FAQ Database Discussion Community


How to integrate SSL certificates to the cacerts file in /jre/security folder?

java,linux,ssl,ssl-certificate,keytool
Recently our server got upgraded to SHA-256 based SSL certificate. And from then we are facing javax.naming.CommunicationException . In order to resolve this issue i need to add/append a set of Certificate Chain into CACERTS file under the path /usr/lib/jvm/jre/lib/security of our server. I found this link of SO which...

php curl certificate: curlopt_certinfo: where is serial number hiding?

php,curl,ssl-certificate
Curl and the output: can't find the serial number of the certificate. <?php $curl = curl_init('https://www.comodo.com/'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_CERTINFO, true); curl_setopt($curl, CURLOPT_VERBOSE, 1); curl_exec($curl); $info = curl_getinfo($curl); $certs = $info["certinfo"]; ?> <pre><?php echo var_dump($certs) ?></pre> where is the certificate serial number hiding? can't find it...

OpenSSL::SSL::SSLError while making post request with Net::HTTP

ruby,http,openssl,ssl-certificate,net-http
I tried different approaches(from google) to solve this error, but failed. I am unable to resolve this problem. My code looks like this: require 'net/http' require 'uri' require 'json' uri = URI.parse "https://dev.ramble.com/v1/user/login" uri.user = "user1" uri.password = "mypass" connection = Net::HTTP::new uri.host, uri.port connection.use_ssl = true connection.ca_file = "/usr/local/etc/openssl/cert.pem"...

how to fix stream_socket_enable_crypto(): SSL operation failed with code 1

laravel-4,amazon-ec2,ssl-certificate,apache2.4,php-5.6
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Im using Laravel 4.2 PHP 5.6 Apache 2.4 I have GoDaddy SSL installed in Amazon ec2 Linux. SSL working fine when i visit the site with https. The error happened when I call my function :...

Correctly automating the creation of self-signed certificates for development

c#,.net,ssl,ssl-certificate
I'm trying to automate the creation of test environments, and one of the steps is to create self signed certificates to be used on SSL bindings on IIS. It's a WPF application meant to run once to create all websites, applications, windows services, and etcera, based on specified configuration settings....

Do Java SSLSockets require a supplied SSL Certificate?

java,security,networking,ssl,ssl-certificate
In HTTPS technology, an SSL certificate is required for a secure connection. This certificate must be acquired through self-generation, or through a certificate authority (CA). In Java, an SSLSocket to SSLSocket connection promises the same security as an HTTPS connection (No man-in-the-middle, encryption, etc). When connecting two SSLSockets instantiated in...

Ignoring hostname verification in Android SSL Sockets without HttpsUrlConnection

java,android,ssl,ssl-certificate
How do I turn off hostname verification if I can't use the HttpsUrlConnection class? In debug mode (and only in debug mode) I find it convenient to ignore hostname verification, because each team member has virtual servers and debugging against them is a pain in the neck if they need...

Difference between EV sign certificate and regular ones

certificate,ssl-certificate,x509certificate,x509certificate2
My company is deciding which type of certificate to choose: the EV certificate or the regular one. I would like to know the difference between them. I know that the EV ones put some kind of reputation to the application you sign, but I'm not sure about the difference. Two...

Installing binary crt in nginx

apache,nginx,ssl-certificate
I installed some certificates in apache with no worries, but now I've been given a binary crt file to install it in nginx. I am more fond of apache so I tried there before. There is no way I can load it using SSLCertificateFile and SSLCertificateKeyFile. I was guessing the...

Create OpenSSL certificates signed by myself

c++,ssl,boost,openssl,ssl-certificate
I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work. The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can...

Subject Alternative Name not present in certificate

ssl,openssl,ssl-certificate
I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

How do google or facebook know I'm behind a man in the middle proxy?

facebook,security,proxy,ssl-certificate,burp
Whenever I'm behind a man in the middle proxy such as burp, and try to access either google or facebook, I get an alert message telling me that the connection is not reliable and blocks the page from displaying. I'm guessing it has something to do with security certificates. But...

