Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. ssl
    Log in to post

    • IIS subdomain redirect to HTTPS
      IT Discussion • ssl iis redirect subdomain • • DustinB3403  

      8
      0
      Votes
      8
      Posts
      104
      Views

      @DustinB3403 If it is not DNS, firewall is always a problem lol. Nice find.
    • P

      SSL/TLS client certificates questions
      IT Discussion • linux ssl tls proxy https certificate mtls • • Pete.S  

      9
      0
      Votes
      9
      Posts
      98
      Views

      P

      @flaxking said in SSL/TLS client certificates questions: Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted. From what I've seen so far, I've come to the same conclusion.
    • UNSOLVED NextCloud SSL Cert
      IT Discussion • nextcloud ssl lets encrypt nc hostmonster • • gjacobse  

      7
      0
      Votes
      7
      Posts
      82
      Views

      @scottalanmiller said in NextCloud SSL Cert: @JaredBusch hard to resist the call of the Natty Light. I ran out of Blue Moon.
    • How to use a Cloudflare origin certificate on an Azure App
      IT Discussion • azure ssl cloudflare origin certificate • • JaredBusch  

      1
      4
      Votes
      1
      Posts
      94
      Views

      No one has replied

    • Dovecot error:140760FC
      IT Discussion • email ssl tls pop3 dovecot starttls • • scottalanmiller  

      4
      0
      Votes
      4
      Posts
      97
      Views

      Date/Time issue?
    • Setup a Cloudflare Origin Certificate for use on a backend server
      IT Discussion • ssl cloudflare origin certificate • • JaredBusch  

      18
      2
      Votes
      18
      Posts
      223
      Views

      @FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server: @scottalanmiller said in Setup a Cloudflare Origin Certificate for use on a backend server: @FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server: noob question here: If you're hosting on Cloudflare, this should be used instead of LE? Not about "should", it's about which makes more sense for you in a given situation. "could" would probably have been a better word choice. Yup, you definitely can
    • No matter what the website is it needs to have SSL setup
      IT Discussion • ssl https • • DustinB3403  

      2
      -2
      Votes
      2
      Posts
      94
      Views

      Didn't we have one of these threads last year? tags - please?
    • Converting CRT and PEM files to RSA
      IT Discussion • ssl godaddy openssl rsa certs trend micro imsva • • scottalanmiller  

      7
      0
      Votes
      7
      Posts
      211
      Views

      Found this which didn't help, but could be a useful reference in the future... OpenSSL Convert PEM Convert PEM to DER openssl x509 -outform der -in certificate.pem -out certificate.der Convert PEM to P7B openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer Convert PEM to PFX openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt OpenSSL Convert DER Convert DER to PEM openssl x509 -inform der -in certificate.cer -out certificate.pem OpenSSL Convert P7B Convert P7B to PEM openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer Convert P7B to PFX openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer OpenSSL Convert PFX Convert PFX to PEM openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
    • Standard Email Ports and Protocols
      IT Discussion • email smtp ssl tls mta imap pop3 starttls imap4 mda imaps smtps • • scottalanmiller  

      1
      1
      Votes
      1
      Posts
      107
      Views

      No one has replied

    • NGINX Reverse Proxy Help - Error code: SSL_ERROR_RX_RECORD_TOO_LONG
      IT Discussion • nginx ssl reverse proxy kibana • • IRJ  

      4
      1
      Votes
      4
      Posts
      1211
      Views

      @black3dynamite said in NGINX Reverse Proxy Help - Error code: SSL_ERROR_RX_RECORD_TOO_LONG: In the server block, add ssl_protocols TLSv1.2; and reload nginx no joy. Incognito mode did not work either.
    • Fedora 29 Apache HTTPD Keeps Adding ssl.conf
      IT Discussion • linux fedora ssl apache fedora 29 httpd • • scottalanmiller  

      13
      0
      Votes
      13
      Posts
      453
      Views

      @dafyre said in Fedora 29 Apache HTTPD Keeps Adding ssl.conf: Have you tried creating a blank ssl.conf file and then chmod +i ssl.conf ? I've not, but that's such a hockie way of doing it, I was hoping not to.
    • Do you setup SSL for Intranet websites only
      IT Discussion • ssl internal websites • • DustinB3403  

