Hello, I am trying to verify the that target exposes a https web service. I have code to connect via HTTP but I am not sure how to connect via HTTPS. I have read you use SSL but I have also read that it did not support certificate errors. The code I have got is from the python docs: import httplib conn = httplib.HTTPConnection("www.pyt...
Say I was trying to access https://www.secretplace.com/really/really/secret.php, what's actually sent in plain text before the SSL session is established? Does the browser intervene, see that I want https, initiate a SSL session with secretplace.com (i.e. without passing the path in plain text) and only after the SSL session is set up ...
Hi, Seeing as Stack Overflow has provided me with numerous answers from others posts I have decided to post my own question. Here goes. I want to use SSL on IIS to ensure that clients are connecting with a current certificate. All I want to do is simply create my own CA cert and install in server and client trust stores, create a se...
OK this might sound like a strange question. Please read carefully before jumping on me OK? ;-) Imagine this situation: We have a server and a client. They connect using SSL. Client creates account on server with password. But, what he actually passes to server over the wire is the hash (+salt) of the password (NOT the password) Ser...
Anyone know of any good articles that describe how to accomplish this? ...
We have written an authentication provider for a SharePoint web application which can requests multiple LDAP directories. One of the LDAP server have to be requested via SSL. So we imported the CA certificate which was used to sign the LDAP server's certificate into the certificate store of the SharePoint server. The following code s...
Hello, I'm developing a J2ME app which securely connects to a server to login. I'm having a lot of difficulty in setting up the SSL between the two so I thought of a simpler solution and I'm hoping you can give your views on it. The J2ME Midlet is shipped WITH the server's public key, on connect a message (username, password hash and r...
I have an application application framework that works in a peer-to-peer manner between unnamed hosts on a network. I want to have the traffic be encrypted, so I've implemented a setup with M2Crypto, but I've run into a snag. I have no idea what to put down for 'commonName' when creating the cert. It seems to want a domain name, but none...
I have been working through the asio ssl examples (linked below). Despite by best efforts I have been unable to link openssl into the boost example. The output from ld is that ld is missing symbols from libssl.a. The thing that I can not figure out is that I found all the symbols in libssl.a with nm that ld says are missing. I suspect I ...
I'm attempting to use the System.Net.Mail.SmtpClient class to relay an email through my company's email server. All SMTP connections to the mail server have to be SSL and it uses a self signed certificate. That's fine for Outlook where you can just click ok on the warning dialogue but does anyone know a way to get SmtpClient to accept a ...
We have a multi-tenant website where we use a wildcard SSL cert to give people a subdomain to our site. Some of our customers would like to use their own domain, but I'm concerned about how we would manage each customer's certificate as our business grows. Currently the certificate resides on the web server, which means loading all of th...
I have the following snippet in classic ASP, to send a command and retrieve the response over SSL: Dim xmlHTTP Set xmlHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.3.0") xmlHTTP.open "POST", "https://www.example.com", False xmlHTTP.setRequestHeader "Content-Type","application/x-www-form-urlencoded" xmlHTTP.setRequestHeader "Content-L...
I have read a related question already, but it doesn't seem to fail at the same place I am seeing a failure. I am trying a very simple operation: public static void main(String [] argv) { try { URL u = new URL("https://membership.usairways.com/Login.aspx"); Object o = u.getContent(); } catch (MalformedURLExcepti...
I'm implementing a client with python's twisted that checks the server ssl certificate when connecting, following basically this recipe. I've seen in many HOWTOs such as this one the server checking the client's authenticity through a ssl certificate as well. Currently i authenticate my clients using an unique id and 1024 char string (th...
I'm trying to automatically redirect for any url that has "checkout" in it to https. Otherwise, if the url is https but doesn't have "checkout", I want to redirect to "http:". Only urls with "checkout" can have https. I need an if-then-else structure. The syntax below doesn't work ... redirects to index.php if there is https in the u...
When I try to post the XML to an SSL link by the following code public void send(String url, String xmldoc) { StringBuffer sb = new StringBuffer(); try { ByteArrayInputStream bais = new ByteArrayInputStream(xmldoc .getBytes()); InputSource is = new InputSource(bais); DocumentBuilderFactory factory = DocumentBuil...
TLDR: I'm looking for a software based two-factor authentication system. Summary: I am trying to find a solution equivalent to a SSL client side certificate, except that said certificate would optimally be generated at the first connection of the browser to the server. Long version: I want to automatically generate a security token usi...
We are in the process of moving our web architecture to a new environment. Included are dozens of different sites ranging from almost completely static to dynamic sites requiring authentication and containing sensitive content. Our web server admins have (without any input from the development team) decided to make it a standard in the n...
I have a WCF service self-hosted in a windows service environment that works fine over http; over https I am unable to get to one URL without seeing the windows login prompt when running the silverlight application (or just opening the page in IE). I am using the IPolicyRetriever interface to ensure that the ClientAccessPolicy.xml file i...
Scenario: The infrastructure that a website is built on consists of a web farm fronted with ISA servers, these ISA servers terminate the SSL of any given website and the requests between the ISA server and the IIS7 servers are always over port 80 (http). Therefore: Customer > [https] > ISA > [http] > WebFarm(IIS) Question: Is it possib...