General :: Running Website Using Secure Connection (HTTPS)?
Feb 23, 2010
I have the following details on my system:
- RHEL 5
- WebWare for Python
We have an exisiting website written in Python and was developed by other entities and now being maintained by us. We want to run the website using secure connection (HTTPS), I tried reading this article and successfully executed every instructions but still failed to run the website using HTTPS.
The way we run the website is using port 8080, e.g. [URL] I am sure I am missing something here, first, I am still looking on where does the port 8080 comes from since I've checked the httpd.config and it wasn't there.
I have installed Dansguardian on my little brothers laptop (using Tinyproxy and Firehol too) and I have it mostly configured the way I like it. The only problem now is that I can't seem to block secure (https://www...) websites, and he knows a few proxies that use secure domains. I was wondering if anyone has been able to make Dansguardian block these websites or is it just not doable?
Basically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both
I want to set up a website that hosts very confidential business information. The info needs to be accessed by multiple people in different geographical regions. The entire website would require the high security (ie: there are no little sections that are publicly viewable). While the site will be run with Ubuntu server, I will be hosting it in Amazon's EC2 cloud.
So, if I use the HTTPS protocol with an SSL certificate, am I pretty well reaching the most secure possible situation? Are there any concerns with using the EC2 solution? Obviously there are a LOT of variables involved with maintaining website security, but I want to know if HTTPS is the current best bet (in addition to all the "best practices" of securing a site) or if there is a more robust way of securing content.
A friend of mine has a private forum setup so he and I can communicate back and forth so we don't have to send emails. The link is a "https://" so I'm assuming it's secure. I'm a newbie to ubuntu and I have already switch 3 of my computers at home to ubuntu.
I'm using Ubuntu 10.04 and google chrome as my browser. When I log into his forum it pops up with a screen saying "The site's security certificate is not trusted" and I always click proceed anyways. I'm not worried about this because I'm 110% sure that it's his website that I'm trying to access. My question/problem is it also pops up with a little box telling me to enter my Username and Password every time. When I was using WindowsXP, I had to enter this info once and then I wouldn't have to enter it again.
I am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]
From this tutorial I'm left with 3 files: server.key server.csr server.crt
Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:
So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.
I am having a problem with HTTPs in a double NAT'd network configuration. The scenario is like this..
Machines on these LANs can talk to each other no problem. There is also a NAT rule configured for traffic going from LAN A via LAN C out to the Internet. The Nokia is also doing NAT'ing. Normal web browsing works fine with this setup, but whenever I try to access HTTPS sites, it just hangs and eventually times out.Packet captures have showed lots of TCP Retransmission messages. If I logon directly to the Linux Router and fire up a browser, I am able to access HTTPS sites without any problems. This appears to be something to do with the traffic being NAT'd twice. Is there a way I can get around this without changing the config of the Nokia?
We have 2 HTTP Load balancer with HAproxy and heartbeat. There are 4 nodes in this cluster. It's doing round robin load balancing. The HTTP cluster working fine. We are having problem with our portal because it uses SSO. We need sticky connection support in our HAproxy. Also we need load balancing for HTTPS traffic. Here's our HAproxy conf file.
Linux printing appeared to be working fine up until yesterday. Today typing lpq gives the following: lpq Printer 'email@example.com' - cannot open connection - Connection timed out Make sure LPD server is running on the server
The /etc/cups/printers.conf file is properly set, the printers appear in localhost:631 and they are printing test pages. However, all command line print commands seem to be trying to print to firstname.lastname@example.org I don't know why printers.conf is being ignored and why and how email@example.com was added. Seems like it might have been auto-discovered?
# dit: firstname.lastname@example.org was mentioned in /usr/local/etc/lpd.conf I'm not sure why lpd.conf is being used instead of /etc/cups/printers.conf
As far as I know, servers are stable and don't go down easily, but every single server will eventually go down some day, either from hardware/software failure or from hacking.
But as sysadmins, our job is to keep servers running healthy as long as possible.
So I'm conducting another short survey (I might start more survey threads, and thank everyone for kindly replying my previous post):
1. Have you encountered server failures? What's the most common cause for server failure? 2. What is your most important trick in avoiding your server go down? 3. What security rules do you follow to protect your servers?
