FAQ Database Discussion Community


Nginx HTTPS issue to redirect from www to non-www

ruby-on-rails,ssl,nginx
I need to configure nginx for one of my rails application to route some pages through SSL but facing problem with configuration. I've a SSL certificate where common name is example.com and my site is routing to example.com from www.example.com Here is my nginx.conf: upstream unicorn { server unix:/tmp/unicorn.sock fail_timeout=0;...

How to integrate SSL certificates to the cacerts file in /jre/security folder?

java,linux,ssl,ssl-certificate,keytool
Recently our server got upgraded to SHA-256 based SSL certificate. And from then we are facing javax.naming.CommunicationException . In order to resolve this issue i need to add/append a set of Certificate Chain into CACERTS file under the path /usr/lib/jvm/jre/lib/security of our server. I found this link of SO which...

Self-signed Certificate and Client Keystore for SSL Authentication

java,ssl,certificate,keystore,keytool
I need to create and install a self-signed certificate on the server (an XML hardware appliance) to do SSL authentication of a Java client/application which, through its interface configuration, can set keystores, i.e. .jks. I only need this setup for testing purposes and not production, for obvious reasons. Here's how...

Getting SSLHandshakeException in java

java,eclipse,ssl,https,digital-certificate
I ma getting SSL Hand Shake error in eclipse while calling https restful web service from simple java stub but, can access this URL from browser after importing Client Digital Certificate to browser which was shared by service provider. Hiding End point URL for security purpose. Please help me, i...

Get SSLContext for default system truststore in Java(JSEE)

java,security,ssl,default
I've been using custom keystore in my program by specifying javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword. My truststore contains self-signed certificates. Now I want to make some https request(say to https://google.com) and use default jre system trusstore that contains information about different CAs. To make http requests I use OkHttp library. Its...

Problems connecting via HTTPS/SSL through own Java client

java,ssl,https,sslhandshakeexception
I'm trying to establish a connection to trackobot.com to receive some JSON data. The server only allows connections through HTTPS/SSL. Here is the code: java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2"); URL url = new URL("https://trackobot.com/profile/history.json?username=USER&token=TOCKEN"); InputStream is = url.openStream(); JsonParser parser = Json.createParser(is); openSteam throws javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure I read through several...

Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?

android,ssl,okhttp,pkcs#12
I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files). Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far...

Java does not accept 2 methods with same name

java,sockets,ssl
I need to run the code shown below (obtained from:Which Cipher Suites to enable for SSL Socket?). The problem is that the code contains several methods named: createSocket with different argument types. The eclipse shows me error saying: I read that Java can have multiple methods with same name as...

Issue with understanding keystore and ssl

java,android,ssl,encryption
These are the facts: I have a client(android)-server(java - Ubuntu 14.04)-program with which I transmit my gps-data from my smartphone every 5 minutes to the server saving it into a mysql-database. My problem is that I do not want to transmit my GPS data plain. So I want to use...

mod_rewrite to force ssl in apache24

apache,mod-rewrite,ssl
I am running Apache24 on a FreeBSD 10.1 server. I want to control access to some parts of the website using a mysql database. As authentication is performed using AuthType Basic, I want to force SSL to avoid receiving password in clear text. The following configuration seams to work, but...

Do I need an SSL certificate when using Paypal IPN on my site?

wordpress,ssl
The user enters their name/ address & billing information while on the paypal site. I only ask them to tell me if they are a vegetarian on my site, before directing them to paypal to pay. Once they have paid, the site displays that they have paid in the admin...

Meteor force-ssl on a staging system without ssl cert?

ssl,meteor
Whenever I want to test my Meteor webpage on the staging server I have to uninstall the force-ssl package, since my staging server has no ssl cert. This sucks. Force-ssl is disabled on localhost. How can I disable it on my staging system?...

How to load SSL Certficate in Java

java,ssl
I am creating a Java program to get information from a server but I have to perform a ssl handshake with the server from the Java program. I have myfilercert.cer file certificate for authentication purpose but I have no idea how I can load that certificate in java so that...

zsh: no matches found: requests[security]

python,security,python-2.7,ssl,python-requests
I am trying to run a python urllib2 script and getting this error: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. After googling the error the solution, on stack overflow...

GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"

angularjs,http,ssl,https,flask
Mixed Content: The page at 'https://www.example.com/dashboard' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.example.com/inventory/10/'. This request has been blocked; the content must be served over HTTPS. We have this Angular web app that runs with Flask on the back-end. Everything was working fine until we implemented...

X.509 versus Whte Listing Authentication

security,ssl,amazon-web-services,https,x509
My company is transitioning to cloud based application servers. Key applications will continue to run in-house but selected new applications will run on cloud based application servers. Many of the in-house application servers provide REST endpoints to client applications. Right now the company uses white listing for client authentication. This...

Openshift trustwave intermediate ssl cert issue

ssl,https,ssl-certificate,openshift
So I have got an application on openshift and I am trying to enable SSL on there. I already have an SSL cert from my previous host which is with Trustwave and seemed to work fine. So I have setup an alias for my-domain.com and have put a CNAME redirect...

Downloading website over HTTPS fails

java,ssl,https,certificate
Here is the example that doesn't work: public class Temp { public static void main(String[] args) throws Exception { new URL("https://float.software").openConnection().getInputStream(); } } Going to https://float.software/ in my browser works just fine. But java throws this exception: Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to...

MaxCDN - shared ssl - invalid certificate?

ssl,resources,certificate
one problem is really bugging me. I have a webshop with global customer scope, so I am using the known service "maxcdn.com" with a "pull-zone" to share my images, scripts and similar resources via maxcdn. Maxcdn gives me a subdomain with that I can access my resources and if I...

How to disable common name check in SSLContext in java?

java,ssl,jersey,jax-rs,ssl-certificate
I am using SSLContext so set up Jersey client, and need to disable the common name check in order to avoid unnecessary issues. However, I can find no documentation as to how we can do it correctly. So is the common name check disabled by default in SSLContext (assuming using...

Firefox and SSL pages - takes very long on certain sites [closed]

firefox,ssl,browser,ssl-certificate
I use openSUSE 13.1 and Firefox 38.0.1. On some pages with ssl it takes minutes until the connection is established. It only happens on sites whose ssl certificate is not trusted by firefox, so that it asks you if you really want to enter the site. But even this security...

NPM Error: self signed certificate in certificate chain

ssl,npm,tsd
I am following the Angular 2 quick start guide and I'm stuck right at the beginning of it. My company is filtering our network connections and modifying SSL negociation. In a man in the middle style they assign a self signed certificate as the CA of the destination's certificate. Therefore...

Same system, same code, different behaviors: The request was aborted: Could not create SSL/TLS secure channel

c#,wcf,ssl,windows-services,windows-applications
There are many questions about "The request was aborted: Could not create SSL/TLS secure channel." error message and it seems very few of them were answered. I couldn't find any answer about my case, also my problem is little bit different. I have a Windows Service. It sends data to...

“tlsv1 alert internal error” during handshake

php,ssl,openssl
I have a PHP script that checks URLs availability (basically, the script should return true for a given URL when the URL could be opened in browser and vice versa). There is an URL I stumbled upon: https://thepiratebay.gd/. This URL could be correctly opened in browser, but fsockopen() just fails...

Connecting via mutual SSL fails reading incoming changeCipherSpec

ssl,ssl-certificate,jscript,chilkat,mutual-authentication
We need to make connect to a server using mutual SSL but for some reason we're getting the following error when trying to make a request: [...] readIncomingTls_changeCipherSpec2: processTlsRecord: processAlert: TlsAlert: level: fatal descrip: handshake failure --TlsAlert --processAlert --processTlsRecord --readIncomingTls_changeCipherSpec2 Failed to read incoming handshake messages. (3) Client handshake failed....

Configure Apache web server to perform SSL authentication

linux,apache,security,ssl,xampp
I'm trying to perform SSL authentication in apache web server, using XAMPP in Linux. After I configure httpd.conf like this, Apache server is failing to start. Can some one help me to fix this ? What is wrong with my configuration ? Alias /bitnami/ "/opt/lampp/apache2/htdocs/" Alias /bitnami "/opt/lampp/apache2/htdocs" <Directory "/opt/lampp/apache2/htdocs">...

