SSL Forums / SSL Certificates / Community Support

Help : Install SSL for DX 3280 JUniper

phonghp — Sat, 06 Mar 2010 03:16:00 GMT

- Pls help me Install SSL For DX 3280 Juniper Web Proxy
- Help : Install SSL for IBM HTTP multiple domain

Thanks and regard

How to use image Host Sites??

links143 — Thu, 04 Mar 2010 22:58:08 GMT

How to use image Host Sites?

1: Capture the "active" window. (Link to definition/description of "active" window.)

2: Switch between all windows on the page.

3: Choose a capture window of any sized square or rectangle by left clicking once, drag the window to size, left click again.

4: Capture a freehand region by drag and multi-click.

5: Capture Full Screen.

6: Capture a "scrolling" window.

Thanks.

Self Certification Remortgage In UK
road traffic claim

HostMonster adds 'Zone Editor' to cPanel

links143 — Thu, 04 Mar 2010 22:56:08 GMT

Hello,

I just came across a great new feature that was added to our cPanels recently. Take a look at the Domains section and you will find the Simple and Advanced DNS Zone Editors.

Looks like we no longer have to contact Support in order to create our own A or CNAME records! We can now do it ourselves!

Hooray for HostMonster and those responsible for getting this feature to us!

Self Certification Remortgage In UK
road traffic claim

Perfect server debian lenny spam und ssl problem

links143 — Thu, 04 Mar 2010 22:53:07 GMT

i just installed a server as described in the tutorial. the only problem i have, is that no incoming spam is marked as ***SPAM***

i little confused about that.
server settings are checked, any advise? what filed to check?

second thing i experienced:
if you set up 2 domains xyz.domain.tld and xyz2.domain.tld and activate ssl,
apache doesn´t restart because both hosts overlap an port 443.
someone with a solution for that?

thanks

Self Certification Remortgage In UK
road traffic claim

opening 360share pro

mr coder moore — Fri, 29 Dec 2006 11:28:31 GMT

hi i cant open 360share pro

what shaw i do?

What is the diff.between .pem and .cer file?

balamv — Wed, 17 Feb 2010 20:37:51 GMT

Hi SSL Gurus,

Am going through the key terms in SSL technology. I have few ideas about key store and certificate [csr]. I dont able to understand .pem file and how we will generate this and also what is the relation between .cer and pem file. Is .pem is really required?

Please help me to understand the things better.

Thanks,
Bala

Help needed - SSL

arulsubbiah — Mon, 15 Feb 2010 20:20:29 GMT

Hi,
I am using self-signed certificate for testing purpose in my local machine in windows.I can able to create server.key and server.crt.But when i uncommenting the line "Include conf/extra/httpd-ssl.conf", server doesn't restarting.What did i wrongly?Please help me as soon as possible.Thanks in advance.

using SSL in tomcat

syskarthik — Tue, 16 Feb 2010 03:14:13 GMT

I need to use the existing Private Key & Certifiate generated for a wildcard sub-domain like *.maindomain.com in Tomcat. May I know the steps to import the key & certificate to the keystore so that tomcat can use it for secure mode operation.

Thanks,
Karthik

Get details from SSL Key Pair and Cert

bugman — Mon, 15 Feb 2010 16:28:44 GMT

I have a long (3053 char) string labeled SslKeyPairAndCert. Is there anyway to convert this to something readable? Someone did it in the past for our company, but they have since left and left no documentation.

Thanks.

Subject Alternative Name (SAN)

rono16 — Wed, 10 Feb 2010 15:08:25 GMT

I am using OpenSSL to create a self sign certificate and have a need to add approximately 4000, yes 4000, DNS entries (don't ask why) using Subject Alternative Name. I have succeeded in creating a certificate with 500 DNS entries and it works just fine with no noticeable latency accessing the web sites listed via the SAN in the certificate. However, I run into a problem when I create a certificate with more than 500 SAN entries. OpenSSL creates the certificate and there are no indications of any problems. After installing the new certificate, however, I can no longer access any of the sites where the certificate is installed.

