Background: Customer X is a low-budget non-profit outfit that nonetheless has a lot of activity configured on virtual hosts, and the virtual hosts multiply very frequently. Customer X also has a lot of users and is interested in getting them over to a single sign on solution. This way, all the users can use the same credentials on all th...
Is there some sort of profiling tool available? View source and search/replace? ...
Here is the code to add a pfx to the Cert store. X509Store store = new X509Store( StoreName.My, StoreLocation.LocalMachine ); store.Open( OpenFlags.ReadWrite ); X509Certificate2 cert = new X509Certificate2( "test.pfx", "password" ); store.Add( cert ); store.Close(); However, I couldn't find a way to set permission for NetworkService t...
Hi, I have a WCF service that uses basicHttpbinding in development. Now in product we want to use SSL, what changes do I have to make to force SSL connections only? ...
For two way verification is it necessary to import certicate from both sides? ...
When attempting to commit file in the jsunit directory in my working-copy, I waited a really long time and got an error like: svn: OPTIONS request failed on '/svn_repo/OSB_Project/trunk/OSB/test/web/jsunit' svn: timed out waiting for server Why would the server hang at this point? Running SuSE 10.3 in a VirtualBox where I keep my Sub...
Hi All, I have been tasked with implementing TLS/SSL onto an in-house webserver framework. I was wondering if anyone could point me to some good example code that they know of? I am particularly interested in using GSS API (Microsoft's Security Support Provider Interface (SSPI)). Failing that, Crypto++, I can't use any other type of op...
I need to host a JRuby on Rails app on Mongrel. The problem is that I need to support mutual authentication. I know that I could just host it behind a Apache with mod_proxy use mod_ssl to pass the cred or part of the cred as a request header to rails. But I want the whole stack to be Java. Is there a Java application server that can do m...
I am working on Windows Server 2003 (IIS6), which has two asp.net sites running in seperate app pools. One of the sites has an ssl certificate installed and was running fine on https. The other site has no certificate and does not require https The problem I have is that when I publish my app from vs2005 to the site with ssl the https u...
So I have this website that will be accessed via an SSL connection ("https://mystupidwebsite/etc...") I am using themes in conjunction with a single css file. when the page is rendered though, the CSS link tag in the header still has the http://mystupidwebsite/etc... full path. How do I get it to regester the css file correctly, with t...
When sending the user to a checkout page, they are switched from http://mysite.com to https://mysite.com. As a result, $_SESSION variables are lost. The site has a valid SSL certificate which may or may not be of some use. ...
How can one tell if the SSL communication between a client and a server is SSLv2 or SSLv3? ...
I'm trying to make an SSL call using HTTPWebRequest and its continually failing saying it can't establish trust. I've added a callback to ServicePointManager.ServerCertificateValidationCallback and returning true always works. However, I'd like things to be a little more secure than that. Looking at the SslPolicyErrors in the validati...
Here's the scenario: We have users login on a secure connection. Could an unathorized user capture packets sent from the users machine to the server and then resend them? Would this allow them to login? This is a homegrown login system running on coldfusion. ...
Hi, My WCF seems to be pulling the computer-name instead of the domain name. When I view the MyService.svc?wsdl it is showing my computer name. Where do I add my domain name in the web.config? Endpoint address, baseaddress or identity? Note: I am using SSL so it has to be https://www.example.com/myservice.svc ...
How does SSL work? Where is the certificate installed on the client (or browser?) and the server (or web server?)? How does the trust/encryption/authentication process start when you enter the URL into the browser and get the page from the server? How does the HTTPS protocol recognize the certificate? Why can't HTTP work with certifi...
I have two ASP.NET sites that are used for managing patient information. One application allows entry/edit of the patient demographics and the other allows different types of assessments to be completed for each patient. The two sites each have a distinct look and feel and both use SSL. One of our analysts wants to have a "launch page...
I'm trying to figure out if there is any way to have a .NET client use a client certificate without involving the Windows keystore in any way. I have a code snippet like this: test1.Service s = new test1.Service(); X509Certificate c = X509Certificate.CreateFromCertFile(@"C:\test.pem"); s.ClientCertificates.Add(c); int result = s.TestMe...
I'm trying to create a self-signed wildcard SSL certificate for use on a number of development and test servers running IIS 6. Following various guides has led to a couple ways of generating the certificates, but I haven't had any luck getting it to work. The most successful ways I've had were following this OpenSSL guide and using mak...
I have Nginx listening to traffic on port 80 and proxying certain request to Apache over port 8080. I am going to set up Nginx to listen to port 443 for https traffic, but my question is how should the proxying be done now? Does the proxy to Apache need to be https or has Nginx already decoded it so I can keep sending it to Apache over p...