SSL_connect gives error SSL_ERROR_SSL after 0.9.8.y to 0.9.8.zb upgrade

ssl,openssl,ssl-certificate,upgrade
My application works fine when fresh install with openssl 0.9.8.y It works fine when fresh install with openssl 0.9.8.zb But when I upgrade application from openssl 0.9.8.y to openssl 0.9.8.zb, it fails; SSL_connect fails and gives error SSL_ERROR_SSL. Anyone has any idea why this behavior? Anyone faced similar problems?...

How to solve CERT_UNTRUSTED error in nodemailer

node.js,ssl-certificate,nodemailer
I am trying to send an email with nodemailer. I already managed to send it from another host but now I want to send emails from another address. These are the versions of nodemailer I am using (from my package.json): "nodemailer": "1.3.4", "nodemailer-smtp-transport": "1.0.2", This is the information I have...

SSL Certificate Chain differs; how to verify?

ssl,ssl-certificate,libcurl
Short version: I'm seeing an SSL certificate chain that's different based on how I access the https server. What's going on, and how do I verify the certificate under these circumstances? Slightly longer version: I'm trying to use libcurl to verify the certificate of an SSL connection. The server I'm...

Gitblit certificate import

java,git,ssl-certificate,gitblit
I have chosen gitblit for my git web gui since they offer a self-contained version that is supposed to run out of the box. Very well, it did. Now everyone attempting to connect to the server via https gets a certificate error and remote cli operations also require a custom...

Wildcard SSL - Which to chose and what is the key differences?

ssl,https,certificate,ssl-certificate
I have been left in confusion for quite some time in deciding which CA should i approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer....

ACME - Acquire certificate for subdomains with SAN

node.js,security,ssl,certificate,ssl-certificate
I'm interested in the upcoming Automated Certificate Management Environment (ACME). I download the demos & tried it out with my main domain. I still have a question though: Using the regular certification process, I'm able to get a certificate with SAN so I can set it on my server (Node.js)...

How to setup EV Certificate with nodejs server

node.js,ssl,https,ssl-certificate
I've recived from comodo 4 files: AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSAExtendedValidationSecureServerCA.crt mydomain.crt This is my first time setting up an https server. I know that I have to put on options that is passed to https.createServer but don't know which one is the one to each propertie.....

NPM and Sanctioned “Man in the Middle” Activites

node.js,npm,ssl-certificate
My company does the "Man in the Middle" thing so they can see what all employees do even on SSL sites. Yesterday I tried to use Node Package Manager for the first time at work. (I have used it successfully from home before.) So when I tried to run it...

Generating a Certificate for Local HTTP/2 Proxy

firefox,proxy,ssl-certificate,http2,nghttp2
I'm trying to get Firefox nightly to use a secure HTTP/2 proxy, but it's refusing to accept a self-signed certificate. The proxy is composed of nghttp2 as the HTTP/2 front-end and a simple Twisted proxy as the back-end. The Twisted code is from https://wiki.python.org/moin/Twisted-Examples and works on its own as...

Spring Boot SSL Client

spring,rest,ssl,spring-boot,ssl-certificate
I am new to Spring Boot. So far I am enjoying it. I have developed a demo SSL rest web server that correctly handles mutual X.509 certificate authentication. Using an IE browser with self signed client & server certificates, I have tested that the demo rest web server is working...

NoSuchElementException when reading p12 file in java application from system?

java,ssl,ssl-certificate,privatekey
In my spring MVC java application, I have a method: public static PrivateKey getPrivateKey( String password, InputStream privateKeyFileStream) { KeyStore ks; Key key = null; try { ks = KeyStore.getInstance("PKCS12"); ks.load(privateKeyFileStream, password.toCharArray()); Enumeration<String> enumeration = ks.aliases(); // uses the default alias String keyAlias = (String) enumeration.nextElement(); key = ks.getKey(keyAlias, password.toCharArray());...