I've read RFC3280 and there is no mention of a maximum for SAN entries. Has anyone had any experience with this or do you have any ideas? Thanks for any help.

to implement SSL on login page

nara_456 — Wed, 18 Nov 2009 04:23:57 GMT

Hi All

Can anbody explain? How to implement https on login page ?

For Example

When we open yahoo home page it will open in http ,
when we click on signin page it will goes to https,
after verifying the credintials it will goes to http.

Thanks in Advance

nara

SSL certificate installation in Windows server 2003 with IIS6

f_vincent — Mon, 01 Feb 2010 04:52:00 GMT

SSL certificate installation in Windows server 2003 with IIS6 for the domain name intcsl.org (Joomla 1.5 CMS site)

hello, I have installed a Go Daddy certificate for the domain name intcsl.org in a Windows server 2003 with IIS6. I have followed the detailed instructions provided by Go Daddy.
When I try, enabling SSL security in pages of my Joomla CMS( version 1.5) all I get are blank pages. The URL changes to https but it appears that there is no SSL coverage on the server. I'm not sure if it's correctly installed. how can I test my certificate?
What can be the issues associated with the SSL certificate installation on such server and for Joomla websites?
help would be greatly appreciated.
Thanks in advance.
All the best

Data transfer between sites

TheSaintVII — Fri, 29 Jan 2010 08:28:38 GMT

Hi,

If you send data between two seperate sites (by post or querystring), is this data transfer secure if both sites have SSL and operate under https?

Thanks

Only login page should be accessed through SSL

gsc3355 — Tue, 19 Jan 2010 04:43:05 GMT

Hi All

I am using Apache2 on Redhat Enterprise Linux 4 Operating System .
I configured SSL on apache2.
I need to configure my website login page through SSL.

( it means when we click on sign in button http should be
changed into https and after successful login it should be changed into http. )

Only login page should be accessed through SSL.

Thanks in Advance

Satish.

VeriSign SecureSite with EV SSL certificate at just $699/yr

steven_s — Tue, 19 Jan 2010 15:07:50 GMT

Hello All,

Now get a green bar for your website. Purchase VeriSign Secure Site with EV certificate at just $699/yr. VeriSign is most trusted SSL Certificate among online buyers. According to a survey conduct by VeriSign EV(Extended Validation) Certificates can boost sales upto 5%. Thats a great offer.

Visit www.thesslstore.com OR www.rapidsslonline.com today to take advantage of this great offer and boost your online sales.

Thanks,

SSL error in internet explorder

jason102178 — Sun, 17 Jan 2010 19:49:45 GMT

Hi i was wondering if anyone could help me with this error

i didnt know if the problem was just me or if internet explorer did this in every site im fairly new to ssl and i am hosting my account with godaddy and they installed the certificate for me so then it was up to me to get it working with the proper coding

when i go to the webpage it will pop up with this little window and it will say

Do you want to view only the webpage content that was delivered securley?

this webpage contains content that will not be delivered using a secure HTTPS connection
which could compromise the entire webpage

but i never get this error in firefox so i dont know why i would be getting this error in Internet exporer

also i have many different parts to my website from support ticket system ...blog..classifieds which all them

are running from php and when i go to any of them i do not get the warning

the code i was told to use in order to get ssl to work at all is

<SCRIPT LANGUAGE="JavaScript">
if (location.protocol != 'https:'){
window.location= 'https://' + location.host + location.pathname + location.search
}
</SCRIPT>

to view an image of the exact error https://jaysonberger.com/security thats just an image file not an acual webpage

so if anyone can help id really appreciate it.

One site, multiple Servers

doyle78 — Thu, 07 Jan 2010 02:05:16 GMT

Hi,

i need a bit of help on the following subject:

When i run a site (www.example.com) which redirects to another server when the User
clicks a specific link (www2.example.com). What kind of SSL certificate/s do i need to stay
in SSL an not having the browser display any errors ?

A wildcard Cert .. or a Cert for every server?
Is it OK to secure "www.example.com" with a Cert which has "example.com" as the name
property?