SSLV3_ALERT_HANDSHAKE_FAILURE with SNI using Tornado 4.2 in Python 2.9.10

python,python-2.7,ssl,tornado,sni
I have an issue setting the SNI flag correctly using ssl.SSLContext in Python 2.7.10, the handshake fails every time and I can't figure out why. Here is how I tried to do it: import ssl import socket if ssl.HAS_SNI: print "SNI is available" print(ssl.OPENSSL_VERSION) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.load_cert_chain('cacrt.pem', 'cakey.pem', 'password')...

How do you unblock the 993 port if your firewall settings is blocking it?

php,email,ssl
I am trying to retrieve my emails from Gmail using php. for writing the host name, this is my code: $hostname = '{imap.gmail.com:993/imap/ssl}INBOX'; I am getting this error: Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl}INBOX in /home1/mtc/public_html/mtcerp/emailparser/email.php on line 10 Cannot connect to Gmail: Can not authenticate to IMAP server: [CLOSED]...

Wildcard SSL on several servers - seems OK when tested but red in Chrome

ssl,apache2.4
I'm trying to install a Wildcard SSL by Comodo on my servers - AWS amazon Linux with Apache2.4. 'www.mydomain.com' is working 'almost' correctly - it has an exclamation mark - seems that this is because it is calling media from the 'media.mydomain.com' - in which the HTTPS in chrome are...

How to configure wildfly to use https with ClientBuilder in resteasy?

java,ssl,jax-rs,resteasy,wildfly
This is the first time every I got the requirement to connect to https url. Within no time, I came to know that I need SSLContext to be passed. I also came to know that I need to configure in standalone.xml to get it done. Any pointers towards the solution/link,...

Client certificate authentication

authentication,ssl,https,ssl-certificate,x509
I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...

Azure Web Test - Could not create SSL/TLS secure channel when using CloudFlare SSL

azure,ssl,cloudflare
I have an Azure Website and have a continuous web test setup. The web test runs successfully for an entire hour, but then fails at the same time each hour (minute 3 to be exact) with the following exception: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel....

Copied ssl cert to a test site, how do I remove it?

http,ssl,drupal,https,softlayer
I copied my site to a new virtual server with Softlayer but when I did the the security cert came to. now every time I try to log to my new development site it give warnings saying that the site has taken its cert from another source. I am using...

How can i get Certificate issuer information in python?

python,ssl,certificate
I want the 'issued to' information from certificate in python. I try to use the SSL and SSLSocket library but did not happen. ...

Starting a tls communication with python asyncio

python,ssl
I have some python code snippet that uses asyncio and initiates a "plain" connection: loop = asyncio.get_event_loop() coro = loop.create_connection(lambda: MyCustomClassProtocol(loop), sock=client_socket) loop.run_until_complete(coro) The point is my plain connection switches to a tls one once some exchanges have happened. In the traditional way one would do this: ssl_sock = ssl.wrap_socket(client_socket,...

SSL/TLS: Why will the server be the only one to be able to decrypt the encrypted number if it's a public key?

ssl,encryption
Wouldn't anyone else be able to decrypt it too using the public key? Or is it saying that it will be decrypted with a private key. If that's the case how could something be encrypted with one key and decrypted with another? This is in reference to this wikipedia article....

How to make a website work only with https [duplicate]

asp.net,ssl,https
This question already has an answer here: How to force HTTPS using a web.config file 3 answers How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https? For example let me say http://www.mywebsite.com,...

Use python to access a site with PKI security

python,python-2.7,ssl,urllib2,pki
I have a site that has PKI security enabled. Each client used either a card reader to load their certificate, or the certificate is installed in the IE certificate storage on their box. So my question are: How can I use either the card reader certificate or the certificate stored...

How SignedXml.CheckSignature verify the certificate

windows,ssl,certificate
Here I have a question about the principle of SignedXml.CheckSignature. As we know, if we call the function with verifySignatureOnly = false, it can verify the certificate. [ComVisibleAttribute(false)] public bool CheckSignature( X509Certificate2 certificate, bool verifySignatureOnly ) But how can it verify? According to my understanding, certificate should be a public...

Wildfly mysql with SSL

mysql,ssl,wildfly
I have a web app using a mysql database as its data store. It is currently running in Glassfish and talking to that mysql database with SSL. I am thinking about migrating to Wildfly but I can't seem to create a Wildfly datasource that will talk to the mysql database...

