Questions tagged [ssl]
17871 questions
1
votes
1
answer
3.8k
Views
SSL Handshake exception - RESTEASY004655
I am trying to figure out why am having this type of exception all over the log file!!!!
Looking on some internet posts, apparently they talk about network interruption !!!
javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
at org.jboss.resteasy.client.jaxrs.engines.ApacheHttp...
1
votes
3
answer
1.7k
Views
Unable to `openssl verify' letsencrypt certificate
I gererate a certificate with Letsencrypt using the Certbot container:
$ mkdir /home/$USER/letsencrypt
$ docker run -it --rm -p 80:80 -p 443:443 -v /home/$USER/letsencrypt:/etc/letsencrypt certbot/certbot certonly --standalone --email [email protected] --agree-tos -d example.com
I navigate to the gen...
1
votes
0
answer
6
Views
How to redirect HTTP traffic to HTTPS while using Virtual Hosting in Tomcat
I need to configure my Tomcat 9 server to redirect http to https traffic.
I have tried:
Using a connector for the http port and having a redirectPort attribute pointing to the secure connector.
Including a security-constraint link at the bottom of the web.xml, which works for other Tomcat servers t...
0
votes
0
answer
4
Views
IoT hub certificate validation
We have the following certificate chain:
RootCA -> IntermProduction -> [leaf certificates]
RootCA -> IntermTest -> [leaf test certificates]
Does it make a difference if I:
a) Upload to IoT hub RootCA
b) Upload to IoT hub both
IntermProduction and IntermTest (without RootCA)
Will there be any differ...
1
votes
0
answer
17
Views
How can I read certificate to verify signature with openssl?
I have generated a private key and corresponding certificate with openssl on linux, with these commands:
openssl req -x509 -newkey rsa:1024 -keyout key.pem -out certificate.pem -days 730 -nodes
This has generated to me two files: key.pem and certificate.pem
Using key.pem, with C++ (PEM_read_PrivateK...
0
votes
1
answer
15
Views
Is SSL appropriate for sending secure contents?
I am using mailR to send emails through R. This is my code
send.mail(from = [from],
to = [to],
subject = 'msg',
body = 'contents',
html = FALSE,
inline = FALSE,
authenticate = TRUE,
smtp = list(host.name = 'smtp.gmail.com',
port = 465,
user.name = [username],
passwd = [password],
ssl = TRUE),...
1
votes
1
answer
1.2k
Views
You are not an authorized owner of the domain for this certificate (Google App Engine)
For the past 3 years I have been doing the following to generate my SSL certificates for Google App Engine.
Convert certificate to PEM format
openssl x509 -in domain.crt -out domain.pem -outform PEM
Convert Private CSR Key to PEM format
openssl rsa -in private.key -out private.pem
For some reason I...
1
votes
2
answer
1.1k
Views
Charles Proxy for Mobile apps that use SSL Pinning
Charles Proxy website comments that:
Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successf...
1
votes
3
answer
900
Views
Kafka SSL handshake failed issue
I am trying to enable SSL Authentication on my Kafka server. I am following 7.2 section in below documentation(link).
http://kafka.apache.org/documentation.html#security_ssl
Followed all steps, but while calling the producer.bat file to send data in to the topic i get below error.
ERROR [Producer cl...
1
votes
1
answer
74
Views
TIdSSLIOHandlerSocketOpenSSL and TLS protocol
I have a Windows desktop application developed in XE2 that pulls data from a remote server in JSON format. I use Indy 10 to manage this.
The application was working fine until I received an email from the server provider people:
'...the only protocol for securing the communication will be TLS 1.2. O...
0
votes
0
answer
5
Views
Can't authenticate to Identity server SSL handshake error
Background. I need to get my site to authenticate through IdentityServer (IDS). 'example.com'
I'm building all of my sites with DotNetCore
Hosting them on a proxy server using apache let's call the private ip 12.3.4.5.
How they should work. I go to site example.com I should be able to talk to ids.e...
1
votes
2
answer
45
Views
Java can not load “BEGIN TRUSTED CERTIFICATE” format certificate
I have a CA certificate which is generate by openssl with 'trustout', so the it begins with '-----BEGIN TRUSTED CERTIFICATE-----', when I tried to read it with Java, exception throws.
Does Java supports this format of certificate? If so, how to read it?
public class TestReadCerts {
public static voi...
1
votes
1
answer
41
Views
Jetty - ipaccess per connector?
Let's say I am enabling the ipaccess module on jetty:
jetty-ipaccess.xml
127.0.0.1
192.168.1.168
false
Then I enable it with jetty/home/start.jar --add-to-start=ipaccess
But I want this filter to only apply to the http connector. I do not want it to apply to my https connector.