Any help will be appreciated

Join our Reseller Program - SSL Certificate

steven_s — Fri, 08 Jan 2010 10:19:13 GMT

Enhance your business by offering SSL products from us. Unlike other SSL Providers, we only provide SSL and do not compete with you by offering your your customers our own hosting related solutions.

Program benefits
* Leading SSL Brands - VeriSign, Thawte, GeoTrust, RapidSSL
* Broad Product Range - Standard, SGC, SAN, Wildcard SSL, EV SSL
* Competitive Pricing and Immediate Product Delivery
* Bulk Purchase or Custom Contracts
* Branded SSL Enrollment Process for your customers
* Powerful Account Management Control Panel
* API Interface for your store
* Payment Options: Credit Cards or PayPal
* 24/7 Premier Support via Email & Live Chat

To See Reseller plans visit https://www.thesslstore.com/compare-reseller-plans.aspx

Steve
www.thesslstore.com
www.rapidsslonline.com

Has anyone heard of a Company called Securacert?

Villa1982 — Thu, 07 Jan 2010 00:56:13 GMT

I had a call from someone called Robert at Securacert regarding my SSL Certificate.

He seem very pleasant and went through my options that I had when it came time to renew my SSL Certificate.

He took me to the Website (www.securacert.co.uk) to show the prices which seem to cheap and Robert also gave me a discount code to get extra money off.

Has anyone had dealing with them in the past?

Everything seems to check out and Robert gave me his Direct Number and told me I could come back to him at anytime, which I thought was good instead of speaking to different each time you call other companies and having to go through the same conversation a number of times.

What do people think and has anyone had dealings with them in the past and what was the outcome

Kind Regards

Sam Davies

Need some help here to clarify this.

SSL.com&I — Sun, 23 Jul 2006 20:08:39 GMT

I’ve been accessing a vender site that shows no lock icon, but https present in address does this imply that it’s secure but there is no certificate available? Is my thinking correct here? Or am I completely off the mark?

VeriSign SSL - why so expensive?

grappo — Sun, 06 Dec 2009 12:24:49 GMT

I have a general question, which i cant seem to find the answer to anywhere, why are VeriSign SSL certs more expensive than others like thawte and geotrust? Surely an ssl cert still gives the same amount of protection regardless of cost??

SSL_do_handshake

rajaharsha — Thu, 12 Mar 2009 02:07:55 GMT

When ever I am trying for the rehandshake initiated by either server or client...

SSL_do_handshake is throwing error as SSL_ERROR_WANT_READ

I am operating sockets with Non Blocking Mode

please can any body tell What would be the reason ???? and the fix

POOZ.com credit card payments security

wummeni_ww — Mon, 19 Jan 2009 04:19:40 GMT

hi, i will buy some dsquared clothing from a website www.pooz.com i see that they are using ssl certificate of a company called comodo but i only used the geotrust before as i know geotrust is a good company but i just wanted to check is comodo is a trusted company like geotrust? please see their payment page and let me know what do you think ?

http://www.pooz.com/index.php?page=info&action=aboutus

thanks
G.Luca

Unable to override the default ciphers (shared ciphers)

basireddy — Fri, 20 Nov 2009 01:16:27 GMT

Hi,

The ssl has default ciphers loaded and I'm trying the set only the required ciphers through

SSL_CTX_set_cipher_list(ssl_ctx, "DES-CBC3-SHA:AES256-SHA:RC4-SHA:AES128-SHA")

SSL_CTX_set_cipher_list(ssl_ctx,"ALL:!MD5")

as such I'm not facing any issue with the above API, it returns success. But I'm not able to see the effect of the API when tried to display the shared ciphers list through the following API I see the same share Ciphers loaded.

SSL_get_shared_ciphers(ssl, buffer, sizeof(buffer))

NOTE: I've used dedicated server and client SSL_METHOD() API's

Is there anything I've to consider for getting the things done?

Securing a simple site with SSL

hheymann — Fri, 18 Sep 2009 12:33:40 GMT

Hey everybody! Im very new to SSL and most of the time I dont know what Im talking about, so dont crucify me if I ask dumb questions.