How to use the Comodo certificate in Web2py?

ssl,web2py
When using web2py, it asks a single ssl certificate file. But what I got from Comodo are two files, one .crt file and one .ca-bundle file. I tried with using only provide the .crt file when setting up web2py, in the beginning it works. But when I go to my...

Is Nginx + Node.js + Socket.io + SSL possible?

node.js,ssl,nginx,socket.io
I'm trying to run a socket.io chat app with nginx as proxy. It works fine when I connect to the server via http+port, but it doesn't work with https. I see user connected/disconnected events pass through, but no emit reach client or server. Here's my server .conf (nginx/1.4.6 Ubuntu) upstream...

How does DNS server know the IP address of an SSL's URL?

ssl,https,dns
The SSL/TLS (https) protocol encrypts both of the web page url and its content. So I'm wondering how could the DNS server know the ip address of the requested url if it is encrypted? Any documented reference or idea?

ssl certificate with and without www

apache,ssl
I have a website that installed a ssl certificate for the name of www.example.com. It works fine for https://www.example.com. But it doesn't work for https://example.com. The browser gave me Error code: ssl_error_bad_cert_domain. I am using Apache 2. I tried to rewrite the url to add www in httpd-ssl.conf, see the...

Subject Alternative Name not present in certificate

ssl,openssl,ssl-certificate
I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

Java 8 , JCE Unlimited Strength Policy and SSL Handshake over TLS

java,ssl,jvm,centos,java-8
With Java 8, server which only supports TLSv1, it fails to make secure socket connection from cent OS Version java version "1.8.0_45" Java(TM) SE Runtime Environment (build 1.8.0_45-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode) Source import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader;...

wget ssl alert handshake failure

ssl,https,wget
I am trying to download files from an https site and keep getting the following error: OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Unable to establish SSL connection. From reading blogs online I gather I have to provide the server cert and the client cert. I have found steps on how...

https post request using httpClient and cert.em

java,ssl,https,httpclient,ca
I have a piece of code that sends a payload to a https endpoint(or should). I also have a CA chain in .pem format and this how in code I try and add that use it to do the POST. HttpClient client = new HttpClient(); Gson gson = new GsonBuilder().setPrettyPrinting().create();...

ArgumentError - unknown SSL method `TLSv1_2'

ssl,amazon-s3,carrierwave,fog
I am trying to move my AWS integration over TLS instead of SSLv3, but I'm receiving an error when trying to set the config.fog_credentials as another SO post has suggested, but I am receiving the ArgumentError above (unknown SSL method 'TLSv1_2'. I am open to a different solution to move...

How to add a SSL certificate after running Web2py 'one step production deployment'

python,linux,ssl,web2py
I have set up a web2py environment on a linux server using the 'one step production deployment' descriped in the web2py document. Now I can go to my website by typing my domain name into a web browser, except now it is untrusted by the browser. Then I got a...

Websocket SSL connection

javascript,node.js,ssl,websocket
I am trying to test a secure websocket but I'm having trouble. Here is my test: var WebSocket = require('ws'); describe('testing Web Socket', function() { it('should do stuff', function(done) { var ws = new WebSocket('wss://localhost:15449/', { protocolVersion: 8, origin: 'https://localhost:15449' }); ws.on('open', function() { console.log('open!!!'); done(); }); console.log(ws); }); });...

Particular URL redirect to http if request come from particular host

apache,http,mod-rewrite,ssl,url-rewriting
Web server is apache, ssl configured, listening on 443, All http requests will be redirected to https using rewrite rule Issues is all url's are serving through https, but we want to connect to the web server through http if the request is coming for particular url from particular host,...

Get RMI socket in RMI function?

java,ssl,rmi
I have a custom RMIClientSocketFactory which override "createSocket" to create a special socket. How can i get hold of this socket in my rmi remote interface implementation? (the one that extends UnicastRemoteObject and implements interface that extends Remote) I know that this isn't standard, but i wish to get the...

Nodejs https request UNABLE_TO_GET_ISSUER_CERT_LOCALLY

node.js,ssl,https
OS: debian sid Nodejs: v0.10.38 I have a request to a private service that use authentication: var https = require('https'); var options = { host: 'private.service.com', path: '/accounts/' + '123323' + '/orders', method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': 0, 'Authorization': 'Bearer ' + 'asdsdgcvxcvxcv' } }; var request =...

