Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
13
votes
3 answers

Should you encrypt data between 2 servers in the cloud?

If I have several AWS EC2 and azure instances running on separate regions. I am using rabbitmq to exchange messages between them. Should I worry about adding TLS and encrypting those connections? In other words if server A is on AWS us-east for…
Tono Nam
  • 322
  • 3
  • 17
12
votes
3 answers

Old ssl cert still showing up in browser after installing new

We have an IIS ARR server which load balances out to two different individual IIS servers. The servers in question are our internal Staging servers. Three months ago I created a free Let's Encrypt SSL Cert to use on these servers. As is the case…
Casey Crookston
  • 363
  • 1
  • 3
  • 15
12
votes
4 answers

Apache: Validate SSL chain of trust to prevent MITM-attacks?

I just realized that SSL man-in-the-middle attacks are far more common than I thought, especially in corporate environments. I've heard about and seen myself several enterprises which have a transparent SSL proxy server in place. All clients are…
Aileron79
  • 259
  • 1
  • 7
12
votes
1 answer

SSL Server name mismatch how to bypass ie11

We have an app and the really long story short is that things have to be setup this way in order for the rest of the app not fail. We have a domain https://server01/AppNet In IIS the 443 binding is setup to use a cert with: CN=server02 When I hit…
Anthony Fornito
  • 9,546
  • 1
  • 34
  • 124
12
votes
7 answers

Serving port 443 over http creates 400 Bad Request Error instead of redirect

So for posterity sake, I am trying to configure my server so that even when someone tries to go to go to http:// domain.com:443, they would be correctly redirected to the https version of the site (https:// domain.com). When testing something like…
Bitz
  • 223
  • 1
  • 2
  • 5
12
votes
1 answer

Is it possible to redirect an https connection before SSL is checked using haproxy?

I have two domains, myexample.com and my-example.com. I want all traffic for either domain to go to https://www.my-example.com, for which I have an SSL certificate. I do not have an SSL certificate for the domain myexample.com. I have…
Ben Holness
  • 944
  • 2
  • 10
  • 28
12
votes
1 answer

How can you gracefully restart Apache without disconnecting SSL connections?

We are trying to reload Apache gracefully using a command such as: apache2ctl -k graceful This works as expected for HTTP users and the Apache config is reloaded without affecting users of the website. However, we have found that users accessing…
jones
  • 306
  • 1
  • 7
12
votes
4 answers

How can an SSL certificate work for some clients only?

My hosting provider has recently re-issued and re-installed an SSL certificate for my domain, after they let the old one expire by mistake. I am now able to browse the website over HTTPS again, and so is my host, and so are a number of other…
Fabien Snauwaert
  • 251
  • 2
  • 3
  • 9
12
votes
3 answers

How to generate new, 2048-bit Diffie-Hellman parameters with Java keytool?

We are non-experts trying - unsuccessfully so far - to update our web server (JBoss-5.1.0.GA) settings to meet Diffie-Hellman standards. After running a test on https://weakdh.org/sysadmin.html, we are told that we need to "generate new, 2048-bit…
user2072931
  • 145
  • 1
  • 2
  • 6
12
votes
2 answers

Can you get an Extended Validation SSL certificate that applies to unlimited subdomains?

Can you get an Extended Validation SSL certificate that applies to unlimited subdomains? Does it make technical sense? I'm using Digicert and they said that it wasn't possible to offer such a product.
MikeN
  • 8,442
  • 5
  • 23
  • 18
12
votes
3 answers

Apache reverse proxy config with SSL for Jenkins and Sonar

I am running two services behind an Apache server: Jenkins (Port 8080) and SonarQube (Port 9000). My apache config looks like this: ServerName server Redirect permanent / https://server.domain.com/
friederbluemle
  • 223
  • 1
  • 2
  • 7
12
votes
4 answers

How do I keep the ssl key for our website confidential?

I want to keep our SSL key for our website confidential. It's stored on 2 USB sticks, one in a safe deposit box and one I keep secure. And then I'm the only one who applies it to the web server so that it is totally secure. Except... On IIS at…
David Thielen
  • 301
  • 2
  • 13
12
votes
1 answer

Command line tool for fetching and analyzing SSL certificate

Following the heartbleed vulnerability in openSSL, all the SSH certificate on our servers were re-issued and re-installed. Since it is likely that we've missed something on a server (for example, restarting Apache), we are checking the servers…
Adam Matan
  • 13,194
  • 19
  • 55
  • 75
12
votes
3 answers

SNI and wildcard SSL certificates on the same server with IIS

I'd like to host a website that should listen to subdomains (e.g. sub.domain.com) together with multiple websites that live just under a second-level domain (e.g. domain2.com, domain3.com) with IIS and with SSL. For the website with the subdomains I…
Piedone
  • 385
  • 1
  • 6
  • 18
12
votes
7 answers

Connection refused HTTPS on Apache

I'm currently trying out HTTPS on one of my sites, and I got a trial certificate from a trusted CA. I've gone through the following checklist: Copied all the cert files according to the CA's instructions Enabled mod_ssl on apache with a2enmod…
Deniz Zoeteman
  • 729
  • 2
  • 8
  • 18
1 2 3
99 100