Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [https]

HTTPS stands for HTTP Secure and is a combination of HTTP and SSL/TLS (Secure Sockets Layer/Transport Layer Security) and is used to provide an encrypted connection to a website.

HTTPS connections are often used for payment transactions and for sensitive transactions in corporate systems. They are increasingly being used for social networking sites like Facebook and Twitter to help prevent identity theft etc.

HTTPS on Wikipedia

2524 questions
46
votes
2 answers

Serve http (port 80) and https (port 443) on same VirtualHost

I need to setup my VirtualHost on Apache to serve on both http and https (using standard ports) If I enable the SSL Engine (as per below) - I get an error when on port 80. The reason is, parts of the site need to be SSL but other parts don't. How…
kron
  • 735
  • 2
  • 6
  • 8
42
votes
1 answer

Can not get rid of `net::ERR_CERT_COMMON_NAME_INVALID` error in chrome with self-signed certificates

There are numerous question on the web where people are having difficulty setting up self signed certificates for use on internal network. Just to link a few: Getting Chrome to accept self-signed localhost certificate Chrome accept self-signed…
Ashesh
  • 525
  • 1
  • 4
  • 7
41
votes
4 answers

How to use Jenkins with SSL / https

I have a Fedora server running Jenkins which I install via yum. Everything is okay, I can access it with http://ci.mydomain.com. But now, I want to access it with https://ci.mydomain.com so the login with username and password is encrypted. How can…
Tim
  • 600
  • 2
  • 8
  • 15
38
votes
6 answers

Do all servers need to use the HTTPS protocol or just public facing servers?

I have a front end web server running over HTTPS - this is public facing - i.e. port is open. I also have a backend API server that my webserver makes API requests to - this is public facing and requires authentication - port is open. These 2…
danday74
  • 851
  • 10
  • 10
36
votes
5 answers

Redirect https to another https

I've been Googling for this question, and ironically annoyingly I can't find a concrete answer. I've answered this question myself in the past, and now I can't remember my own explanation. Several times a year, someone will ask me to do this. I'd…
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
35
votes
2 answers

Can I build my own Extended Validation SSL certificate?

I can create by own CA and generate a self signed SSL certificate this way. But what does it take to make the browser show the certificate as being an "Extended Validation SSL certificate" ? Can I create one myself and teach my browser to show it as…
Niels Basjes
  • 2,196
  • 3
  • 19
  • 26
35
votes
6 answers

Restrict Apache to only allow access using SSL for some directories

I have an Apache 2.2 server with an SSL certificate hosting several services that should be only access using SSL. ie: https://myserver.com/topsecret/ should be allowed while http://myserver.com/topsecret/ should be either denied or, ideally,…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
35
votes
2 answers

Save Remote SSL Certificate via Linux Command Line

Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content. The gui…
Jim
32
votes
7 answers

Redirect non-www to www over SSL with Nginx

I'm having an error when trying to redirect https://example.com to https://www.example.com. When I go to https://example.com, it doesn't redirect and returns the page/200 status. I don't want this, I want it to redirect to…
Thomas V.
  • 2,071
  • 2
  • 17
  • 13
31
votes
6 answers

Why are CentOS mirrors HTTP and not HTTPS?

As far as I know, HTTP is prone to man-in-the-middle attacks. As such, the repositories in Alpine Linux or the CentOS Mirrors are not HTTPS. In the olden days, having HTTPS used to be an expensive matter. It cost server CPU time and the certificates…
SydMK
  • 421
  • 4
  • 7
30
votes
1 answer

HTTP over port 443 vs HTTPS over port 80

What is the difference between http://serverfault.com:443 and https://serverfault.com:80 Which one is more secure theoretically?
mohsinulhaq
  • 403
  • 1
  • 4
  • 6
30
votes
3 answers

What effect does https traffic have on web cache proxy servers?

I just took two university courses on computer security and internet programming. I was thinking about this the other day: Web cache proxy servers cache popular content from servers on the web. This is useful, for example, if your company has a 1…
ejsuncy
  • 403
  • 1
  • 5
  • 7
27
votes
4 answers

Redirect all http requests behind Amazon ELB to https without using if

Currently I have an ELB serving both http://www.example.org and https://www.example.org. I would like to set it up so any request pointing to http://www.example.org is redirect to https://www.example.org. The ELB sends the https requests as http…
Jordan Reiter
  • 1,290
  • 4
  • 20
  • 40
26
votes
3 answers

redirect wildcard subdomains to https (nginx)

I've got a wildcard ssl certification and I'm trying to redirect all non-ssl traffic to ssl. Currently I'm using the following for redirection the non-subdomainded url which is working fine. server { listen 80; server_name…
whatWhat
  • 529
  • 2
  • 5
  • 9
25
votes
1 answer

Why does my wildcard SSL certificate cause a domain mismatch error on a second level subdomain?

I have a server https://www.groups.example.com - in FireFox I get the "This Connection is Untrusted" message and the "technical details" say www.groups.example.com uses an invalid security certificate. The certificate is only valid for the…
pee2pee
  • 369
  • 1
  • 5
  • 12
1
2
3
99 100