Ruby on Windows XP: How to change directory of SSL certificates

ruby,ssl,directory,certificate
I installed Ruby 2.0.0 on Windows XP, and run this script: # testSSL.rb require 'open-uri' open('https://www.google.com') I get a "certificate verify failed" error on http.rb line 921. Testing further, it seems that Ruby looks for the SSL certificates files here: C:/Users/Justin/Projects/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1l/ssl How can I tell Ruby to look for these...

.htaccess not redirecting web site to https

.htaccess,ssl,centos
I am running Apache/2.2.15 on Centos 6.6 and am using a free certificate from StartCom. My home page file is /var/www/index.php so I create a file /var/www/.htaccess with the following content, as suggested here. RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to...

CFNetwork SSLHandshake failed iOS 9 Beta 1

ios,ssl,nsurlconnection
has anyone with the iOS 9 beta 1 had this issue? I use standard NSURLConnection to connect to a webservice and as soon as a call is made to the webservice i get the below error. This is currently working in iOS 8.3 Possible beta bug? any ideas or thoughts...

Redirecting http to https

apache,.htaccess,redirect,ssl,https
I'd like to redirect all of my http traffic to https, currently in my htaccess file I have the following redirecting my http traffic: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] </IfModule> This redirects all of my non-www to www. What is the best way to...

First authentification in order to get token

php,android,ssl,https,token
I am writing mobile client for online store. I have written REST API for accessing data on the server. Now I need to authentificate the user. I have read a lot about this,and came to the simple solution. Firstly, when user run application first time, he must enter exactly password...

Server Authentication in Swift 2.0 & XCode 7 broken

ios,swift,ssl,swift2
I just updated my code to Swift 2.0 to work with Xcode 7. My App performs NSURLAuthenticationMethodServerTrust and NSURLAuthenticationMethodClientCertificate authentication. The problem is NSURLAuthenticationMethodServerTrust authentication stopped working on my simulator - but still works on my test device with iOS 8.3. Besides my old project which is not Swift 2.0,...

serving GAE applications over http

java,google-app-engine,ssl
I have implemented an application on GAE which can be accessible through https://<my_app_id>.appspot.com. Now I have a custom domain registered with Register.com. As described in GAE documentation I have mapped my custom domain to https://<my_app_id>.appspot.com and I see my application getting served from my custom domain. But I see requests...

python requests SSLError

python,ssl,python-requests
While trying to use the SnapWrap library I've come across this error: File "/usr/local/lib/python2.7/dist-packages/requests-2.7.0-py2.7.egg/requests/adapters.py", line 431, in send raise SSLError(e, request=request) requests.exceptions.SSLError: hostname 'android.clients.google.com' doesn't match either of '*.google.com', '*.android.com', '*.appengine.google.com', '*.cloud.google.com', '*.google-analytics.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp', '*.google.co.uk', '*.google.com.ar', '*.google.com.au',...

Call to SOAP WebService using client certificate in objective c

objective-c,web-services,ssl,soap,client-certificates
I'm a very Junior objective C developer and I'm trying to call to a SOAP web service which needs a client side certificate. I've made the SOAP call, but server returns I need the certificate. I've got a .p12 file (the certificate) and I've saved it on my keychain so...

HTTP to HTTPS mapping using proxy servers

apache,ssl,https,proxy,squid
I have a java application which is trying to call a HTTPS endpoint which is setup in my internal network. Also this request go through a corporate proxy. Having said that, I don't want to implement a HTTPS client at my application level. Instead I will just trigger a plain...

Rails, DNSimple, Heroku and SSL - do I need a certificate?

ruby-on-rails,ssl,heroku,dnsimple
So I'm currently deploying my app via Heroku. I noticed that in my-app-name.herokuapp.com has HTTPS, so if I do config.force_ssl = true in my environments/production.rb it seems like I have wildcare SSL, right? Now I'm using DNSimple to get my actual name - call it my-app-name.com. Which currently resolves to...

