ssl

Options for Google Maps over SSL

We recently discovered that the Google Maps API does not play nicely with SSL. Fair enough, but what are some options for overcoming this that others have used effectively? Will the Maps API work over SSL (HTTPS)? At this time, the Maps API is not available over a secure (SSL) connection. If you are running the Maps API o...

How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS

Most recent edits in bold I am using the .net HttpListener class, but I'm won't be running on IIS and am not using ASP.net. This web site describes what code to actual use to implement SSL with asp.net and this site describes how to set up the certificates (although I'm not sure if it works only for IIS or not). When I the class docu...

Debugging: IE6 + SSL + AJAX + post form = 404 error

The Setting: The program in question tries to post form data via an AJAX call to a target procedure contained in the same package as the caller. This is done for a site that uses a secure connection (https). The technology used here is PLSQL and the DOJO JavaScript library. The development tool is basically a text editor. Code Snippet: ...

How do you redirect HTTPS to HTTP?

How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches. I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around for just for emergencies so it doesn't merit getting a certification for. On my client's desktops I have SOME shortcuts which...

HTTPS in IIS 5.1

I'm using IIS 5.1 in Windows XP on my development computer. I'm going to set up HTTPS on my company's web server, but I want to try doing it locally before doing it on a production system. But when I go into the Directory Security tab of my web site's configuration section, the "Secure communication" groupbox is disabled. Is there somet...

Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like t...

How do I create a self signed SSL certificate to use while testing a web app.

How do I create a self signed SSL certificate for an Apache Server to use while testing a web app? ...

Is there a way to make Firefox ignore invalid ssl-certificates?

I am maintaining a few web applications. The development and qa environments use invalid/outdated ssl-certificates. Although it is generally a good thing, that Firefox makes me click like a dozen times to accept the certificate, this is pretty annoying. Is there a configuration-parameter to make Firefox (and possibly IE too) accept any...

Why can't I connect to my CAS server with Perl's AuthCAS?

I'm attempting to use an existing CAS server to authenticate login for a Perl CGI web script and am using the AuthCAS Perl module (v 1.3.1). I can connect to the CAS server to get the service ticket but when I try to connect to validate the ticket my script returns with the following error from the IO::Socket::SSL module: 500 Can't co...

How do I support SSL Client Certificate authentication?

I want to do what myopenid does -- once you've logged, you can click a button that generates you an SSL certificate; the browser then downloads this certificate and stores it. When you later go back to yourid.myopenid.com, your browser can use its stored certificate for authentication so you don't ever need a password. So my questions ...

Limiting traffic to SSL version of page only

We have an external service that is currently accessible via the http (port 80, non-SSL) and https (port 443, SSL) addresses. What is the best way to limit connections to only the https address? Is it something we can do via IIS or does it have to be done via code. Additional info: Regular ASP.NET web service (.asmx) running on IIS on ...

Cheapest SSL certificates

I'm looking for cheap SSL certs for running a personal website over https without triggering Firefox's "you may be facing a man-in-the-middle-attack" response that self signed certs provoke. Nothing particularly fancy, no EV, etc. Any recommendations/where do you get your certificates from? ...

Testing HTTPS files with MAMP

I am running MAMP locally on my laptop, and I like to test as much as I can locally. Unfortunately, since I work on e-commerce stuff (PHP), I normally force ssl in most of the checkout forms and it just fails on my laptop. Is there any easy configuration that I might be missing to allow "https" to run under MAMP? Please note, I know that...

Is there a limit with the number of SSL connections?

Is there a limit with the number of SSL connections? ...

Problem with Oracle Application Server SSL Certificates

Hi, We've got an Apache instance deployed through Oracle Application Server. It's currently installed with the default wallet, and, the self-signed certificate. We've got a GEOTRUST certificiate, imported the Trusted Roots and imported the new Cert to the Wallet Manager. We've then updated the SSL properties of the VHOST and the HTTP_SE...

SharePoint stream file for preview

I am looking to stream a file housed in a SharePoint 2003 document library down to the browser. Basically the idea is to open the file as a stream and then to "write" the file stream to the reponse, specifying the content type and content disposition headers. Content disposition is used to preserve the file name, content type of course...

How to specify accepted certificates for Client Authentication in .NET SslStream

I am attempting to use the .Net System.Security.SslStream class to process the server side of a SSL/TLS stream with client authentication. To perform the handshake, I am using this code: SslStream sslStream = new SslStream(innerStream, false, RemoteCertificateValidation, LocalCertificateSelectionCallback); sslStream.AuthenticateAsServe...

What's a clean/simple way to ensure the security of a page?

Supposing you have a form that collects and submits sensitive information and you want to ensure it is never accessed via insecure (non-HTTPS) means, how might you best go about enforcing that policy? ...

HELP SSL GURUs!!! ... Problems with SSL Connection

I'm using a device that's got GPRS media to connect to a PC running stunnel. On TCPIP connections, the number of sessions is limitless. However, when it comes to SSL connections, it could only go as far as 1062 successful sessions. I've tried it like 3 times but makes no difference. I've checked the OpenSSL codes and I couldn't seem to...

How to connect to PostgreSQL from .NET using TLS with both client and server authentication?

I want to connect a C# .NET application to a PostgreSQL database, using TLS with client and server authentication: in other words, if the certificate from the client can not be verified against the certificate of the server, the client should get access denied, and if the client can not verify the certificate of the server, the client sh...