Okay, so this is my situation. I am running a basic site on my own pc using apache server2.2. I works fine if I go to the site via http://localhost/

The thing I need to do is run this so it'll work when I run https://localhost. Okay, so I read tutorials where they say I need to create SSL certificates in order to do this. So firstly I created a unsigned certificate. Is this sufficient when I only want to run a https site( on a small network for now?). After I have created the Certificate, linked that certificate and key like this

SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"
&
SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"

in the httpd-ssl.conf file. And linked the httpd-ssl.conf file like this

Include conf/extra/httpd-ssl.conf

in the httpd.conf file. Restart the server! It now accepts the https://localhost/ link and asks if I want to add an exception (etc). If I do, it just gives me an error page with the following:

SSL peer was unable to negotiate an acceptable set of security parameters.

(Error code: ssl_error_handshake_failure_alert)

I dont know what needs to be changed so that I am able to run a site via https??

Can anyone help me??

SSL for each domain?

Nighteyez07 — Mon, 06 Jul 2009 15:10:42 GMT

Hi everyone, first time poster here and honestly I'm pretty green when it comes to information regarding SSL Certificates. I've spent a few days doing some research online but I haven't found the answer that I'm looking for and this looked to be a good resource, so here goes:

The company that I'm currently working for has what seems to me a very odd setup for handling SSL. Here is their setup (not listing actual sites).
We have 5 different websites handling payment via a form.
Website 1: www.oneshoe.com
Website 2: www.twotoes.com
Website 3: www.greenthree.com
Website 4: www.fourtours.com
Website 5: www.anklefive.com

Now there is a 6th website called www.secureonline.com. The purpose of this website is to host the secure form for each of the 5 other websites. So the URLs would look like.
https://www.secureonline.com/oneshoe
https://www.secureonline.com/twotoes
https://www.secureonline.com/greenthree
https://www.secureonline.com/fourtours
https://www.secureonline.com/anklefive

The secureonline.com website has one SSL Certificate that is currently being used for all of the payment forms.

Here's my question. Is this legal? Is this allowed? Shouldn't each domain have its own SSL Certificate? If this is allowed or not legal, what are the benefits (outside of paying for only one SSL) and disadvantages of this system?

Thanks

Regarding : Implementation SSL on login page

nara_456 — Fri, 30 Oct 2009 09:01:18 GMT

Hi All

I am using Apache2 on Ubuntu Operating System .
I configured SSL on apache2.
I need to configure my website login page through SSL.

( it means when we click on sign in button http should be
changed into https and after successful login it should be changed into http. )

Only login page should be accessed through SSL.

Thanks in Advance

nara

Some pages Secure, Others Not?

hjames — Mon, 19 Oct 2009 08:10:06 GMT

Thank you, I am running a Joomla website and have recently purchased an SSL Certificate and enabled it on my site. Oddly enough some pages are SSL Secure and others are not. Can someone explain to me how SSL works and what I need to check for in those pages which are not showing as secure so I can make them secure?

Thanks,
James

No lock Icon

Greencat — Tue, 16 Dec 2008 07:32:42 GMT

Hello
The lock icon no longer shows up. If I visit a site with HTTPS the lock does not show. I think it stopped in the last month. I check differnet sites and still no lock. What could be missing and how would I track down the problem? I am running XP service pack 3 and Interent explorer 7. Thanks

Securacert - Great service and offer every SSL Possible at EXCELLENT PRICES

masterchef20002001 — Thu, 19 Nov 2009 12:06:20 GMT

Just brought my first every SSL Certificate from Securacert. Securacert helped me choose which SSL Certificate was best for me and didn’t try to sell me the most expensive option as I didn’t need it which is rare these days with people try to get the most out of you.

I would recommend Securacert to anyone they gave 5 star service.

GeoTrust® True BusinessID® with Extended Validation (EV) at $174/yr only

steven_s — Thu, 05 Nov 2009 14:17:47 GMT

Hello,

Now green bar is at only $174, boost your sales upto 5% with green bar EV certificates. Visit thesslstore.com to take advantage of this limited time offer.