      27
      0
      Votes
      27
      Posts
      729
      Views

      @dustinb3403 said in Do you setup SSL for Intranet websites only: Near-zero value in someone attacking is what I meant. Not a zero-value in what is provided by the systems. Also there is nothing confidential or needing "security" from a business perspective, which is why I ask is SSL worth it for these types of Intranet sites? You need SSL for everything period. Even if it's a self-signed cert it's fine... just allow the exception in the web browser and be done, or use an internal certificate if your browsers are set to trust the root... or a domain wildcard cert would work just fine. It's easy to do. You could set out a reverse proxy for use with Let's Encrypt, and use the reverse proxy for all of your internal-only web servers. On the reverse proxy, you can limit each site config to only pass internal IPs only. That's what I did for a few. For example, if you add this in: allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; deny all; It will not proxy anything unless it comes from an internal IP.
    • Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt
      IT Discussion • windows windows server ssl lets encrypt ssl certificates iis acme ssl wildcard • • scottalanmiller  

      19
      5
      Votes
      19
      Posts
      9066
      Views

      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt: @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE. Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy? One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO. Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process. It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one. Got it thanks. Looks like a bit of a learning curve then. It's not bad. I find learning the LE pieces easier than learning to do it the old fashioned way And with LE it is "learn once and ignore", rather than "learn once, forget, do again in a year or two all over again."
    • Ubiquiti Unifi Video SSL Certificate
      IT Discussion • ubnt ssl unifi video • • dbeato  

      1
      2
      Votes
      1
      Posts
      342
      Views

      No one has replied

    • XOCE and Let's Encrypt
      IT Discussion • ssl lets encrypt https certbot xen orchestra community • • DustinB3403  

      10
      0
      Votes
      10
      Posts
      1270
      Views

      And this person has a full guide https://xcp-ng.org/forum/topic/3775/xen-orchestra-from-source-with-let-s-encrypt-certificates
    • IIS Security setup
      IT Discussion • security powershell ssl iis • • AdamF  

      17
      0
      Votes
      17
      Posts
      1640
      Views

      @psx_defector said in IIS Security setup: Best practice isn't up to date. Set it to PCI 1.2, that disables TLS1.0, all the AES stuff, etc. etc. You can also disable them manually in the first screen. Great, thanks.
    • Generating CSR for RDS server using Subdomain
      IT Discussion • ssl rds tls certificate csr • • wirestyle22  

      3
      1
      Votes
      3
      Posts
      501
      Views

      I had some confusion because of the age of the old CSR. It doesn't line up with the correct dates. I'll edit my original post when I know more.
    • Resolved-Exchange 2010 - UCC SSL Cert Renewal WTF
      IT Discussion • ssl ssl certificates exchange 2010 ucc req • • wrx7m  

      12
      1
      Votes
      12
      Posts
      1633
      Views

      T

      I had the same problem: Microsoft includes a command-line utility with Certificate Services called certutil. This utility performs various operations on certificate files, including converting them to and from base64 format. Note that this command is run on your certificate server, which, in your environment, may be different from your Exchange server. If so, you need to copy the binary .req file to the certificate server, or make it accessible via a shared network folder or removable storage device. Open a command prompt on the certificate server and navigate to the folder where your binary .req file is, then type the following command: certutil -encode yourbinaryinputfile yourasciioutputfile Example: certutil -encode der.exchange.example.com.req pem.exchange.example.com.req You can then open the output file in Notepad and confirm that it is in the correct format to upload to your certifying authority.
    • GoDaddy SSL and Exchange 2013, can't find CRL
      IT Discussion • ssl exchange 2013 godaddy • • travisdh1  

      17
      1
      Votes
      17
      Posts
      2410
      Views

      @travisdh1 Sometimes you never know!
    • How to install GitLab on Fedora 26 with AD CS SSL
      IT Discussion • fedora ssl fedora 26 https gitlab openssl key pfx pem • • Obsolesce  

      2
      3
      Votes
      2
      Posts
      1496
      Views

      @tim_g Do you know what tools and scripts that is available when installing hyperv-tools?
    • How to setup Nginx TLS certificate based Authentication (VPN alternative)
      IT Discussion • nginx ssl tls authentication certificate cert • • Emad R  

