ssl-certificate

how to generate a self signed and configure an SSL?

I am very new to SSL,wants to install SSL for my application on GLASSFISH,though tried to find some tutorials which can teach me from basic,but was unable to find any elaborative solution . 1)Like how to generate a self signed Certificate for the SSL? 2)How to configure this certificate with my application? 3)how to Configure only LOGIN ...

Decryption problem

Hi, I have inserted some data in table using encryption (encrypted by creating my own certificate.). INSERT INTO Person2(ContactID, eFirstName, eMiddleName, eLastName) Values (1, EncryptByCert(Cert_ID('TestCertificate'), 'FirstName'), EncryptByCert(Cert_ID('TestCertificate'), 'Middle Name'), EncryptByCert(Cert_ID('TestCertificat...

Secure Login credential without using SSL

Hi, I am new in SSL, whatever i read and know that its paid digital certificate and after using SSL in website https:// the data transfer is secure at network layer. In my application i don't have much security concern except loginname and password. Is there any way to protect Loginname and password without using SSL https:// ...

X509Certificate2: Extensions are missing

Hi, In C# i'm loading X509Certificate2 objects from an X509Store initialized like so: X509Store store = new X509Store("My", StoreLocation.LocalMachine); store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly); I made my certificate in Openssl and it is set to "Any purpose". So I would expect the X509Certificate2.E...

Tomcat Server/Client Self-Signed SSL Certificate

I have an Apache Tomcat 6.x server running with a self-signed SSL certificate. I want the client to present their own certificate to the server so I can authenticate them based on a database of users. I have it all working based on an example I found online, but the example came with canned certificates and a pre-build JKS datastore. ...

RHEL/Apache ssl.conf configuration problem

We've got multiple subdomains, each with it's own virtualhost entry in httpd.conf and (for those supporting https) in ssl.conf as well. Our main www subdomain has a GoDaddy cert associated with it. The subdomain I'm configuring right now ("api.bulbstorm.com") has an ssl.conf virtualhost entry that looks like this: <VirtualHost 172.16....

.Net Programming: What to validate on an SSL self-signed certificate

I cannot get the users to create real certs for their servers but I'd like to do some security checks. So the following is too light because, as I read it, there is no checking on the certs. ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; What do you recommend that I have the clients check on the x...

SSL Client Cert Verification optimisation

We currently have a group of web-services exposing interfaces to a variety of different client types and roles. Background: Authentication is handled through SSL Client Certificate Verification. This is currently being done in web-service code (not by the HTTP server). We don't want to use any scheme less secure than this. This post ...

Why do Windows Updates kill self-signed SSL certificates?

It seems that every time Windows auto-installs security updates, all of our secure sites return "connection was reset..." messages. After I remove and reapply new self-signed SSL certificates, the sites are back up and running. All of our sites with Verisign or Network Solutions certs are never affected by these updates. 2 questions: ...

Could not find trusted certificate

Problem: I'm getting a thrown error from javax.net.ssl.SSLHandshakeException (see attached picture) Is it possible for Java to have a corrupt or missing CA cert? If so how can I repair or resolve this issue/error? Things I've Tried: I have removed all versions of JRE from the PC and installed the latest version of JRE (1.6.14). Cl...

How to have an SSL Certificate installed in an Indy Server and seen as trusted?

Using Delphi 2007, Indy 9 to build a standalone Server working in Secure mode. I used SSLBuddy to generate the certificate request, got a root certificate and a standard certificate from GoDaddy, a MyDomain.crt, (I selected the "other" type as web server). I then used SSLBuddy to generate the key and cert files passed to the TIdServer...

How do I send email over SMTP with SSL using Java client?

I need to send email over smtp with ssl using java client. I'm not sure how to do that. If I have my server certificate installed on my Windows machine, how do I use it? If I want it to work on a non-Windows machine, do I need to get the certificates in a different way? BTW: If the SMTP server that I use is using SSL, can I be sure t...

How to ignore a certificate error with c# 2.0 WebClient - without the certificate

Using VS2k5 - c#2.0, System.Net.WebClient.UploadData(Uri address, byte[] data) Windows Server 2k3 So here's a stripped down version of the code: static string SO_method(String fullRequestString) { string theUriStringToUse = @"https://10.10.10.10:443"; // populated with real endpoint IP:port string proxyAddressAndPo...

Can I create self-signed certificate in Java which will be automatically trusted by web browsers?

Hi, I've generated a self-signed certificate for my Java app using keytool. However, when I go to the site in a browser it always pops up with a warning - saying this site does not own the certificate - is there a way to self-sign/doctor a certificate so I won't get these warnings in a browser? Both server and browser are located on t...

"Server certificate untrusted" error in iPhone application

I am using my iPhone application on my iPhone 3G OS 3.0.1 without any problems. The application connects to an API URL at https://api.serverdensity.com/1.0/ and all requests go through it. A user of the app has reported that they are now suddenly getting an error "untrusted server certificate". No other users are experiencing this issue...

What do CAs (Certificate Authority) deliver from CSR ?

I need an SSL certificate for a web server. I can generate a self-signed SSL certificate with the following OpenSSL commands: openssl req -newkey rsa:512 -x509 -days 365 -nodes -out cert.pem -keyout cert.pem openssl dhparam -inform pem -in cert.pem -outform pem -out dhparam.pem 512 cat dhparam.pem >> cert.pem If I want to have a CA-si...

Bad OpenSSL certificate

Hi, I am trying to make a fake CA and sign a certificate with it to use with stunnel (which just seems to be calling OpenSSL routines, so you probably don't need to know the program to help :). However, stunnel keeps rejecting my certificate saying that it isn't signed with the right key! This is how I'm generating my keys and certs wi...

Is there a way to redirect https to http on IIS 7?

We have not purchased an SSL certificate so the user of our website has to click to "approve" the website everytime they use it. Is there a quick way to redirect all https:// traffic to http:// for now in IIS 7? So that all content is served as under http:// By the way I DO NOT have "Require SSL" ticked under SSL settings. Also if I pu...

How do I enable mutual SSL in IIS7 with a self-signed certificate?

I've created a self-signed certificate in IIS7. Then I exported this certificate to a .pfx and then installed it on the client machine's IE browser. Then I set "Require Client Certificate" on the server's IIS configuration. When I try to visit the site with IE, a dialog box comes up for me to choose a certificate, however, there are no c...

Trouble understanding SSL certificate chain verification

My app uses SSL to communicate securely with a server and it's having trouble verifying the certificate chain. The chain looks like this: Entrust.net Secure Server Certification Authority -> DigiCert Global CA -> *.ourdomain.com We are using a certificate store pulled from Mozilla. It contains the Entrust.net certificate, but not the D...