SSL Handshake in Java Servlet (HttpsURLConnection)

java,servlets,ssl
I have a java web application that requires a servlet to open a connection with a url that returns some data in the form of JSON back to the servlet for processing. Traditionally this was done using an HttpURLConnection and everything worked as planned. Now, we have added as self-signed...

SSL certificate is not installing

iis,ssl,https
I'm facing an issue in installing SSL certificate in IIS and below are the step before I got the certificate from my CA. Generated a private key file using OpenSSL with: "openssl genrsa -out key_name.key 2048" command. Generated .csr file with: "openssl req -out CSR.csr -key key_name.key -new -sha256" command....

Using the AWS SDK during a chef run errors but running it outside of chef works

ruby,ssl,amazon-ec2,chef,aws-sdk
I have a helper library that AWS-SDK to pull information so it can return a list of names like so: def get_load_balancer_names self.elb_client.describe_load_balancers[:load_balancer_descriptions].map { |elb| elb[:load_balancer_name] } end when this code is run during the chef run I get this error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate...

Strange security errors in Firefox on Windows 7

security,firefox,ssl,ssl-certificate
I've got a client who is reporting very strange security errors I've not seen before on Windows 7 using this link The page won't load any of the assets with the error: "this site makes use of a SHA-1 certificate, it's recommended you use security certificates with algorithms stronger than...

SecKeyRawVerify verifies on mac but fails with -9809 on iOS

ios,osx,ssl,cryptography,commoncrypto
I need to digitally sign on mac some data and then verify it on iOS. So I generated RSA keypair and certificate for public key in DER format with open ssl (tried generation with SecKeyGeneratePair but then it is harder to import Public key to iOS and SecKeyRawVerify still doesn't...

Perl, LWP “certificate verify failed” with paypal.com

perl,ssl,paypal,lwp,lwp-useragent
Not 100% sure this is a Perl issue, but it seems to be. I have an IPN script that connects with PayPal to verify transactions. It was working fine until yesterday, when I installed LWP::Protocol::https. Since then, it's been failing with the error: Can't connect to www.paypal.com:443 (certificate verify failed)...

SSL operation failed with code 1: dh key too small

php,codeigniter,ssl,mysqli,openssl
I am connecting to my database Google Cloud SQL via SSL. I use codeigniter 3.0 to do so, although the mysqli driver is a bit modified to allow this functionality. It's been working well for months. However it just started to return this warning: Message: mysqli::real_connect(): SSL operation failed with...

Create OpenSSL certificates signed by myself

c++,ssl,boost,openssl,ssl-certificate
I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work. The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can...

Another nginx reverse proxy issue

ssl,nginx,reverse-proxy
I'm putting together an nginx reverse proxy. Here is a working nginx conf file snippet: upstream my_upstream_server { server 10.20.30.40:12345; } server { server_name ssl-enabled.example.com; listen 443 ssl; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://my_upstream_server/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP...

Expected Compatibility Issues with upcoming TLS/SSL Cipher Suite update on Azure WebApps?

ssl,azure-web-sites
A little while ago we received an email from the Azure Team regarding an upcoming TLS/SSL cipher suit update, kicking in after July 18th with the following instruction: You can check whether the clients that access your web apps will still function correctly by testing them against https://testsslclient.trafficmanager.net/. Your client...

Cassandra SSL with own Certificate Authority

java,ssl,cassandra
I want to setup my own CA for use with a cassandra cluster so that I do not have to copy all of the certificates around every time I add a new node. I have read a few tutorials for Cassandra and SSL but they all work with copying certificates...

How do I accept a self-signed SSL certificate using iOS 7's NSURLSession

ios,swift,ssl,https,self-signed
I have the following code (swift implementation): func connection(connection: NSURLConnection, canAuthenticateAgainstProtectionSpace protectionSpace: NSURLProtectionSpace) -> Bool { return protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust } func connection(connection: NSURLConnection, didReceiveAuthenticationChallenge challenge: NSURLAuthenticationChallenge) { if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust { if challenge.protectionSpace.host == "myDomain" { let...

Java - Standalone SSL Web Service - JAX-WS, JRE, no web server

java,ssl,web,jks,wsgen
I've developed a simple Web Service using wsgen and it works fine under http (non-SSL). I now need to get it working under https (SSL). I followed the code located here. So the SSL process runs right now...I'm running as a Java Application from within Eclipse. However, when I try...