Thanks,
Steven
TheSSLStore
RapidSSLonline

SSL Installation: My hosting support is...weird

sirblackjack — Mon, 07 Sep 2009 03:40:38 GMT

I'm on a hosting with a shared IP (Apache server with OpenSSL). I don't know if I'm wrong or my hosting support is

I purchased a SSL cert, installed it on Cpanel, however the "setup a SSL certificate to work with your site" was not available, so I had to contact my hosting. I figured out that I also needed a dedicated IP for the cert, so I contacted them asking for a dedicated IP and if they could install the cert. And they told me:

1) That my cert was only for "dedicated servers". However, a dedicated IP was not necessary, and according to them most SSL certs doesn't require a dedicated IP (??). They say that basing on my key, the problem is that my cert is only for "dedicated servers" <---what!??

2) I told them that there is no such thing as a SSL for "dedicated servers only" (as far as I know), but they do require a dedicated IP. They told me to ask my SSL provider about the installation instructions. After providing them with the instructions, finally somehow they installed the cert but:

Let's say my domain is http://nicedomain.com

After the SSL installation

https://nicedomain.com <--won't work (and is what I want)
https://nicedomain.com/~nicedomain <-- does work (but is not what I want)

I told my hosting about it, but they insisted it was that way because my cert was for "dedicated servers only".

Any idea if I can change that? in Cpanel or WHM? or what should I tell to my hosting, or what instructions could I give them?

Thanks!

How to create an SSL certificate on a workstation?

chphaniv — Fri, 22 May 2009 15:24:33 GMT

Hi All,

I have installed an SAP application on my personal laptop. This application is running at 192.xx.xx.1. This application has also installed a web site on IIS 6.0 with virtual address 192.XX.XX.2 on the same laptop. Now I am calling website from IE with address http://192.XX.XX.2/default.htm. Here the IE has to start application with an SSL certificate. I created the SSL certificate serveral ways and failed. Finally, what I understood is that I am creating an SSL creating with the subject as

Subject = "CN=crm2007.vj.com", O=TRAINING....

where crm2007.vj.com is my computer name, and Workgroup name is WORKGROUP.

From documentation, I understood that CN should be the DNS or NetBIOS name. Where my system is standalone system with workgroup defined as WORKGROUP.

Have I specified the correct value to CN parameter? If not, what is the value that I should specify? Can I create SSL certificate for a workstation? If yes, how? I need help on this very badly, and I can call you and share my desktop if required. my personal mail id is chphaniv@gmail.com

Request your inputs, and Thanks for your time.

Regards,

Phani.

HELP: Regarding CAed SSL Certificate!!

sswarup — Tue, 06 Oct 2009 22:23:32 GMT

Hi,

I have come across with following SSLHandshake error:
D:\eserver1\bin>d:\eserver1\engine\jdk\bin\java.exe -cp d:/eserver1/share\system\cartridges\core\release\lib\core.jar;d:/eserver1/share\system\cartridges\ac_cxml\release\lib\ac_cxml.jar com.intershop.adapter.cxml.capi.util.Tester https://ebsi-dell08/is-bin/INTERSHOP.enfinity/WFS/PrimeTech-CorporateLarge-Site/en_US/-/USD/ProcessCXMLPunchOutSetup-Start POSetup1.xml "C:\Program Files\Internet Explorer\iexplore.exe"
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:840)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.intershop.adapter.cxml.capi.util.Tester.start(Tester.java:78)
at com.intershop.adapter.cxml.capi.util.Tester.main(Tester.java:40)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 18 more

The above error occured while working with one of our E-Commerce application and it requires "CAed SSL Certificate".Could anyone help me regarding this "CAed SSL Certificate".

Tomcat ssl fail: on startup: java.lang.Exception: Socket bind failed: [730014]

litpuvn — Fri, 28 Aug 2009 15:59:18 GMT

Hi All,

Could you please help to figure out why my https is not functioning :
I installed Tomcat 6.0 and generate .keystore file as in the guideline http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
and change the connertor in server.xml as below:

port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>

now i restart the Tomcat, the http://localhost:8080/ is running properly but with the https://localhost:8443/, i got connection timeout.
I checked the catalina log and this is the error:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.lang.Exception: Socket bind failed: [730014]....