How to manage application secrets in AWS?

amazon-web-services,ssl-certificate
Say I have a C# application in AWS which needs to use a password. I could embed the password in a handful of ways. I'm looking for the recommended way storing and retrieving application secrets. For example, in Azure, I can upload a certificate and my app can retrieve it...

Openshift trustwave intermediate ssl cert issue

ssl,https,ssl-certificate,openshift
So I have got an application on openshift and I am trying to enable SSL on there. I already have an SSL cert from my previous host which is with Trustwave and seemed to work fine. So I have setup an alias for my-domain.com and have put a CNAME redirect...

Firefox and SSL pages - takes very long on certain sites [closed]

firefox,ssl,browser,ssl-certificate
I use openSUSE 13.1 and Firefox 38.0.1. On some pages with ssl it takes minutes until the connection is established. It only happens on sites whose ssl certificate is not trusted by firefox, so that it asks you if you really want to enter the site. But even this security...

What does “SSLError: [SSL] PEM lib (_ssl.c:2532)” mean using the Python ssl library?

python,python-3.x,ssl,ssl-certificate,python-asyncio
In case someone had a similar issue: This question was based on a great misconception of how SSL works. Though the variables are named poorly, the actual problem was the certs that where being used had expired. Generating new ones fixed the problem. I am trying to use connect to...

Weblogic SSL Handshake failure

ssl,weblogic,ssl-certificate
I'm getting the blow exception while doing WS call . Server : WL 9.2 Java : 1.5 Throws: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://dez221:7054: Destination unreachable; nested exception is: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.; No available router to destination] Then I started the WL...

ColdFusion - CFHTTP cannot connect to secure website with SSL certificate from Cloudflare

coldfusion,ssl-certificate,coldfusion-10,cfhttp
I have this code: <cfhttp url="#qCheckSiteID.url#"> <cfdump var="#cfhttp#" /> Which works fine with any HTTP urls but not for HTTPS. For example it works ok with https://www.google.com but with https://mywebsite.com which has an SSL Certificate under CloudFlare it fails with error: I/O Exception: Name in certificate "ssl2000.cloudflare.com" does not match...

Openfire SSL certificat

ssl,ssl-certificate,keystore,openfire
I have an openfire server on centOS 7 and i want to install my wildcard certificate. After importing certificate to keystore and tested it using keytool -list -v -keystore keystore -alias chat.example.com Everything looks good, i get certificate provider, CN,OU, algorithms etc. In my Web admin panel i set ServerName...

Client certificate authentication

authentication,ssl,https,ssl-certificate,x509
I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...

SslStream, disable session caching

c#,ssl-certificate
The MSDN documentation says The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of ClientCertificates (if there is one), or tries to reuse an...

LDAP Access - javax.naming.CommunicationException: simple bind failed

java,ldap,ssl-certificate,keystore
We are running into issues connecting LDAP server after LDAP SHA-256 Migration .We got the below exception when we ran our application in debug mode : javax.naming.CommunicationException: simple bind failed: xxxamd.xxx.com:636 [Root exception is java.net.SocketException: Socket is closed]​ We tried to add the below .cer files into our application specific...

SSL_ERROR_SSL error:14090086:lib(20):func(144):reason(134) - PHP solution?

php,ssl,openssl,ssl-certificate
I get the error in the title when doing something like this: $zurl = "https://api.zotero.org/something"; require_once 'HTTP/Request2.php'; $r = new HTTP_Request2($zurl); $r->setMethod(HTTP_Request2::METHOD_GET); $r->setHeader("Zotero-API-Version", "3"); $r->setHeader("Authorization", "Bearer ".$apiKey); $response = $r->send(); This article seems to explain it to those who understand. I don't understand, unfortunately. The article says it is (or...