How to set up a meteor server on https connection?

ssl,meteor,https
I have a local meteor server running on port 3000.Then I want add the SSL Certificate to my project.I have generate the SSL files, what should I do the next?

Wildcard SSL - Which to chose and what is the key differences?

ssl,https,certificate,ssl-certificate
I have been left in confusion for quite some time in deciding which CA should i approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer....

Failing mutual auth on Android w/ javax.net.ssl.SSLHandshakeException: Handshake failed

java,android,ssl,openssl,mutual-authentication
I am trying to get a mutual authentication request to work on android. I am testing against my own server so I have a self signed CA and client certificate. So I will have to allow for untrusted server cert. Here is what I am doing: KeyStore clientCertificate = KeyStore.getInstance("PKCS12");...

Did google change/update related to vm ssl connections to Cloud SQL?

sql,ssl,cloud
Google Cloud SQL down? At 1am ET my VM connection to Cloud SQL over SSL decided to stop connecting and will not allow a connection. Did google make changes/updates? Has been working fine for months, no changes, then all of a sudden this morning at 1am ET BAM! Won't connect...

Problems generating a self-signed 1024-bit X509Certificate2 using the RSA AES provider

c#,.net,ssl,encryption,x509certificate2
I am trying to generate an X509Certificate2 object using the Microsoft AES Cryptographic Provider: CALG_AES_256 (0x00006610) 256 bit AES. This algorithm is supported by the Microsoft AES Cryptographic Provider. My problem is that my call to CryptGenKey(providerContext, 0x6610, 0x4000001, out cryptKey) fails with the following error: An unhandled exception of...

How can I edit the list of cipher suite in Java using Bouncy Castle

java,ssl,cryptography,bouncycastle
The following code lists the supported cipher suites by Java SE 8: import java.io.IOException; import java.net.UnknownHostException; import java.util.Arrays; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; public class ListCiphers { public static void main(String[] args) throws UnknownHostException, IOException { SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); String[] cipherSuites = factory.getSupportedCipherSuites(); System.out.println(Arrays.toString(cipherSuites)); } //end main...

Spring Boot SSL Client

spring,rest,ssl,spring-boot,ssl-certificate
I am new to Spring Boot. So far I am enjoying it. I have developed a demo SSL rest web server that correctly handles mutual X.509 certificate authentication. Using an IE browser with self signed client & server certificates, I have tested that the demo rest web server is working...

Meteor mupx ssl configuration is not working, still routing to port 80

javascript,ssl,meteor,docker
Heres my mup.json: // Configure environment "env": { "PORT": 3000, "ROOT_URL": "https://www.exomatch.com" }, //SSL "ssl": { "certificate": "ssl/ssl.crt", // this is a bundle of certificates "key": "ssl/private.key", // this is the private key of the certificate "port": 443 // 443 is the default value and it's the standard HTTPS port...

SMTP ports - SSL vs non-SSL

security,ssl,phpmailer
I was told today by a support rep at SMTP.com that regardless of whether we connect via SSL or non-SSL, the data is secure as if it is going via SSL. I'm no genius, but I'm also not a complete idiot. And I have a strong feeling that this guy...

Getting SSL related error against my request to Ejabberd

android,sockets,ssl,erlang,ejabberd
Following is the code snippet where i open a socket to write APNS notifications on: get_socket()-> %%Options Options = [{certfile, ?Cert}, {keyfile, ?Key}, {mode, binary}], %%ssl connection ssl:connect(?Address, ?Port, Options, infinity) . close_socket(Socket)-> ssl:close(Socket). I am getting the following crash in my ejabberd.log file 2015-06-05 12:33:17.112 [error] <0.3134.0> gen_fsm <0.3134.0>...

Nginx redirect http subdomains to https

ubuntu,redirect,ssl,nginx,rewrite
I have one domain with 3 subdomains: - example.com (main domain) - api.example.com - blog.example.com - support.example.com (just a cname to point to zendesk) And I have this 3 configuration on my Nginx: api # HTTP server server { listen 80; server_name api.example.com; return 301 https://api.example.com$request_uri; } # HTTPS server...

