We use the PRF file settings to inject email settings into Outlook, but I cannot find which settings to change in the ".prf" file to enable TLS. Any ideas?
I have found an answer for setting TLS settings. Set the SMTPSecureConnection string value as follows:
0 for none
1 for SSL
2 for TLS
3 for Auto
Related
I have a win 7 x64 box I recently reimaged and I have installed IIS7.5 and PHP 7. I am trying to set up localhost sites for secure https and I have successfully created a self-signed certificate for this purpose. I have set the IIS bindings for the site to use https over port 443 (IP Address: All unassigned) and selected the new SS cert.
When I go to https://localhost/php_info.php on my computer, I can see the phpInfo content but Chrome displays alerts that site is not secure.
Certificate error: There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
Obsolete connection settings: The connection to this site uses a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).
What can I do to run secure sites over localhost?
The certificate error can be fixed if you generate another certificate, with Subject Alternative Name (which is required by Chrome). More information can be found in,
https://blog.lextudio.com/why-chrome-says-iis-express-https-is-not-secure-and-how-to-resolve-that-d906a183f0
The TLS cipher should be cleaned up by using a tool such as IIS Crypt,
https://www.nartac.com/Products/IISCrypto
Jexus Manager has SSL Diagnostics, which can provide you hints on what's wrong in your server configuration,
https://www.jexusmanager.com/en/latest/tutorials/ssl-diagnostics.html
To the poste.io users:
The mail server supports multiple subdomain. So far so good. But the ssl cert is always of the main domain. i.e., when opening the webmail using the subdomain's url, I see a security exception.
Isn't is possible to extend the lets encrypt's ssl cert list to also have the subdomains so that we have valid certs per subdomain?
I found the option to manually issue ssl cert with multiple subdomains. After logging into admin console, this option can be found under System Settings -> TLS Certificate -> Change Certificate Settings option.
When an application optionally allows you to specify a certificate which represents a certificate authority, what is that doing?
Does that basically set that cert as a "trusted" certificate?
Specific example:
Kibana communicates with elasticsearch. When you configure kibana, you can set the following configuration value:
elasticsearch.ssl.ca
The documentation says this value is an "Optional setting that enables you to specify a path to the PEM file for the certificate authority for your Elasticsearch instance." (source)
Within that same config you're also specifying a certificate and key that can be used for communication with the elasticsearch instance.
If the setting is optional it means that the default behaviour is to use the system Root CAs to validate the SSL Server certificate used by your Elasticsearch instance. If you used a standard commercial SSL Server certificate this should be enough.
Yes, you are setting that certificate as a Root CA but only for this application.
Using the setting you can specify the Root CA used to generated the SSL Server certificate. This is useful if you:
use a selfsigned certificate
use a Root CA that is not available in the system Root CA repository
need to have stringent security settings limiting subset of Root CAs trusted by your application.
i'm kind of confused with the SSL setting within Websphere Application Server.
As you can see from the attached picture, the Default SSL setting has been done both in cell and node scope. Below are my qeustions:
is either inbound or outbound data through websphere transfered with SSL way according to the setting?
is the above SSL setting enabled by default? If not, then how to enable it?
in the regard of KeyStore or TrustStore configuration, i can see it refers to path like
${CONFIG_ROOT}/cells/localhostCell01/key.p12
However, i can not find this variable CONFIG_ROOT within Webspehre Variables through Admin Console. Does it mean that SSL is disabled by default so it's ok for this variable having no value?
Thanks in advance
Please see the WebSphere Security Redbook chapter 4 for details - http://www.redbooks.ibm.com/redbooks/pdfs/sg246316.pdf CONFIG_ROOT is a substitution variable, so you should be fine - http://publib.boulder.ibm.com/infocenter/iadthelp/v6r0/index.jsp?topic=/com.ibm.ws.ast.st.v6.doc/topics/tsubvarv6.html. You can test which certificates are enabled using openssl from the command line - http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
I'm looking at implementing PKI authentication ( 2 way SSL requiring x.509 certificates) for OpenRasta service.
Any ideas on how to go about this?
Thanks
I assume that you're using the HttpListener hosting.
To enable SSL / Client certifiacates, those settings are set by httpcfg.
You can find some information at http://msdn.microsoft.com/en-us/library/ms733791.aspx. More specifically, you should be able to enable SSL with client certificates using
httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6 -f 3
On platforms where that tool can be used. The -u is your ip/port. You probably want -f 3 as this maps the client certificate to a windows account, but -f 2 would do the transport security without caring for setting authentication. -h is the thumprint of the certificate, which should be installed in the destination server's certificate store, you can find that with the usual windows admin tools.
There's also a tool that lets you control http.sys at http://httpsysconfig.codeplex.com/