Sitecore ECM: Could not establish trust relationship for the SSL/TLS secure channel

ssl,sitecore,ssl-certificate,sitecore6,sitecore-ecm
I am getting the following error whenever I try to do a Test Connection in Email Campaign Manager. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The following is the error which is recorded in the log ManagedPoolThread #11 11:41:08 INFO Job started:...

SSL certificate error 403.13 in IIS 7.5

internet-explorer,iis-7,ssl-certificate,sha1,http-status-code-403
I'm getting 403.13 in IIS logs, when I'm trying to access my api using the created certificate(sha1). Further I tested the same certificate in other test environment it works treat and I get the the XML from the api without any issue. Certificate pfx is installed in Certificate store and...

Get Certificate Information from Url Android Programatically

android,ios,ssl-certificate,x509certificate
Is it possible to get the certificate information from the Url ? In iOS, it has NSURLAuthenticationChallengewhich gives the information if the url contains https. The same way do we have any way to get the certificate information for the particular url through Code?...

java.lang.RuntimeException: java.lang.IllegalStateException: IIOP1004: Key alias s1as not found in keystore

security,ssl,glassfish,ssl-certificate,glassfish-4.1
I am trying to add a self-signed certificate in GlassFish Server 4.1 for the development purpose only. The server certificate is generated using the following command. "C:\Program Files\Java\jdk1.8.0_25\bin\keytool" -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks The server name localhost was taken in response to the keytool's...

Chef Bootsrapping SSL error for Windows Server 2008 R2

windows,ssl-certificate,chef
I am new to chef and I've been trying to bootstrap Windows Server 2008 R2. I have Chef 12 installed and when i try to bootstrap windows node i get this error. "ERROR: SSL Validation failure connecting to host: 10.XXX.XX.XX returned=1 errno=0 state=sslv3 read server certificate b: certificate verify failed"....

RoboMQ SSL Issue

ssl,ssl-certificate,mq
I'm using RoboMQ to build a MQ to MQ service over SSL. I've got a keystore (key.jks) and I'm setting the following system properties to configure the SSL: javax.net.ssl.keyStore javax.net.ssl.trustStrore javax.net.ssl.keyStorePassword However, our email server requires SSL and setting up SSL in this way in RoboMQ stops it from working...

How to convert a .csr to .crt using openssl?

certificate,ssl-certificate,x509certificate
well i have tried the below openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt but seems to throw an error 140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST Any solutions?...

How to export certificate in PEM format?

ssl,ldap,ssl-certificate,starttls
I have an Ubuntu LDAP server, with STARTTLS using a self-signed certificate (following these instructions). When setting up a CentOS client (following these instructions), the authconfig-tui command asks me for the certificate in PEM format: │ To connect to a LDAP server with TLS │ │ protocol enabled you need...

Code Signing Certificate - Creating a PFX from a godaddy SPC & Key File

openssl,ssl-certificate,code-signing-certificate
Problem: I generated a CRT using openssl; first I made a Key file; then Used the key file to generate a CRT. I put the CRT text into the godaddy window; when they issued the code signing cert, they issued a SPC. My Key and CRT are both TEXT, so...

Connecting via mutual SSL fails reading incoming changeCipherSpec

ssl,ssl-certificate,jscript,chilkat,mutual-authentication
We need to make connect to a server using mutual SSL but for some reason we're getting the following error when trying to make a request: [...] readIncomingTls_changeCipherSpec2: processTlsRecord: processAlert: TlsAlert: level: fatal descrip: handshake failure --TlsAlert --processAlert --processTlsRecord --readIncomingTls_changeCipherSpec2 Failed to read incoming handshake messages. (3) Client handshake failed....

