Unanswered Questions
1,901 questions with no upvoted or accepted answers
9
votes
0
answers
618
views
Can Asterisk's phoneprov module be used securely?
I'm using Asterisk 13.1.0 as packaged by Ubuntu Server 16.04 to run a pure-VoIP phone system. Asterisk has a module – phoneprov – that allows it to template out configuration files for ...
- 113
8
votes
1
answer
1k
views
Utilizing SSL on Multi-domain, Autoscaling Elastic Beanstalk Setup
We are creating a Content Management System for our company. It is important that this CMS support dynamic domain names on a dynamic number of servers. After many hours of research we felt that Amazon'...
- 1
8
votes
0
answers
7k
views
Apache/SSL: (70014)End of file found: SSL input filter read failed
Figured upgrading on a long weekend was a smart move... Now I'm stuck.
The server is spitting out this error (loglevel info): "(70014)End of file found: SSL input filter read failed" when using the ...
- 375
7
votes
1
answer
4k
views
haproxy ssl password protected private key
Usage: Haproxy as SSL termination
Requirement: Our private keys are password protected and we are not allowed to remove the password for the private key
Problem:
If i run the following command ...
CommunityBot
- 1
7
votes
1
answer
290
views
What would be involved in moving a site like stackoverflow to https?
I've seen a lot of requests in the SO Meta asking for StackOverflow to be moved over completely to https.
I've never run a site as large as Stack Overflow, so enabling SSL/TLS has always just meant ...
- 427
6
votes
1
answer
22k
views
Enable TLS 1.2 in Windows Server 2012 running Exchange 2013 via IIS 8.0
I got some issues getting the TLS 1.2 protocol running on one of our Windows Server 2012 machines. I checked this using ssllabs.com by Qualys and also tested with a powershell script and the linux ...
CommunityBot
- 1
6
votes
1
answer
1k
views
IIS 6.0 SSL handshake error
Hi all I installed a trusted certificate in an IIS 6.0 server. I have the port 443 opened in the firewall and I verified the server is listening on that port. However when verifying using openssl I ...
- 1,704
5
votes
1
answer
1k
views
How to debug failed checksums/flipped bits in TCP packets?
A web application we maintain recently encountered a very weird problem: three out of four virtual machines on two physical hosts had trouble connecting to the server of our payment provider via HTTPS....
- 593
5
votes
0
answers
11k
views
How is TLS_FALLBACK_SCSV supported on Windows Server?
According to the last SSL Labs report, everything is green on my server, except support for TLS_FALLBACK_SCSV.
Not currently possible with IIS it seems
I've read everywhere that this is not ...
KevinM
5
votes
0
answers
6k
views
LDAP with TLS: connect error(-11)
I configured OpenLDAP and today I've configured the TLS for more security following these guide lines: Configure OpenLDAP with TLS=required
Modifying the cn=config.ldif with config file:
dn: cn=...
CommunityBot
- 1
5
votes
1
answer
2k
views
Outlook refusing to display HTTPS images from server using internally-signed cert
We are currently transitioning our site to use HTTPS everywhere, and this includes the emails that we send to customers. On our internal testing environments, we are using IIS with SSL certificates ...
- 7,936
4
votes
0
answers
460
views
Drop connections with a mismatching client certificate CN in nginx TCP reverse proxy
I'm using nginx to add TLS functionality on top of an existing TCP server (Redis) by proxying it like so (please read on before saying "Redis has builtin TLS support"):
stream {
server {
...
4
votes
0
answers
4k
views
ngnix php curl old SSL session ID is stale, removing
I am making a php curl request from nginx server to apache server
It shows old SSL session ID is stale, removing
As per the link I have changed the SSLSessionCacheTimeout in bitnami apache server but ...
- 141
4
votes
0
answers
7k
views
Enabling HSTS header on AWS Application Load Balancer
We have a Spring Boot application behind an AWS Application Load Balancer. The load balancer terminates SSL before forwarding coming requests to our application and also redirects 80 port to 443 port.
...
- 179
4
votes
2
answers
4k
views
Can I enable TLS 1.3 with Certbot?
I am working with Nginx and Certbot, I have secured a domain with HTTPS. I would like to get the domain up to TLS 1.3.
The Nginx server block for my domain get's it's SSL protocols from the included ...
- 1,443
4
votes
0
answers
1k
views
Unable to RDP into Server 2016 after adding custom RDP certificate
We have a Server 2016 running AD Certificate Services. Our team was asked to create a new RDP certificate so that the self-signed certificate errors would go away when RDP'ing into the system. Went ...
