ssl

WCF Transport Security with SSL and Thread information

Hello all, I have a question about the above topic. I have a WCF service and use the Transport security model for it. But there is some mechanism related to the Thread state that I can't understand. In constructor of my service I tried to set the Thread.CurrentPrincipal but at the begin of a called method of my service the Thread.Curren...

How to test SSL switching using VS2010 on Win7

I developed a large web application with VS2008 installed on an old Win2k3 server. I now have Visual Studio 2010 installed on Win7 Pro and work on the application fine. Parts of my web application need to switch into and out of SSL which they did on the Win2k3 server using the IIS tool that creates a private SSL cert. However I now need...

Client side ssl in J2me?

How can we implement client side SSL in J2ME? Any available resource or source code?? I want to validate the particular service is accessed by a particular phone. ...

Difference between self-signed CA and self-signed certificate

I'm not clear on the difference between a CA key and a certificate. Isn't a CA key simply a certificate? Let me try and clarify with an example. I have a client and a server. I'm only trying to validate my connection to my server and not trying to establish trust to others so I don't care about signing with a real CA. Option 1: Gene...

Hijacking Facebook with FireSheep; What is the best solution, and how does it work?

Regarding this security issue: http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/ Is it true to say "any time a user logs into a site, and isn't redirected to SSL/TLS/HTTPS connection, that the session cookies are vulnerable"? What is the best solution to protect a Fac...

How to use a Client Certificate with ftp_ssl_connect

I'm looking for the best method to work with an FTP server over an SSL connection. (Generally, pushing a file up as well as getting a list of files on the server). One requirement for this project is that I must use a client side X.509 certificate as part of the authentication process. Can I use a client certificate using the php functi...

Silverlight cross-scheme access to jpegs denied

Hello. I've got a Silverlight4 app that I'm running on https, deployed to Azure. Everything's working except for one small glitch. I've got content in the form of jpg thumbnails and associated zip files with a .gld extension. My app is supposed to display the thumbnails, and allow the users to download the associated .gld/zip files. ...

Redirect to non-https pages

Hi, I have come accross many solutions similar to what I need but I have tried changing them and have had no luck, it seems to be ignoring them sometimes and not other times. Essentially I have a site which I need to have https on only on certain pages or all php pages if that is easier but not for friendly urls e.g. /womens/skirts/ S...

Problem with Mule cxf:outbound-endpoint (client) and HTTPS/SSL.

Dear readers I have a small problem configuring the CXF transport in Mule 2.2 to call a WS-method on service exposed, using HTTPS/SSL. Calling the same method using plain HTTP works fine. I’ve searched a lot on this issue and found among others the following link: http://www.mulesoft.org/documentation/display/MULE2CB/Using+HTTPS+with+C...

Apache ssl-enabled vhost returns random 400 bad request

I've setup two local vhosts (http and self-signed https) for billing.example.com and trying them in firefox with firebug. Http vhost only purpose is redirecting all requests to https. Almost each time I request page from https, one or two files with associated resources (images, js, css, etc...) and sometimes php page itself return 400 ...

No padlock on secure site ONLY MAC Safari

Hi, for some reason I'm not getting the padlock/green bar/whatever on my site, but ONLY using Safari for Mac. Firefox (win/mac), Chrome (win/mac), Safari (win), Opera (win/mac), IE (6/7/8) all work as they should. Is this a bug? Something I should worry about (credit cards, etc will be sent over this server)? ...

Accessing SSL Private Key From a Servlet

I'm running Apache Tomcat locally and have installed a self signed certificate using OpenSSL. I also have a servlet running. What I want to do is the following: The servlet takes in POST parameters and will echo back the parameters signed using the PrivateKey of the server. That is, treat the input parameter as an integer and raise it ...

Can't connect to SSL web service with WS-Security using PHP SOAP extension - certificate, complex WSDL

Using the PHP5 SOAP extension I have been unable to connect to a web service having an https endpoint, with client certificate and using WS-Security, although I can connect using soapUI with the exact same wsdl and client certificate, and obtain the normal response to the request. There is no HTTP authentication and no proxy is involved....

Help with writing a portable SSL server in Java.

Ok, before you yell at me for saying Java is already portable, read the question. I need to write a server and client using the Java.net.ssl package.The server and client need to be executable .jar files that are compatible with J2SE 1.3+. If anyone about a resource that can help, please post a link. I would prefer not to use the default...

Chrome showing SSL crossed out on my SSL page?

Go to https://liquor.com/cask-bulleit/, then click BUY to get into the SSL enabled pages in Chrome. Why is it that ONLY in Chrome I see the https crossed out (http://screencast.com/t/xcamgjats1kJ) when I am on the SSL required pages? Seems weird that I don't get any errors in Firefox or Safari, yet in Chrome I do. The SSL is valid and w...

is it possible to create an ssl certificate out of a pgp public/private key ?

i have a pgp public/private (RSA) key pair that my friends trust. i have a webserver running and i'd like to generate an ssl certificate whose public key matches my pgp public key. does that make any sense ? is that possible ? is that safe ? ...

jboss 5.1 does not work after redirect from HTTP to HTTPS connection

the jboss server does not work if redirect to HTTPS url(port 8443), and here is WAR package web.xml configuration: <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>Security for all users</description> <url-pattern>/all/*</url-pattern> <http-method>GET</http-m...

SSL securing site on Google App Engine

How can I make sure that users cannot access http address on google appengine at all? Now usesrs can use https or http to access site, but is there any way to force users using http protocol to https url? ...

Using client/server certificates for two way authentication SSL socket on Android

I'm working on an Android app that requires both client and server certificate authentication. I have an SSLClient class that I created that works beautifully on regular desktop Java SE 6. I've moved it into my Android project and I'm getting the following error: "KeyStore JKS implementation not found". I've looked online a bit and it l...

PHP Application - Quick connection to HTTPS server

Hello there, The problem is, what I want to develop an application (probably PHP?), capable of making quick connection to a SSL secured server and send/get data from it. My aim is to make it send the query and read the result as quick as possible. I am trying various solutions and benchmarking them all. I have tried fsockopen() and CURL,...