Binding SSL certificate by name using command line

iis-7,ssl-certificate
Trying to automate IIS setup for my website using InnoSetup including setting up the SSL certificate. I've been successful with creating the self-signed SSL cert using SelfSSL, so far everything works ok except that I'm not sure how to automate the last process of binding the SSL cert (created using...

Ajax POST call to ASP.NET MVC controller giving net::ERR_CONNECTION_RESET

ajax,asp.net-mvc,ssl-certificate
I am at my wits end about this problem. I've created an ASP.NET MVC 5 website that I am developing and running locally. I've enabled SSL on the site. I've created a self-signed certificate for the site. When I make an ajax POST call to a MVC controller: $.ajax({ url:...

OpenSSL::X509::Certificate Showing Certificate for Wrong Domain

ruby,osx,sockets,openssl,ssl-certificate
I'm looping through a list of domains to see if a) there is 443 listener and b) collect the ssl cert expiry, signature algorithm, and common name. All of the domains that have a 443 listener report the correct ssl cert (matching up to what Chrome reports), however, there is...

How to install SSL on CloudFront correctly?

ssl,amazon-s3,ssl-certificate,amazon-cloudfront
Hi I've just purchased an SSL for my domain. After contacting with my SSL provision I have 5 files from my provider. my_domain.crt AddTrustExternalCARoot.crt TrustedSecureCertificateAuthority5.crt USERTrustRSAAddTrustCA.rt my_domain.private_key My provider said that I have to install all of them. I used AWS CLI to install with this command. aws iam upload-server-certificate...

BizTalk 2010 Send FTPS - when is client certificate hash “thumbprint” needed?

ftp,ssl-certificate,biztalk,biztalk-2010,ftps
Based on this post, it's very unclear if a certificate is needed or not. The most important quote I got out of that post is this: "I reached out to MS BizTalk support and they asked me not to use the certificate and just use FTP over SSL without certificate....

Google Visualization Charts not displaying in Firefox only

firefox,google-visualization,ssl-certificate
I came across this issue the other day, I have been using the Google Visualization API specifically for a chart. Everything was working in Chrome and IE but when trying to view the page in Firefox the chart would not display. I did receive an error in the Firefox developer...

No subject alternative DNS name matching www.billiving.com found. Why this caused and how to solve?

java,ssl,dns,ssl-certificate,java-security
I have integration test suite for www.billiving.com API. when that API call endpoint should be https://www.billiving.com. my test suite work perfectly on windows. however when it move to ubuntu 14.x it get failed with following exception. [1] so i have written this [2] code to test it beyond the test...

Dynamically disabling/omitting Apache configuration directives (DRY)

apache,apache2,ssl-certificate,dry,vhosts
I am working on a product that runs Apache, and i'm trying to make the configuration more DRY — right now there are many different vhost configs that get loaded in different situations but are 90% identical, and this is very tedious to deal with when a change needs made....

Amazon EC2 Tomcat does not work with my domain-issued SSL certificate

tomcat,ssl,amazon-ec2,dns,ssl-certificate
Ok, here's the scoop. I obtained an SSL Certificate for my domain, let's call it www.mydomain.com from namecheap. My website is hosted on a Tomcat7 webserver, which resides on an Amazon AWS EC2 linux instance with a public IP. I installed my certificate on this EC2 server and configured tomcat...

SSL Handshake with my certificate by NSStream

objective-c,ssl,ssl-certificate,nsstream,sslhandshakeexception
I'm writing a client for iOS to connect to my server by SSL/TLS. I have decided to use NSStream implementation. And now my project has been stopped due to SSL Handshake, I don't know how handle it with streams and can't find any examples of delegates with it. As I...

openSSL how to sign a certificate with SHA256

ssl,openssl,ssl-certificate,sha256
I would like to know how to use the openSSL tools to sign a certificate signing request with sha256 as the message digest. I don't quite understand if the digest is already computed in the request, or if it is computed by the CA. For creating the request, the tool...