I googled and found it was a bug in previous version. It should be fixed already in the Tomcat 6.

Do you know why i still got this issue? I am running on Windows Vista. And i also download the tcnative-1.dll to Tomcat bin folder.

I attached the server.xml here

Thank you for your response,

-Hoang Long

Question about saving images

sadiesunglow — Fri, 28 Aug 2009 03:51:12 GMT

Im not sure if this is the right place to come but i could really do with some advice.

We have a secure site which displays charts, such bar charts etc, and are finding that if we save the web page the charts, and other images, do not display, and we believe it is because the site is https. Can anyone offer any advice as we would really like to be able to save the page with the images on it, or is this nothing to do with SSL in the first place?

Thanks in advance.

SSL from server to webuser

arturomoreno — Sun, 16 Aug 2009 11:45:17 GMT

I am learning about SSL Certificates and as I understand, a webuser encrypts the data it is sending by using a public key. In such way, only the webserver can descrypt the data using the private key. So far everything is clear to me.

However, imagine the next case:

A user submits sensitive data such as credit card information and billing address in an HTML form using SSL security to a webserver. Nevertheless, the user entered incorrect information in one of the form fields. In consequence, the server identifies a mistake and asks the user to correct it. This last action involves the server sending back the html form including the values of the other correct fields already filled.

Is that information also encrypted? I mean, is the information from server to user also encrypted?

If yes, how does the web user decrypts that information if he only has the public key and not the private key?

If not, what happens if the information sent by the server gets in the hands of the bad guys?

Thanks a lot!

Client Authentication > SSL alert number 48

wppanjb — Wed, 01 Jul 2009 05:10:49 GMT

Hi,

I'm modifying an existing tomcat server to use client authentication.

I'm using a self-signed CA to sign both my server and client certificate. When testing the connection using openssl, i get the following errors:

C:\OpenSSL\bin>openssl s_client -connect wppan:8443 -cert c:\test\tc5.5\2\client
\clientCert.pem -key c:\test\tc5.5\2\client\client.key -CAfile c:\test\tc5.5\2\ca\ca.pem
Loading 'screen' into random state - done
CONNECTED(00000778)
depth=1 /C=MY/ST=Johor/L=Johor Bahru/O=CA Org/OU=CA Unit/CN=my_ca/emailAddress=admin@inforco.com.my
verify return:1
depth=0 /C=MY/ST=Johor/L=Johor Bahru/O=Server Organization/OU=Server Unit/CN=wppan
verify return:1
3760:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:.\ssl\s3
_pkt.c:1060:SSL alert number 48
3760:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib
.c:188:

My server.xml configuration settings is as follows:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
protocol="HTTP/1.1"
sslProtocol="TLS"
SSLEngine="on"
SSLCertificateFile="C:\test\tc5.5\2\server\serverCert.pem"
SSLCertificateKeyFile="C:\test\tc5.5\2\server\serverExp.key"
SSLVerifyClient="require"

Can u advice me where goes wrong with my settings?

360SHARE

musicmaker — Sun, 28 Jun 2009 16:35:38 GMT

I have a lifetime membership with 360 share and I've changed computers but when I enter my password ( given to me thru an email) it responds that my account is inactive or has expired. Who do I contact or what should I do

Implementation of SSL Accelerator Card

yahlowgrin — Thu, 25 Jun 2009 20:51:51 GMT

Hi all,

I am a software developer and trying to find out the various ways to implement SSL security. I am not sure how SSL Accelerator Card really works. I have tried googling on this topic but the results are on the typical usage of web browsers and web servers (ie HTTPS). However, what I am trying to do is to write a simple program to utilize SSL for sending and receiving of files.

(1)Does the card automatically decrypts any data packets from the clients?

(2) Does the card has a feature of client authentication?

(3) How much does a typical card cost? I saw that it costs around $5 per SSL Connection/sec, am I looking at the correct information?

(4) Is OpenSSL supported on these cards? if there are, where can I find more information on these OpenSSL Accelerator cards?

Regards