Am I correct in understanding that a WCF Service could be setup with "Transport Security", + "Certificate Authentication" and without a "Client Certificate" installed client side? My scenario would be: WCF Services on Remote Server Windows Forms Client shipped potentially to hundreds of users (authenticates users (against DB) and per...
I have a three step registration process, all on one page, the last of which requires the user to select a saved payment method or input a new one. Obviously, I want to collect that new data over SSL. Step 2 of the process involves showing the user a Google map, and the GMaps API doesn't play nice with SSL. My solution is to use a popu...
I'm currently attempting to implement having a (signed) applet communicate to a server program via SSL. I have found the right kind of incantations to create key stores for the client, the client's trust manager, and the server. This allows me to create compatible SSL contexts on the client and the server. However, as it stands, this se...
Hi All, I have a click tracker for a client. The tracker is nothing but a javascript snippet which writes an iframe(a different domain) into the page. If I have a normal iframe I am able to track clicks more accuratley(I compare the data from another tracking solution) than when the iframe is secure(the site is accessed over ssl). Wh...
We're making some calls to some very simple JSON web services in .NET CF 3.5 / Windows Mobile 6 and it appears that we've run into this bug: http://blogs.msdn.com/andrewarnottms/archive/2007/11/19/why-net-compact-framework-fails-to-call-some-https-web-servers.aspx Is it really almost two years later and this isn't fixed? Seems like a pr...
Background info: We are a small company with a Microsoft server ISA 2000 configured by an external technician for our company network. Though computer professionals, web hosting and networking is NOT our strength! Our ISP uses Parallels Business Automation - Control Panel (Plesk?) to allow us to administer our websites. We are given a UR...
So I've got a ServiceReference added to a C# Console Application which calls a Web Service that is exposed from Oracle. I've got everything setup and it works like peaches when it's not using SSL (http). I'm trying to set it up using SSL now, and I'm running into issues with adding it to the Service References (or even Web References). ...
What is difference between https protocol and SSL Certificate that we use in web browser? Aren't both of these used to encrypt communication between client (browser) and server? ...
I'd like to write an SSL adapter based on SSLEngine, built from a InputStream/OutputStream pair (standard java blocking I/O) potentially serving as a transport for authentication encrypted data. This adapter should itself give access to a corresponding pair of deciphered InputStream/OutputStream. I've found few complete examples using j...
A module I'm adding to our large Java application has to converse with another company's SSL-secured website. The problem is that the site uses a self-signed certificate. I have a copy of the certificate to verify that I'm not encountering a man-in-the-middle attack, and I need to incorporate this certificate into our code in such a wa...
Hi, I got a trial server certificate from completeSSL with the plan to use it to sign my Azure production site. It turns out that I need a certificate with an exportable private key ... and my new trial certificate is not such. Does anyone know which of the ssl vendors sell certificates with exportable private key? ...
(similar to this question, but with another twist). IIS 6, if that turns out to be applicable. So we attained a certificate that was signed for www.foo.com, and of course HTTPS requests for foo.com throw certificate warnings. Some questions: Will putting in a DNS CNAME for foo.com requests to point to www.foo.com fix the problem? If ...
I'm trying to use the ssl requirement plugin with the restful authentication plugin and I have a question that I'm having trouble finding the answer to. When allowing a user to login from a non-SSL action/page, should I require SSL on the session's create action for increased security, or is that overkill? If so, how do I get the creat...
Ideally, I only need a simple SSLSocketChannel: I already have a component that reads and writes message over ordinary SocketChannel, but for some of those connection, I have to use SSL over the wire; the operations over that connections, however, are the same. Does anyone knows a free SSLSocketChannel implementation (with the appropria...
I understand that normally an SSL (or more precisely X.509) certificate is supposed to be signed by some certifying authority to assure that it is genuine. In some cases no such signature exists, e.g. if you generate a cert for testing purposes, or if you are the certifying authority (root certificate). In these cases, self-signed certi...
I am using Java 6 and am trying to create an HttpsURLConnection against a remote server, using a client certificate. The server is using an selfsigned root certificate, and requires that a password-protected client certificate is presented. I've added the server root certificate and the client certificate to a default java keystore which...
I have a payment page I would like to use SSL. I have the certificate installed... now what? Can I just refer the the page using https? When I do that I get the following error: SSL received a record that exceeded the maximum permissible length. ...
I have setup Apache to serve Subversion data. The configuration looks like this, <Location /svn> DAV svn SVNPath /path/to/svn AuthType Basic AuthName "My Project" AuthUserFile /etc/httpd/dav_svn.passwd Require valid-user SSLRequireSSL <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> T...
I'm working on a small website for a local church. The site needs to allow administrators to edit content and post new events/updates. The only "secure" information managed by the site will be the admins' login info and a church directory with phone numbers and addresses. How at risk would I be if I were to go without SSL and just hav...
Anyone reading my last batch of questions knows I'm working on a Firefox add-on for my office intranet. So, here's the latest; this time a concern instead of an obstacle: So, my first plan was to build a sign-in form right into the chrome, so that it blended and didn't require any dealings with iframes/browsers/etc. But after some think...