Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [https]

HTTPS stands for HTTP Secure and is a combination of HTTP and SSL/TLS (Secure Sockets Layer/Transport Layer Security) and is used to provide an encrypted connection to a website.

HTTPS connections are often used for payment transactions and for sensitive transactions in corporate systems. They are increasingly being used for social networking sites like Facebook and Twitter to help prevent identity theft etc.

HTTPS on Wikipedia

2524 questions
10
votes
5 answers

IIS gives wrong certificate for an HTTPS request

I am stuck in a situation which I cannot figure out. Here is my issue. I got an SSL certificate from a trusted authority and installed it in my server. Then, I configured my website to use that certificate in port 443 with an IP address which is…
tugberk
  • 937
  • 4
  • 13
  • 30
10
votes
2 answers

Redirecting SSL without raising an alert

A client has an SSL certificate only for the www.site.com version of the domain, not site.com. Redirecting for regular HTTP was not a problem via mod_rewrite. However, this method seemed to fail for us for HTTPS. We want to redirect https://site.com…
djdy
  • 583
  • 2
  • 4
  • 15
10
votes
4 answers

haproxy + stunnel + keep-alive?

I'd like to put stunnel in front of haproxy 1.4 to handle HTTPS traffic. I also need stunnel to add the X-Forwarded-For header. This can be achieved by the "stunnel-4.xx-xforwarded-for.diff" patches from the haproxy website. However, the…
Chris Lercher
  • 4,152
  • 9
  • 35
  • 41
10
votes
6 answers

What are the attack vectors for passwords sent over http?

I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the…
KevinM
  • 203
  • 1
  • 5
9
votes
1 answer

Nginx returns 400 on https requests

I've set up nginx with letsencrypt to work with https. My /etc/nginx/conf.d/app.conf is the following (no other server directives are configured): server { location /.well-known/acme-challenge/ { autoindex on; …
Nikrom
  • 193
  • 1
  • 1
  • 5
9
votes
3 answers

Apache DirectorySlash redirects HTTPS requests back to HTTP

User Request: https://www.example.com/test HTTPS requests --> AWS ELB HTTPS Listener --> Apache HTTP Apache getting http://www.example.com/test Apache redirect it to http://www.example.com/test/ due to DirectorySlash is On by default. User ends up…
starchx
  • 533
  • 10
  • 24
9
votes
1 answer

bind apache ssl port with different port with same openssl port 443

I have a server (linux base) in which i installed dotcms and it runs on port 80 and openssl is on port 443. both are started in running process. Recently i installed apache on my server. and when i started apache it stuck because default ssl port on…
Waqas Ghouri
  • 193
  • 1
  • 1
  • 6
9
votes
2 answers

IIS 7.0: unwanted automatic redirect to HTTPS

Situation: WinServer 2008 R2 with IIS 7.0 Default Web Site with the following bindings: HTTP on port 80 for www..com and HTTP on port for .com, as well as HTTPS on port 443 No redirects (only a wordpress URL rewirte to get rid of…
Philip Allgaier
  • 268
  • 1
  • 5
  • 18
9
votes
1 answer

Can I turn on HSTS for 1 subdomain

I would like to enforce HSTS for only 1 subdomain, but not the whole domain, is this possible ? xxx.yyy.com -> HSTS on zzz.yyy.com -> HSTS off yyy.com -> HSTS off
grosser
  • 277
  • 4
  • 8
9
votes
2 answers

Apache: insecure request sent to secure port...want to redirect

Preface Firstly: A simply Port 80 -> Port 443 Rewrite WILL NOT fix this. In almost every previous question, mail thread, forum thread, etc., I have found this was the first ignorant response and was parroted several times. Secondly: Yes I know you…
peelman
  • 801
  • 1
  • 5
  • 11
9
votes
2 answers

Bug setting up stunnel server: `SSL3_GET_CLIENT_HELLO:wrong version number`

I'm setting up an stunnel server on Windows XP, and I get this bug when a client tries to access: 2013.02.14 00:02:16 LOG7[8848:7664]: Service [https] accepted (FD=320) from 107.20.36.147:56160 2013.02.14 00:02:16 LOG7[8848:7664]: Creating a new…
Ram Rachum
  • 5,231
  • 7
  • 34
  • 46
9
votes
2 answers

Is there a security reason not to use a wildcard cert other than manageability and exploitation if used on multiple servers?

I have a security advisor that is telling me that we can't use wildcard SSL certs for security reasons. To be clear I much prefer using single certs or multi-domain certs (SAN). However we have a need for the server (plesk) to server 100s of…
Gray Race
  • 853
  • 3
  • 11
  • 22
9
votes
2 answers

Https for embedded devices, local addresses

I am trying to add https to the embedded devices I am working on. These devices are generally assigned local ip addresses and so cannot get their own ssl certificates. So essentially my question is how does one get a certificate for a device without…
Shiftee
  • 193
  • 1
  • 5
9
votes
4 answers

HTTPS is over 50 times slower then HTTP

I have a website that uses https to transmit a javascript file to the client. The website is getsimpleapps.com. It turns out that this file is loading 52 times slower with https (20.08s - 29.08s) that with http (380ms). The homepage of the site…
ThomasReggi
  • 621
  • 2
  • 10
  • 25
9
votes
3 answers

Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing?

Is there anywhere that I can get a valid , signed, SSL cert to the "localhost" domain for testing? Does anyone anywhere offer a download of something like this that I can use in testing? I know how to use openssl to sign a key with a CA, but…
djangofan
  • 4,182
  • 10
  • 46
  • 59
1 2 3
99 100