I'm trying to connect to a web service (not under my control) configured to authenticate users via SSL client certs. I have a valid certificate in PKCS12 format containing the client certificate and associated private key. The certificate is issued by a CA accepted by the web service provider. Installing the certificate and trying to ac...
I came across aSSL, which appears to be a couple of years old and was wondering if anyone has other examples of "secure" AJAX connection code? Obviously, this wouldn't be as secure as using a SSL certificate, but with the null character SSL attack out there (recently demonstrated against PayPal), would it be worthwhile to revisit someth...
I'm writing an application that syncs files over an FTP site. Right now it's working by connecting through regular FTP, but now our IT guys want to set this up over a secure FTPS connection. They provided me with a .cr certificate file. If I open the file in notepad I see something like this (but with real keys not foobar obviously). -...
I have an html input control () on an aspx page that is secured via SSL. Just as a sanity check I want to make sure that the upload of the file on this page is also encrypted along with the rest of the page when the postback occurs and the request is sent to the server. ...
Fiddler seems to be killing a webservice call I'm making via SSL. When I have fiddler capturing traffic (with Decrypt HTTPS traffic and Ignore cert errors both checked), my Web Service call becomes untrusted (I'm able to view SSL in a browser, but the web service call seems to be 'not ignored'). Essentially, I'm trying to catch the X...
Hi guys, I've got some issues with the .htaccess that I just can't get to work. Hope someone could solve this one. I have a SSL certificate on the www.-domain on an Apache server. I want all http://subdomain.domain.com requests on a specified list of subdomains to redirect to https://www.domain.com/subdomain. The second problem is, tha...
How do i check the client browser SSL certificate in my ASP.net code behind I want to ensure that if any https proxy like fiddler is running then my application does not load I have done the following till now without any success: My site is on Https In IIS i have set Require SSL= true Require 128 bit encryption =true accept certificate...
Hello, I want to be sure that for some URL of my website, SSL will be use. I saw a lot of answer already on SO. http://stackoverflow.com/questions/724968/force-redirect-to-ssl-for-all-pages-apart-from-one So I think I will use mod_rewrite. My question is more about how to configure the Virtual Host to run my Django Application over H...
Hello, I get a certificate from Gandi for a domain www.mondomaine.fr But for sql.mondomaine.fr I wanted to use a Self-Signed SSL certificate. If I active sql.mondomaine.fr, the www.mondomaine.fr is using the self-signed certificate instead of the Gandiś one. If I desactivate the sql. everything works fine. How can I manage the use of...
I have a web page containing am entry form. HTTPS is enabled via an Apache redirect for all requests matching that page. Unfortunately, because the CSS pulls in external images using 'background-image: url(/images/...)', the browser will generate a warning message that the page contains mixed content. What's the best way to resolve thi...
I asked the question before but didn't phrase it quite right. I'm using RESTful principles to build a secure web-app that uses both transport authentication/encryption and message level security. The message level security is essentially client-independent (still encrypted though), and hence this allows the individual messages to be cac...
It only happens in production, when we update some of the records through browser, the change was not saved. it does not seem to be a cache problem as we verified that the data in mysql was still the old data. However, the controller did get hit and flash message returned as if the change was made successfully. However, we can make the...
I'm at a loss, since I'm not a Tomcat person. I need to use a 3rd party's web service and they require Client Authentication via SSL, so they generated and issued me an SSL certificate. Unfortunately this is as far as they support it and cannot give me any direction on how to actually use it. I'm stuck using this 3rd party so unfortunate...
Hello, this is mostly a deployement than a programming question. If I were to buy an SSL certificate from a CA, would I be able to use it to sign other applications (such as symbian, android, iphone ones)? If so, what (re)seller would you recommend? ...
Hi, I'm trying to use libpq, the client library for PostgreSQL in a Cocoa app. First thing, adding the header files: I tried adding the path to the PostgreSQL header files under User Header Search Path on my project's properties and then compile but for some reason XCode can't see them. The solution was to manually add the files and a ...
Does SSL provide any type of security other than simply encrypting the content of the HTTP request for web applications? ...
I have a .net 2.0 windows service application written in C# that access a non-soap web service via SSL with HttpWebRequest. My windows service runs under the NETWORK SERVICE account. I am able to make SSL work by issuing a cert to the web server that my windows service talks to from a CA, then installing the CA's cert to the Local Mach...
I'm a bit stumped on this one. I had a completely working 2 Node cluster, changed the keystore and the truststore to use different files, saved the changes. My assumption was that the deployment manager would automatically propagate those changes to the nodes before switching over. However according to the deployment manager, the nodes...
Hi All, I am using CFNetwork to connect to a https webservice , whose server is a Verisign certified. I get the appropriate response from the server some times. But the rest of the time I am getting two kind of errors. 1."Operation could not be completed. (kCFStreamErrorDomainSSL error -9807.) 2."Operation could not be completed. (kC...
I'm working on a Java application that uses iText to digitally sign PDFs that will be made available online. I have been able to sign the documents with a test cert I obtained from GlobalSign and it works great. The test cert is part of GlobalSign's "DocumentSign for Adobe PDF". The reason I had to use this cert is so that my cert chains...