I recently got a notification from a McAfee service (what used to be called HackerSafe) that my website is using SSLv2 and it should be using SSLv3. I don't know anything about the versions of SSL. My site is using IIS 6.0, is there a setting somewhere to turn on SSLv3 or do I need to install something to make this happen? Also, is there...
Do end users really care if a SSL EV certificate is from VeriSign, Thwate, DigiCert, or etc.? A certificate from VeriSign can cost up to 3x the cost from DigiCert for the same basic features. VeriSign is probably the most recognizable brand name though. I've had many discussions with people about this topic, but I've never seen any real...
I've got to set up temporary SSL security on my classic ASP application on Windows 2000 server, IIS5. What do I need to do to activate SSL? I won't be able to get an official cert for a little while so I think I have to make my own. Steps? Do I need access to the router or anything or can I just do this through IIS? ...
Is there an easy way to verify that a given private key matches a given public key? I have a few *.pub, and a few *.key files, and I need to check which go with which. Again, these are pub/key files, DSA. I would really prefer a one-liner of some sort... ...
We are using IIS 6 and ASP.Net, When users make secure page requests using https://somesite.com/securePage.aspx the user gets an error: Error code: ssl error bad cert domain The certificate was issued to www.somesite.com and indicates that somesite.com uses an invalid security certificate. I was hoping to be able to catc...
i.e. I just want them to be permanently accepted all the time. ...
My client gets a sec_error_unknown_issuer error message when visiting https://mediant.ipmail.nl with firefox. I can't reproduce the error myself. I installed ff on a vista and a xp machine and had no problems. FF on Ubuntu also works fine. Does anyone get the same error and does anyone have some clues for me so i can tell my isp to chan...
I have a web-server, that serves different domain-names, but has only one IP-address assigned. That works fine with virtual hosts in Apache. Now I want SSL-encrypted connections for the websites. How can I set different SSL-certificates for the different vhosts? Using different IP's for the different hostnames would be an solution - not...
I am trying to fix a bug with SSL in a product and noticed that although the code sets SSL to be true, in the next line in the code SSL is still at false. I wrote a unit test for this and the unit test confirms my suspicions. [TestMethod] public void SecureSocketLayerSetToTrue( ) { var ldapConnection = new LdapConnection( ...
I'm working on deploying a small community site. User registration requires nothing more than a username, email address, and password. I'm not even asking for a name, and certainly not storing any sensitive data. Should I still invest in an SSL certificate? Would it be considered terrible practice to transmit a user's password without o...
We need to set up a secure certificate on an Apache reverse proxy. We've been advised that we need to use a virtual host directive. I've looked these up in the O'Reilly book bit can't find any examples that pick up https specifically. Does anyone have any examples of config snippets to do this? ...
The renewal wizard doesn't seem to ask for a renewal period. ...
I need to set up SSL over Active Directory. I googled a lot but could not found a decent write up about how to do this. Please if you know some good resources about this let me know. Thanks! ...
I would like to have the authentication and registration parts of my website encrypted (for obvious reason). This site is currently and older site which some friends and I started in middle school and still use today. I may or may not register it to be a Non-Profit Organization in the near future, but either way, a CA costs money and t...
I have written a secure TCP server in .NET. This was basically as simple as creating a TcpListener instance and wrapping the connected client's NetworkStreams with SslStreams. Now I need to access this TCP server with Delphi 7 (alternatively: Delphi 2007). I haven't found anything in the help, and a Google search shows up lots of compl...
I need to define the system requirements hardware and software for building a E-Commerce Web application with SSL (more than 40 bits). I have no experience with SSL, so i have no idea how to configure or what apache version do i need. This are my thoughts: Operating System Linux Web Server: Apache DBMS: MySQL 5.0 or bigger Application ...
I've got two ASP.Net applications residing in two different folders on my server: /Foo <-- this is the standard unsecure application /Secure <-- this is a separate application that requires SSL by IIS The problem is that by default, the ASP.NET_SessionId cookie is specified on the domain and is shared between the two applications in ...
I originally used WebRequest and WebResponse to sent Http Post Messages. Always I got a response of "OK". The message I post is an XML signed with a certificate in the xml. The composition is this: CSharp service that is sending to a https website. HTTPS Website on another place that I cant say. HTTPS Local Website locally that is just...
I'm working on a webserver that I didn't totally set up and I'm trying to figure out which parts of a web page are being sent encrypted and which aren't. Firefox tells me that parts of the page are encrypted, but I want to know what, specifically, is encrypted. ...
What is the easiest free method of encrypting my web traffic? I'd like to be able to log in to sites on my web server without sending my password in plaintext. Edit: My web server is running on the LAMP stack , although it is a shared host so I don't have root. ...