How to disable common name check in SSLContext in java?

java,ssl,jersey,jax-rs,ssl-certificate
I am using SSLContext so set up Jersey client, and need to disable the common name check in order to avoid unnecessary issues. However, I can find no documentation as to how we can do it correctly. So is the common name check disabled by default in SSLContext (assuming using...

EV SSL cert for custom domain listed as SAN fails to upload

parse.com,ssl-certificate
I've been attempting to get a certificate uploaded for a Parse custom domain. It is an EV certificate issued by DigiCert, and appears to be valid. The Parse custom domain is listed as a Subject Alternative Name to the main domain and appears in the certs list of SANs, e.g....

What is the difference between a wildcart certificate and a chained certificate for a subdomain?

ssl,subdomain,ssl-certificate,x509certificate
Newbee SSL cert question. Background: I purchased a simple domain validation certificate from Comodo and got 4 certificates which I had to chain manually. The certificate costs 10USD. A wildcart certificate cost more like 100USD. Question: Is it not possible to create a certificate request for any subdomain myself and...

Unable to post twitter status updates with error “no trusted certificate found”

java,ssl,twitter,ssl-certificate,twitter4j
I have a java process that is using Twitter4J to post an update to twitter. I have all the appropriate tokens and keys. When I attempt to post the update I get this error. I have seen that Twitter has updated it's certificates last year and I have added Verisign's...

SSL in Tomcat 8: server & client JKS + client public cer

java,ssl,ssl-certificate,tomcat8,jks
I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned. The issue is, I guess, that I don't really know how to configure Tomcat's Connector... Here you are my current server.xml file (removed...

Error loading rsa private key - MUP to Deploy Meteor App at Digital Ocean w/SSL

ssl,meteor,ssl-certificate,digital-ocean,pem
I have a Meteor app I am deploying to a Digital Ocean Ubuntu server via MUP. It works great without SSL, but I can't figure out the SSL part. I Purchased a Comodo SSL Cert. They sent me 4 .crt files. I can the following command: cat cert1.crt cert2.crt cert3.crt...

How to apply PFX certificate file to SslStream socket listener?

c#,sockets,ssl,ssl-certificate,pfx
I have a multi threaded socket listener. It listens on a port. It receives data from HTTP web sites and sends response according to their request. It works good. Now I want to do same thing with an HTTPS web site. So I changed it to be able to read...

unable to connect to ssl server Received fatal alert: certificate_unknown and ReadDataRecord(SSLSocketImpl

java,sockets,ssl,ssl-certificate,keytool
I have a situation where client A should connect to server B and server B should connect to server C.and connection must be of secure socket. I tried and successfully established connection b/w A to B and B to C individually.But when i tried to establish connection simultaneously to A...

Strange security errors in Firefox on Windows 7

security,firefox,ssl,ssl-certificate
I've got a client who is reporting very strange security errors I've not seen before on Windows 7 using this link The page won't load any of the assets with the error: "this site makes use of a SHA-1 certificate, it's recommended you use security certificates with algorithms stronger than...

Dictionary based bruteforce on a RSA Private Key

security,ssl-certificate,public-key-encryption,dictionary-attack,john-the-ripper
I have an RSA Private key for my SSL certificate. Unfortunately I forgot the passphrase. Here is the header info: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,9A3F1B0DB81DA3C64E5BCA3534544E04 I would like to perform a dictionary attack to try to crack it. Could anyone tell me how to do it? Maybe...

AWS ELB Server certificate trust

amazon-web-services,amazon-ec2,ssl-certificate
Background: I have an IIS application running behind a AWS ELB. The SSL certificate is presented by the server and not the ELB [TCP pass threw]. Question: Does the ELB have to trust the Certificate presented by IIS?...