I'm writing a script that tars, bzips, and encrypts a set of files to my GPG key and then (ideally) uploads the files to a backup directory on my school's web server. I want to run it daily as a cron job. Problem is, the web server only allows connections with scp and sftp.
Neither program allows specifying a password as a switch. I want to run it as a cron job, so I won't necessarily be present to type the password, and I'd like to just be able to specify the password in the script.
"Ah ha!" you're thinking. "He needs to generate a keypair and set up ssh to not require a password!" And I've found tutorials on the web that show me how to do just that. Problem there is that they all require me to install software and/or access files outside my home directory on the remote machine.
I have zero access to anything other than my own home directory on the remote machine. None. Nada. Zip. I can't install software, access files in /var or /etc, or find out anything about running processes. The local IT priesthood won't give me any information about what's running on the machine or how I can connect to it (and has made a point of telling me that they don't care for Linux users and I should stop asking questions).
I'd really like to to just be able to specify my password in the script. I understand that scripts are really just text files and that anyone who can get at my desktop computer can read them with a text editor and that this would reveal my password and blah blah blah, but I'm willing to trade that particular risk for the convenience of not having to be awake and monitoring the computer when the cron job is running.
Is there any way to specify the password in the script itself? I'd be happy using either sftp or scp (I've used them both successfully from the terminal to transfer files to this machine).
My server is suddenly getting giving the following error: Quote: Secure Connection Failed An error occurred during a connection to inenergy.dvrdns.org. SSL received a record that exceeded the maximum permissible length. * The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. I had been trying to configure the server to do secure logins (before Christmas) , but I don't think I had completed the configuration and I'm not sure how to reset it so that I can start again.
I have a compaq pressario v6000 with broadcom wireless card bcm4312. I was running Suse 11.3 and one day the wireless stopped working so after several hours googling I gave up and installed 11.4 but I have exactley the same problem I can connect to my bt openzone or btfon network but not to my own secure network I have tried everything I can think of including disabling security settings on my homehub but I can't get it to work at all I have used network manager and traditional I just can't get it to work.
I followed the tutorial found here [URL] but when I try to access [URL] I get the following: Code: Secure Connection Failed An error occurred during a connection to www.mydomain.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) Not sure what I might have done wrong... I have retraced all of my steps and I don't believe I missed anything.
Does anyone know if it would be possible to do this? I read of people who have run Windows Server 2003 under qemu.. but i was wondering if i could get it easily to work in a secure sandbox, so i could run it as a internet server - knowing that it was secure and no one could then hack my computer.
I'm having a problem with Subversion. When I try an "svn up" it gives me this error message: SSL handshake failed: Secure connection truncated I'm running Ubuntu 10/4 but I also had this problem with 9/10. Does anyone know what this error message means? It appears to be an SSL problem but it's not clear to me what exactly the problem is. I do not have this problem with svn on my other office computer, nor my home computer. FYI, I'm running subversion on the Regina project.
The full error message is this: Code: svn up svn: OPTIONS of '[URL]': SSL handshake failed: Secure connection truncated [URL]. Although I don't think there's anything specific to Regina about this svn problem, as I mentioned, I can "svn up" from home, or from my other office computer.
Several of our servers that do not have direct exposure to the Internet have the following entry appearing in their respective /var/log/secure files.Are these messages harmless? If so, is there any way or reason to suppress their appearing in the log files?
I am trying to write a simple client that opens a secure connection. My intent is to use the OpenSSL library.
I am following this tutorial: [URL]... The tutorial mentions that I need a trust certificate store called TrustStore.pem. However, I can't find that on my machine. Is there a way to generate it? I separately downloaded the source from the OpenSSL website. The source distribution doesn't have it either. There is a whole bunch of .pem files. Can I use any one of them?
I have ubuntu 10.10 server with a web site I am mess up in NIC configuration. I have only one web site on my server. I Have 2 Internet connection with static IP. I have 2 Network Card as follow eth0 188.8.131.52 (1st internet with static IP without firewall) eth1 184.108.40.206 (2nd internet with static IP without firewall) when i restart my networking it give me following error