How do I configur...
0
votes
0
answer
3
Views
Get TLS-Unique from SSL stream and process HTTP
After long investigation I still didn't find way to get TLS-unique value (https://tools.ietf.org/html/rfc5929) from SSL connection stream using WCF (whole communication using HTTPS protocol though).
We are not strictly tied to WCF, so I know there is a TcpListener that allows that via SslStream cla...
4
votes
1
answer
64
Views
Java Applet “ClassNotFoundException” on Firefox 52.4.1 - works on IE
We need to run an old web application which using Java 8 Applet (sick), on Firefox 52.4.1 (last version compatible with Java Applet) and Internet Explorer 11.
The applet is based on Java 8 and distributed by an Apache Tomcat server.
It is signed and obfuscated (Proguard).
The user connect to the web...
1
votes
1
answer
314
Views
Google Cloud Storage Client API fails in Certificate validation if we pass javax ssl params
I have successfully builded and ran a code snippet to upload the document to google cloud storage using the Java API. While integration of Google Sql to our project we have introduced the keystore and truststore params. After the introduction of the store params the upload document API's are failing...
1
votes
1
answer
227
Views
Returning an image from a Django view using django-sslserver
I'm trying to return an image from a Django 1.11 view while using django-sslserver and Pillow. Here's a minimal view I made for testing.
def get_image(request):
img = Image.open('oh_noes_cat.png', mode='r')
response = HttpResponse(content_type='image/png')
img.save(response, 'png')
return response
I...
1
votes
0
answer
306
Views
Connecting to Azure database for PostgreSQL from R
I created a PostgreSQL server on Azure, but I am not able to connect to it from R. I am able to connect to it using pgadmin though
drv
1
votes
0
answer
149
Views
JAVA SSLSocket keyStore and trustStore, bad certificat error
I’m currently writing a JAVA app that receive AJAX requests from a PHP server.
I use sockets for this and it works fine with HTTP requests.
But now I would like to do the same thing with HTTPs requests.
So I created a keyStore using cert and RSA key of the website :
openssl pkcs12 -export -in -in...
1
votes
1
answer
464
Views
Magento 2 - 502 Bad Gateway after ssl configuration
I am using a ssl certificate provided by comodo that seems to me to be propely configured because my website is showing the https correctly. However, I am getting 502 Bad Gateway when I access my store with ssl.
I am using nginx server and this is how I am doing this.
server {
root /var/www/html/pub...
1
votes
1
answer
150
Views
Can Jetty be configured to serve AWS Certificate Manager certs?
Running a Java web service with embedded Jetty web container. Would like to serve my RESTful API endpoints over HTTPS with a root CA-signed SSL cert (no OpenSSL).
Can I configure my embedded Jetty container to use a 'free' AWS Certificate Manager cert cert or are those certs only for use by AWS infr...
1
votes
0
answer
418
Views
unwillingToPerform ldap3 useAccountControl change
I am using ldap3 module in python to create and disable users in AD in python. When I create a user using the following code,
from ldap3 import *
import ssl
tls_configuration = Tls(validate=ssl.CERT_REQUIRED,
version=ssl.PROTOCOL_TLSv1)
tls_configuration.validate = ssl.CERT_NONE
s...
1
votes
0
answer
29
Views
Getting https HTML Content Using Java
So I'm currently trying to read through my own https html page that uses a Comodo RSA Domain Validation certificate using TLS 1.2, ECDHE_RSA with P-256, and AES_128_GCM, using Java. I've narrowed down my problem to simply being that the certificate isn't being accepted by Java Security because other...
1
votes
0
answer
17
Views
SSL connection fails when often stalled by ~5s
I have a Perl streaming application that GET some file through HTTPS. The TCP flow is often paused for a few seconds because the player has buffered a lot. As a result, the connection very often breaks/ends early.
I've taken various TCP logs and wireshark seems to be all confused and whines about C...
1
votes
2
answer
102
Views
Force site to HTTPS except for some pages and Facebook crawler
There are a few similar questions to this, but none really covered everything I need to do and I'm a bit over my head!
I have an existing wordpress site. I want to force the home page and any new subpages to HTTPS but force existing subpages (about 20 of them) to HTTP. Reason being these subpages ha...
1
votes
1
answer
2.3k
Views
My website is getting Corrupted Content Error in firefox on login
I have a website that is getting corrupted content error when logging into a user account. This error occurs in Firefox. It only occurs when you log into with a clean cache. After you log in once, you get that error, but you get skip past it. Then if you log out, and log back in again, you won't get...
1
votes
1
answer
961
Views
SSL Handshake Failure on Oreo
I am trying to interact with a server using a self signed certificate.
