I have an application that uses HTTPS for some of its routes in conjunction with the ssl_requirement plugin. It's deployed and is working fine in production. The question is how best to handle this in development, because at the moment I'm simply hacking my routes.rb to remove the :requirements key and obviously that's not very convenie...
i am posting to ssl server with jquery. will my any ajax posts be protected? ...
What do I need to do to get traffic to my ruby on rails app to use https? I have a certificate installed and if I manually type in "https://" in the address bar when accessing the site the little lock icon appears, but just manually going to www.example-app.com in my browser sends traffic through http://. Is there some one-line config...
I am just trying to get my head around SSL. I have set up a Jetty server on my localhost, and generated my own certificate using Keytool. Now when I go to https://localhost:8443/ I get the can't trust this certificate error. I use keytool -export -alias pongus -keystore keystore -file certfile.cer To create the certificate whic...
Hi, I'm looking at coding up a very simple server using an ssl connection - but had two questions How can i use the java keytool in windows to generate a certificate I can use for testing? Most tutorials i can see (for echoservers etc) suggest i run the following command, which doesnt appear to work in the command prompt (running win 7...
i'm working on a very simple server that uses ssl (in netbeans) - to test it i've created a certificate following the instructions here: http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html java-home\bin\keytool -genkey -alias server-alias-keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks java-home\bin\keyto...
I would like to read the information a java application in firefox is sending to a website over an ssl connection. I am using WireShark, and I believe that if I can somehow tell tell wireshark what encryption key firefox is using, then wireshark will be able to decrypt the ssl messages. Then I will exactly what information this website...
I am developing an API for a web application. Desktop clients will interact with the API using simple HTTP posts (REST). I will be using SSL, there is no question about that. My question is this: should I also be encrypting the data before it is sent over SSL? The information being sent may contain confidential information. Is SSL enough...
I intend to use SSL on the login form so that the username and password is encrypted during user login. But, after the user has been authenticated, if I return to HTTP, the Autentication Cookie will be passed from client to server on each request. How safe is this? Obviously i'll use SSL on pages where the user is entering sensitive in...
Hi, This question isn't strictly development-related but I hope it's still acceptable :) I'm looking at creating an iPhone app that will communicate with a REST Web service. Because some user-sensitive data (name, address, age, etc) will be transmitted I'm looking at securing the connections with SSL. However, on my previous escapades...
Hi, I am new to the OpenSSL world and trying to implement SSO on my PHP based application. I have already set up the OpenSSL Library and PHP openssl extension. Now, what I need to know is, what steps I need to take and where I can find reference of that. My requirement are 1- User will be provided a certificate, and browser will submi...
Hello, I am planning to sell products by charging credit cards thus using SSL will be critical for Django-powered website. And I am very naive for this. My initial django setup plan was using Apache as the webserver and using mod_wsgi to communicate with Django, static media again served by Apache. All seemed good until SSL protocol com...
Hi there, I'm going to develop a firefox extension which makes an XMLHttpRequest to this WebService. I can query the service correctly with the following code (from the overlay.js): var req = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:dat=\"http://webservice.whereisnow.com/datatypes\"><s...
We would like to expose our WCF services over REST and also over TCP securing them both with SSL. We have a valid SSL uploaded to Azure and the proper mapping setup so that going to https://service.ourdomain.com works as it should. I have setup two endpoint bindings, webHttpBinding for the REST services and a customBinding of type NetH...
I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump. Is there a good man-in-the-middle tool that ...
I've setup a self-signed certificate to test an ssl java connection - however, it is refusing to locate the java trustStore. I've saved copies of it in /Java/jre6/lib/security in addition to the folder where the classes are compiled to (im using netbeans) and also to /java/jre6/bin none of the above appears to work, because when i run th...
I am trying to connect to an SSL server which requires me to authenticate myself. In order to use SSL over Apache MINA I need a suitable JKS file. However, I have only been given a .PEM file. How would I go about creating a JKS file from a PEM file? ...
Hello, I try to send an email using a jee app. The exact same code is working on a console application. When I use this code on a jee project and I test it using glassfish v3, i get a Unable to find valid certification path to requested target. I don't want to import any certificate. I just want to send my mail even if there is a cert ...
We recently purchased a Code Signing certificate from GoDaddy. Following their instructions, we were able to use the SignTool from MS and sign our installer. When installing under XP, this works great. However, when installing under Vista, if we look at the certificate, it is saying "One of the countersignatures is not valid. The fil...
I've developed a website that provides a fairly basic service. Users register, fill in online forms, make a payment and then generate some pdf documents based on the data in the forms. They can log in again, downlod documents etc. Nothing amazing... The sites been developed to change its branding based on a query string parameter (peopl...