HibernateException: Could not instantiate dialect class when using HTTPS for GWT

hibernate,ssl,gwt
I don't know if this really has something to do with the fact that I let the server use SSL but this is the only change I made. Here are the two argument lists: without SSL: -superDevMode -remoteUI "${gwt_remote_ui_server_port}:${unique_id}" -startupUrl index.html -logLevel INFO -codeServerPort 9997 -port 8888 -server com.google.appengine.tools.development.gwt.AppEngineLauncher -war...

SSL Implementation using java keytool

java,tomcat,ssl
I got my keystore file of jks type using keytool commands. now i need to get a self signed certificate to test at development. I am unable to understand how to generate certificate i tried by using keytool commands but i am getting exceptions like "illegal option, file not found"...

Roundcube - Nginx does not redirect to .php file automatically

php,ssl,nginx,roundcube
EDITED! I set up a mail server on Debian 7 with Nginx, Postfix, Postfixadmin, Dovecot and Roundcube. I tried to create an alias to use the SSL certificate of my domain example.org (of course, the domain here is an example) for the webmail. When accessing the following URL https://example.org/support/webmail/ -...

Tomcat SSL Cert Renewal Issue (SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)

java,apache,tomcat,ssl,https
Attemping to renew a certificate that expired earlier this month and I can't seem to get it to work. Apache Tomcat 7.0.34 Centos Java 1.7.0_65 (Root Cert) I've tried Both gdroot-g2_cross.crt (Java Root) And gdroot-g2.crt seperately and neither worked (intermed Cert) gdig2.crt (tomcat Cert) The one I was given by...

MAC OS X Pebble SDK 3.0 error building: Compilation error InverterLayer

python,ssl,pebble-watch,pebble-sdk,pebble-js
A few months ago I was running pebble SDK 3.0 on my mac and it worked perfectly, I ran my apps with the basalt emulator. Recently I cleaned(wiped) my mac because it was running slow. Today I was going to run my apps again but I obviously didn't have the...

How can we improve SSL handshake to increase the security?

security,ssl,encryption,server,cl
During SSL handshake, the server send the client its(server's) public key and then client creates a session key and encrypt it with the server's public key and send it to the server. The server then decrypt the message with its private key and retrive the session key. The further communication...

How to create a private certificate for connecting to a website

apache,ssl,privatekey,digital-certificate,self-signed
My apologies if this is a duplicate, I may just not be using the correct terminology in my queries to find what I am looking for. I have a vendor that sent me a certificate to install in my browser so that we can access their website. We cannot get...

Java client certificates and keystores

java,ssl,https,ssl-certificate
we are trying to build a MUTUAL/2WAY authentication mechanism. Because we hit two different hosts, we have the same client certificate stored in the client keystore container under two different aliases (please note the same fingerprint): [email protected]:/opt/golem# keytool -list -keystore ./client.keystore -storepass ________ Keystore type: JKS Keystore provider: SUN Your...

Is it possible to use PROTOCOL_TLSv1_2 in python 3.2.5?

python,python-3.x,ssl
I have the following code: def connect(module, action, input={}): data = {'module': module, 'action': action, 'input': json.dumps(input), 'token': token, 'request_id': 1} headers = {'Cookie': 'TNS_SESSIONID=' + cookie} url = server + '/request.php' try: request = urllib.request.Request(url, urllib.parse.urlencode(data), headers) context=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) response = urllib.request.urlopen(request, context) content = json.loads(response.read()) return content['response'] except Exception...

Authenticate with login.microsoftonline.com through PHP cURL (SSL connect error)

php,ssl,curl,dynamics-crm-2015
I am trying to extract data from a Micorosft Dynamics CRM 2015 with PHP. From various sources i learned that i had to start with an authentication with login.microsoftonline.com. I am sending an XML request using cURL that results in a SSL connect error. The XML request: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"...

Enabling SSL on an AWS EC2 instance

apache,ssl,amazon-web-services,amazon-ec2
On an EC2 instance that services multiple domains via Virtual Hosts, I have set up a Load Balancer that forwards HTTPS traffic from port :443 to :8443 for one of the domains, in part following this example: http://elwoodicious.com/2009/12/23/using-elb-to-serve-multiple-domains-over-ssl-on-ec2-for-giggles/ My working httpd.conf Virtual Hosts look like this: NameVirtualHost *:80 <VirtualHost *:80>...