It works fine for Nougat but has an exception for Oreo:
javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:444)
Based off Android O's changel...
1
votes
1
answer
307
Views
How to get ClientHello information during SSL handshake in JAVA
I want to get something like client compression_methods or client supported cipher Suites from ssl handshake
I have tried using
public static void main(String[] args) throws Exception {
String serverKeyStoreFile = 'D:\\tomcat.keystore';
String serverKeyStorePwd = 'logiscn';
String catServerKeyPwd =...
1
votes
1
answer
134
Views
Adding extension in CSR for generating an intermediate certificate
I am generating a Certificate Signing Request for an intermediate certificate. I want to make the certificate a certificate authority (CA), so I want to add the basic constraints extension in CSR. I am currently using the following code
exts = sk_X509_EXTENSION_new_null();
add_ext(exts, x509_req, NI...
1
votes
0
answer
59
Views
Getting SSLHandshakeException error after several hours of successful API calls
I have created web-service to make payments via PayPal payment provider.
The *.war file is deployed on Test environment, where it is running on WildFly (8.2.1.Final) server. After each deploy, I can make successful calls to PayPal side. But after several hours I'm starting to get javax.net.ssl.SSL...
1
votes
0
answer
43
Views
ssllab generate tons of handshake exception
I'm using SSL Labs to test the certificate for the website and it will generate tons of handshake exceptions in my debug log. The exception is showing below:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl...
1
votes
2
answer
595
Views
How to use verified certificate to set telegram bot Webhook?
I have verified ssl certificate (got it when bought hosting). It consist of four parts: 1. private key, 2. certificate, 3. root sertificate, 4. intermediate certificate. I made two files .key(private), .crt(certificate, intermediate, root) and confugure nginx. Everything good, my domain shows https...
1
votes
0
answer
537
Views
NGINX SSL Too Many Redirects?
Environment
Ubuntu 16.04
NGINX Light
WordPress
Configuration
Domain name has been changed to example.com for this question.
If I bypass port 443, I get the default NGINX landing page and not my WordPress site.
# SSL configuration
server {
# Ports to listen on, uncomment one.
listen 443 ssl http2;
li...
1
votes
1
answer
194
Views
Xamarin iOS overriding TLS chain validation for self-signed certificates
I'm looking for help with performing self-signed certificate validation with Xamarin.iOS. My custom stream event handler isn't being called.
I've been working on implementing self-signed certificate validation code in C# using Xamarin.iOS and CFStream. I've been following along with the process laid...
1
votes
0
answer
538
Views
Chrome not trusting Fiddler certificates
Similar to this question:
Chrome Doesn't Trust Fiddler Root Certificate
But the upvoted answer (https://stackoverflow.com/a/33818661/1250301) doesn't seem to be working for me in fiddler v 5.0.
If I load a site with https in chrome I get NET::ERR_CERT_AUTHORITY_INVALID message. If I 'reset all certi...
1
votes
0
answer
43
Views
(OpenBuildings/Spiderling) Curl “session” throws exception Failed to connect to localhost port 4581: Connection refused
I am trying to make a crawl project using OpenBuildings/Spiderling.
I want to create a Phantomjs driver like this:
$phantomjs_driver = new Driver_Phantomjs();
$page = new Page($phantomjs_driver);
$page->visit($url);
But it throw an error:
Curl 'session' throws exception Failed to connect to localho...
1
votes
1
answer
86
Views
Different nginx config for different environments
I have a Rails app hosted in two different servers (both with dokku) for production and staging environments. The first one is hosted in www.mywebsite.com.br and the second one in www.staging.mywebsite.com.br.
We use a SSL certificate in production so I wrote
return 301 https://www.mywebsite.com.br...
1
votes
0
answer
314
Views
Using Spring Eureka Discovery Client with SSL
I have a problem using a spring eureka discovery client (Service A) in combination with an non spring eureka client (Service B). When i try to get Service B from Service A i get an empty list.
Both clients register themself successfully to eureka server. I have configured ssl and therefore disabled...
1
votes
0
answer
283
Views
SSL traffic decryption - iOS
I'm looking for a way to perform a network trace between an iOS app I'm developing, and a server I own, using my mac to intercept traffic. Traffic is encrypted via SSL ; I own the domain, and the PKCS12 certificate used to encrypt the traffic.
I've been able to perform the trace itself following App...
1
votes
0
answer
245
Views
Keep Alive Timer called close() error between jersey servers, using TLS
I have a multimodule Jersey project, where at some point in serving a request a Gateway module will talk to another Gateway module (this is the 'service discovery' part of the communication) on another PC. This communication works well, but when the code execution gets to the next request where thes...