of the backends as is if they come directly from the source. Is this case the LB only redirects the request and the backend answers back directly to the client.
On the second mode, the LB answers the request and then creates a new one to the backend with ...
I have an haproxy server doing SSL termination for traffic from the internet and a domain name GitLab.private pointing to it(orange path in the picture).
The problem I'm facing is when I want to access https://gitlab.private from another backend server I'm getting an error because GitLab.private is expecting HTTP from within the backend(green path in the picture).
I thought perhaps there is a way I can u ...
I have an issue with joining my worker nodes into the three masters configured. It's worth noting I know very little about the networking side of this (I'd rather it was explained like I am five, so that I can be sure I don't miss anything.)
I've been following the guide located at: https://dockerlabs.collabnix.com/kubernetes/beginners/Install-and-configure-a-multi-master-Kubernetes-cluster-with- ...
Can i have two types of certificates installed on the server at the same time?
I need a wildcard SSL to protect a single domain and all its all subs. I need a UCC/SAN SSL to protect multiple other domains.
My assumption is i can buy one of each, install both and use the standard wildcard as the main SSL and SNI for the other sites?
Server 2016 datacenter IIS10
After a PC reconfiguration I am unable to use Docker properly, since some curl commands are rejected due to SSL/TLS issues.
In just one example curl -vfsSL https://apt.releases.hashicorp.com/gpg returns the following error:
* Trying 52.222.214.125:443...
* TCP_NODELAY set
* Connected to apt.releases.hashicorp.com (52.222.214.125) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* succe ...Can someone please explain how exactly proxy_ssl_verify_depth property works in the ngx_http_proxy_module?
The definition is rather short - Sets the verification depth in the proxied HTTPS server certificates chain.
I have several questions regarding the mtls configuration in NGINX:
When configuring with ngx_http_proxy_module, to verify upstream certificate, does upstream's TLS chain have to be stored in a cert which is used in proxy_ssl_trusted_certificate property? or just the Root CA certificate? or intermediary and root?
The server's TLS chain looks approximately like this:
0 - A cert for a company's domain, i ...
I have 2 exchange servers run for one email service, and I need to renew the SSL certificate. Do I need to issue 2 SSL, or one is enough? If one is enough how can I replicate it between them?
Does anyone use own certificate chains for Kubernetes clusters?
There's an issue with such kind of setup, and I would be grateful for any ideas on how to solve it.
Let's assume we have a Root CA which certificate is self-signed. Also we have an Intermediate CA which certificate is signed by the Root CA. We make a certification chain (by concatenating both PEM containers in one file) and set up Kuber ...
I want my Nginx's SSL on the default website only support TLSv1.1 to achieve the effect of the browser's "unsupported encryption protocol" preventing others from directly access my source IP, but if I set the default website's configuration file only supports TLSv1.1, other sites will also not support TLSv1.2 and TLSv1.3, which confuses me, any ideas?
So I currently have apache with a proxy pass which redirects all requests to an express api running using the http node module, I also have a letsencrypt ssl certificate installed and all is working fine on this part. However, When I try to open a secure websocket connection it errors. I have only the bare minimum experience as far as apache configuration and ssl configuration goes so please bare with me ...
I want to host a website and run a microservices project on my own server.
The website will be run with the Nginx web server. The domain of the website will look like that sampleapp.com and this website will use freessl.
One of the services of the Microservice project will be run with Nginx web server as a service in a docker container. This service uses subdomains of my sampleapp.com such as api-dev ...
I install searx on my server with this instruction: https://searx.github.io/searx/admin/installation-searx.html#installation-basic
I use default setting and change bind_address into my domain name. It works.
Now I have no hint how to configure SSL on my SearX installation.