      21
      3
      Votes
      21
      Posts
      3985
      Views

      @aaronstuder said in How to setup Nginx TLS certificate based Authentication (VPN alternative): @emad-r 3650 One of the main reasons that normal certs cannot be bought with forever expiration is because then people would be less apt to update them as ciphers are broken. Look at how many people still use(d) SSLv1 SHA1, etc., long after they were proven broken.
    • What Exactly Is a VPN, Is HTTPS a VPN SAMIT Video
      IT Discussion • security youtube networking scott alan miller vpn samit encryption ssl https tunneling • • scottalanmiller  

      28
      4
      Votes
      28
      Posts
      2856
      Views

      @zubairkhanzhk you're welcome!
    • SOLVED Certbot Apache plugin broken in Fedora 26
      IT Discussion • linux ssl apache lets encrypt fedora 26 ssl certificates tls certbot fredora • • brianlittlejohn  

      20
      2
      Votes
      20
      Posts
      3790
      Views

      @zachary715 said in Certbot Apache plugin broken in Fedora 26: @scottalanmiller said in Certbot Apache plugin broken in Fedora 26: I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice. Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread. It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately. Edit: Or too slow..
    • OpenSSL CSR with Subject Alternative Name
      IT Discussion • san ssl tls how-to certificates openssl pki csr subject alternative name • • EddieJennings  

      5
      1
      Votes
      5
      Posts
      1828
      Views

      @JaredBusch said in OpenSSL CSR with Subject Alternative Name: @EddieJennings said in OpenSSL CSR with Subject Alternative Name: @JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR. Ah, did not read the link. Yes, using a config file is the only method to get any SAN on a cert with OpenSSL. And after re-reading my post, I realized how terrible it was :(. I was hoping to find a one liner kind of thing, but alas. That particular article made it clear how to do it.
    • Updating FOP2 to work with HTTPS correctly
      IT Discussion • freepbx ssl freepbx 13 freepbx setup fop2 • • JaredBusch  

      2
      3
      Votes
      2
      Posts
      1434
      Views

      For anyone not familiar, here is a screenshot of my free version. here is a paid version at a client with ~40 extensions. (intentionally not all are shown such as the Snom PA-1 paging adapter, because I know someone will count....)
    • IIS and LetsEncrypt
      IT Discussion • ssl lets encrypt ssl certificates iis • • Obsolesce  

      3
      1
      Votes
      3
      Posts
      1352
      Views

      @NashBrydges Oh this is awesome! Gonna be giving that a go on Monday or Tuesday.
    • DNS record will help prevent unauthorized SSL certificates
      IT Discussion • dns ssl • • Ambarishrh  

      4
      5
      Votes
      4
      Posts
      983
      Views

      @StrongBad said in DNS record will help prevent unauthorized SSL certificates: Not a bad idea, I guess. There is some security concern there. I would wonder how often this is really an issue. Is this common? Or just proactive? I'm thinking a bit of both.
    • Deploying an NGinx Reverse Proxy with SSL on a LAMP Server with SaltStack
      IT Discussion • nginx saltstack ssl devops salt lets encrypt reverse proxy web server tls proxy https lamp https2 • • scottalanmiller  

      42
      2
      Votes
      42
      Posts
      4327
      Views

      This way you can share the config(s) under conf.d between multiple machines using the same roles (or whatever Salt calls them) and have different main NGINX server settings.
    • Updates to SSL Labs testing methods in 2017.
      News • security server ssl update 2017 • • travisdh1  

      1
      1
      Votes
      1
      Posts
      642
      Views

      No one has replied

    • Let's Encrypt stats
      IT Discussion • encryption ssl lets encrypt tld ninja • • JaredBusch  

      7
      3
      Votes
      7
      Posts
      1754
      Views

      @scottalanmiller said in Let's Encrypt stats: @Jason said in Let's Encrypt stats: I'm guessing a lot of kids/teens and college age are using let's encrpyt hence the .ninja I'm confused, aren't all those domains only used by ninjas? Go Ninja, Go Ninja, Go!