- 101
4
votes
1
answer
884
views
How do I use let's encrypt with an Azure Storage Static Site/Azure CDN
i am working on hosting a static site in Azure Blob Storage. With an azure cdn it is possible to have a custom hostname and SSL, which suits my needs.
I would like to use let's encrypt and make it ...
- 121
4
votes
0
answers
16k
views
SSL certification exception- error:0909006C:PEM routines:get_name:no start line
I am using LDAP authentication in Tomcat. But I'm getting the exception
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-apr-4001"]
java.lang.Exception: Unable to ...
- 41
4
votes
1
answer
227
views
Sha1 deprecation 2017
SHA1 is depcrecated as of january 1st this year - at least on browsers. I have not switched my ironport certificate yet, and not my intra exchange certificate (the external ones are replaced). Will I ...
- 119
4
votes
2
answers
203
views
SSL on both ELB and server
I configured my ELB to be able to serve ssl pages by putting my certs in the ELB itself. Say the ELB serve requests from www.example.com.
At the same time i need to use ssl outside the ELB and serve ...
- 244
4
votes
3
answers
5k
views
How to enable HTTPS for the public DNS route of an Ec2 instance instance?
I am working on a Facebook bot app and one of their requirements is to setup a webbook on my webserver that is returning a token, to validate my account. I quickly spin up a micro instance (Ubuntu) ...
CommunityBot
- 1
4
votes
0
answers
396
views
What process on a SonicWall Security Appliance Checks the DPI-SSL Client Inspection?
I'm interested in determining if there is high CPU usage on a SonicWall Security Appliance, but I don't know which process to check for high CPU usage.
There are various options for this in the UI ...
- 4,909
4
votes
0
answers
703
views
Schannel Error - Random
I'm currently experiencing an issue on a Windows Server 2012 R2.
In the event log is an Error for the Source "Schannel". The error description is:
"A fatal alert was generated and sent to the ...
- 78.7k
4
votes
0
answers
703
views
Schannel Error - Random
I'm currently experiencing an issue on a Windows Server 2012 R2.
In the event log is an Error for the Source "Schannel". The error description is:
"A fatal alert was generated and sent to the ...
- 78.7k
4
votes
0
answers
400
views
Sophos firewall default settings do not allow HTTPS from Java 6 clients
Our current (default) Sophos firewall (Apache reverse proxy) settings does not allow Java 6 clients to connect over HTTPS. The ssltest result shows that the reason is "Client does not support DH ...
CommunityBot
- 1
4
votes
1
answer
3k
views
SSL - Apache and Node.js on the same Amazon EC2 instance
I hosted my website on an EC2 instance, using Apache. SSL was also set up properly, running on HTTPS, port 443.
Currently, I just added a chat application to the website using Node.js + socket.io. ...
CommunityBot
- 1
4
votes
1
answer
986
views
Multiple Client Certificates in SSLProxyMachineCertificateFile
Here is my use case.
I want to learn how to setup Apache, so this is just for learning. Feel free to suggest better alternatives. I'm using Apache 2.4 in RHEL5. I want to use a ProxyPassMatch to ...
- 33
4
votes
0
answers
1k
views
rabbitmq-shovel amqps connection handshake failure
I fail to setup a rabbitmq shovel over amqps.
The same shovel works fine over amqp.
my (edited) uri:
amqps://un:[email protected]:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&...
- 51
4
votes
0
answers
1k
views
rabbitmq-shovel amqps connection handshake failure
I fail to setup a rabbitmq shovel over amqps.
The same shovel works fine over amqp.
my (edited) uri:
amqps://un:[email protected]:5679?cacertfile=/etc/ssl/certs/example.com.cacert.crt&...
- 51
4
votes
1
answer
6k
views
IIS SMTP TLS encryption issue
I enabled TLS in IIS SMTP Virtual Server with a self-signed server certificate. Made sure that the certificate has the FQDN of the server. Checked the TLS encryption checkbox in Virtual SMTP > ...
CommunityBot
- 1
4
votes
0
answers
431
views
How can I explicitly disable TLS when sending to one specific recipient?
I have a SendMail 8.14 server deployed in the middle of an SMTP workflow (Outbound mail looks like Exchange -> SendMail -> Appliance -> Internet)
I have TLS configured for the first three hosts. ...
- 11.9k
4
votes
2
answers
7k
views
Configuring client certificates on IIS8 - Error 403.16
I am trying to implement client certificate authentication on IIS 8. I have deployed my configuration on a development machine and verified it working as expected there. However after setting up on ...
CommunityBot
- 1
4
votes
1
answer
1k
views
Linux forward proxy for client authentication
I need to use a simple HTTP forward proxy proxy for Linux to do mutual SSL authentication.