Fixing javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

java,android,https,ssl-certificate,android-volley
I am developing an android app that has to communicate with server over https with self signed certificate (SSL/TLS1.2). I am also using Volley. I am following this tutorial. Saved the .crt file, created key.bks in raw directory with keytool -importcert -v -trustcacerts -file "cert.crt" -alias IntermediateCA -keystore "key.bks" -provider...

Is possible to use self signed certificate for testing on different machines?

c#,ssl,tcp,ssl-certificate,sslstream
I created self signed certificate for test purposes. I used this post: SSLStream example - how do I get certificates that work? I use code on client like this. AuthenticateAsClient("testName", null, SslProtocols.Default, false); and on server: BeginAuthenticateAsServer(certificate, false, SslProtocols.Default, false, EndAuthenticate, obj); If I start on same machine where certificate...

Android Chrome/Firefox - AJAX request to different subdomain net::ERR_INSECURE_RESPONSE

android,ajax,google-chrome,ssl,ssl-certificate
A login POST request on Android's Chrome or Firefox is giving net::ERR_INSECURE_RESPONSE (unable to read response data). The request is made to another subdomain, and we have a wildcard SSL certificate installed properly. The responding nginx server is updated to the newest version....

php curl with certificate and no key file or passphrase

php,curl,ssl-certificate,libcurl,x509certificate
I'm relatively new to php with curl and wanted to ask a sanity check question. I'm attempting to post an xml file to an https server with a certificate in DER format provided by the server admin. I have also successfully converted the DER file to ascii PEM format and...

Opensips Tls and certificates issues

ssl,ssl-certificate,server,sip,opensips
I am trying to setup the certificate verification in opensips along with the blink sip client. I followed the tutorial: https://github.com/antonraharja/book-opensips-101/blob/master/content/3.2.%20SIP%20TLS%20Secure%20Calling.mediawiki My config look like so: [opensips.cfg] disable_tls = no listen = tls:my_ip:5061 tls_verify_server= 0 tls_verify_client = 1 tls_require_client_certificate = 1 #tls_method = TLSv1 tls_method = SSLv23 tls_certificate = "/usr/local/etc/opensips/tls/server/server-cert.pem"...

squid ssl-bump 3.5.4: error - Error negotiating SSL connection on FD 10: Success (0)

https,proxy,ssl-certificate,squid,man-in-the-middle
I am trying to install squid 3.5.4 (on docker, running debian 8) and run it in ssl-bump mode. Compilation: ./configure --prefix=/opt/squid --srcdir=. --disable-maintainer-mode \ --disable-dependency-tracking --disable-silent-rules --enable-inline\ --disable-arch-native --enable-async-io=8 \ --enable-storeio=ufs,aufs,diskd,rock \ --enable-removal-policies=lru,heap --enable-delay-pools \ --enable-cache-digests --enable-icap-client \ --enable-follow-x-forwarded-for \...

Java client certificates and keystores

java,ssl,https,ssl-certificate
we are trying to build a MUTUAL/2WAY authentication mechanism. Because we hit two different hosts, we have the same client certificate stored in the client keystore container under two different aliases (please note the same fingerprint): [email protected]:/opt/golem# keytool -list -keystore ./client.keystore -storepass ________ Keystore type: JKS Keystore provider: SUN Your...

Extract client X509 certificate from a secured websocket connection

authentication,websocket,ssl-certificate,x509certificate
I would like to create a certificate-based authentication on top of websocket communication. So I created a websocket serverEndpoint, and set up SSL for client authentication with the help of jetty, like this: Server server = new Server(); //Create SSL ContextFactory with appropriate attributes SslContextFactory sslContextFactory = new SslContextFactory(); //Set...

How to check if SSL bundle and domain certificates are made from existing private key

php,ssl,ssl-certificate
If I have pkey, csr (generated from pkey), bundle certificate and domain certificate files. How can I validate if both certificates are made for pkey? Also is that the right way to validate ssl certificates. Any suggestions? I would like to avoid using openssl cli tool and use php openssl...