The proxy needs to attach a client certificate to HTTP request and then upgrade HTTP to HTTPS.
I have tried ...
4
votes
0
answers
1k
views
How do I clear cached SSL state data from schannel?
I'm trying to clear SSL state data for a normal TLS session (no client certs are involved) for Outlook when connecting to a SSL based CAS server.
How do I clear the SSL state of SChannel?
Does the ...
CommunityBot
- 1
4
votes
1
answer
2k
views
Apache2 not sending installed SSL certificate
I've spent hours and hours researching this problem and before I do something drastic like redoing all of the relevant configs I thought I'd ask for help.
I'm a student sys-admin at a college and we'...
CommunityBot
- 1
4
votes
0
answers
4k
views
OpenSSL SHA256 testing
I'm having an issue testing a hardened SSL configuration for pound.
One of the requirements is for the inclusion of AES[128|256]-SHA256 ciphers, along with strict ordering of preference. I've ...
- 6,085
4
votes
2
answers
2k
views
Nginx SSL redirect for one specific page only
I read and followed this question in order to configure nginx to force SSL for one page (admin.php for XenForo), and it is working well for a few of the site administrators but is not for myself. I ...
CommunityBot
- 1
4
votes
0
answers
6k
views
ProFTPd/FTPS issue: unable to accept TLS connection: received EOF that violates protocol
It took some time while I tried to find solution over the net. Nothing helped.
The story: I have Ubuntu 10.10 (Amazon EC2 instance). ProFTPD Version 1.3.2e (latest via apt-get). I changed nothing on ...
- 3,349
4
votes
0
answers
442
views
How to add SSL for localhost in RAILS
I want to test my application which needs to work both with and without SSL. If it is possible to set up SSL for a local application (http://localhost:3000), please let me know some suggestions, my OS ...
- 292
4
votes
1
answer
686
views
Multiple SSL enabled hosts causes nginx to reload slowly
I've set up ssl_certificate and ssl_certificate_key directives at the
http level of my nginx configuration. The problem I'm facing is that
starting/reloading nginx is getting slower and slower as more ...
- 293
4
votes
2
answers
5k
views
net::ERR_CONTENT_LENGTH_MISMATCH on Nginx and SSL
I have a problem with one of my servers witch I cannot resolve. I keep getting net::ERR_CONTENT_LENGTH_MISMATCH in Chrome on images or css/js scripts. Nginx is not proxy, it's just serving files ...
CommunityBot
- 1
3
votes
1
answer
1k
views
Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"
Summary
I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
3
votes
1
answer
424
views
Configuring mailiers in Phabricator
After a clean installation using the bitnami image I followed the instructions to set up the mailers.
It looks like this:
[
{
"key": "stmp-mailer",
"type": &...
- 26.6k
3
votes
0
answers
1k
views
Email headers in o365 showing MAPI
I'm reviewing email headers to determine if an email sent via SMTP is using TLS 1.2. Depending on where I send the email, it goes 3-5 hops to different servers.
The first connection appears to be ...
3
votes
0
answers
1k
views
Haproxy same port for http and https
I want my webapplication run only on port 4443. So i added this port to my docker container on haproxy. Now i want to inspect the incomming request and if it is not https, it should redirect to it. ...
- 51
3
votes
0
answers
425
views
Optimizing IIS for serving static content over TLS
I am trying to fine tune an IIS 10 web server for the sole purpose of serving static files.
I've disabled session state, disabled managed code, added all necessary public cache control headers with ...
- 171
3
votes
0
answers
697
views
mysqlx reported: failed at ssl configuration
I have MySQL 8 with the mysqlx plugin enabled running on a standalone server that will never allow access to 3306 from outside the instance and have no worries about security within the instance.
I ...
- 587
3
votes
1
answer
3k
views
Update Amazon RDS Certificate SSL Issue with MySQL Lambda
Like many people I have updated my Amazon RDS Certificate to CA_2019 from CA_2015.
At first everything seemed fine but later on checking I noticed the mysql lambda function which i wrote to query the ...
CommunityBot
- 1
3
votes
0
answers
2k
views
Trying to use an openLdap docker image for SSL
I'm trying to use docker to create a openldap server than I can connect to over our intranet. I've set it up to run as host so that it doesn't cause any network issues and we can use the network DNS. ...
- 113
3
votes
1
answer
4k
views
nginx config using variable in ssl_certificate path throws permissions error
The nginx configuration server block:
localhost:/etc/nginx$ cat nginx.conf | grep -B 3 -A 6 '$ssl_server_name'
server {
listen 443 ssl http2 default_server;
ssl_certificate /etc/...
CommunityBot
- 1