TLS where to put certificates

I created three certificates -- for the root CA, the intermediate CA and the server. They represent the simple chain of trust: server -> intermediate -> root The question is how correctly put them on the client and the server. I have two options: Pu

SSL C ++ client without certificate with Boost

I am trying to develop a simple SSL client-server application using boost::asio. I have downloaded, compiled and run the boost example for ssl client-server. Nevertheless, in the mentioned example, a certificate must be provided to the client as file

Heroku app linking to domain providers website

I'm in trouble. I have this website which runs on heroku with a custom domain from another provider. I made the connection between the 2 with the correct DNS. It seemed to work on my browser but it didn't work on other computers, and after clearing m

Node encrypt with a public certificate

I am trying to do the equivalent of the php seal function. What I have is a string to encrypt, a public key and a randomly generated secret key, and I have to encode the string using the 'rs4' algorithm. So far I managed to encode the string with the

HTTPS only works on localhost

I am trying to setup https on one of my EC2 instances. I've done this many times, but for some reason, for this instance, it refuses to work. Problem When I connect to the domain via the local ip, the https works fine. When I connect to the domain vi

Ajax Chrome extension calls return 403

I have developed a Chrome Extension that takes a screenshot of the current tab and uploads it to a server via ajax on a schedule. It works perfectly on two servers I used to test it, but when I transitioned to a new server, the ajax calls are now pro

Play 2.4 Configuring the HikariCP Connection Pool

I need to specify some config parameters, separated by dots. Connection pool is in Play 2.4 application. For example db { default { driver = ${?DB_DRIVER} url = ${?DB_URL} username = ${?DB_USER} password = ${?DB_PASSWORD} hikaricp { dataSource { "jav

You can not access RubyGems - maybe because of SSL?

This question already has an answer here: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed 36 answers New Ruby on Rails dev here, just trying to install and get set up. I'm following this guide on how to

Disable SSL connection in given java code

I am getting security certificate errors in the code below (source). The exception is: PKIX path building failed:

Writing secure server applications with Qt

i have followed the tutorial "Writing Secure Server Applications with Qt" ( but i have the error: CSampleServer.h #ifndef CSAMPLESERVER_H #define CSA

Enable the use of TLS 1.2 in soapUI Pro

I need to connect to a webservice which only accepts connections established via TLS 1.2. Other versions are not supported. My test client (soapUI Pro) uses JRE 1.7_45 which - according to the following link - generally supports TLS 1.2 which is not

how to get the Diffie-Hellman key exchange settings?

I want to decrypt https stream in my https server. I have succeeded in decrypting it which used RSA secret exchange when i have private key. But I dont know how to descryt it when it uses DHE for secret exchange because I dont have any

Python ssl login suspended on Debian

I am trying to use Python 2.7 mechanize to log into with the following code: import mechanize br = mechanize.Browser()"") this works just fine on OSX, but it hangs on debian. The issue seems to

IPN PayPal: Can not Obtain Local Issuer Certificate

I am using curl to verify the PayPal IPN but it throws error: SSL certificate problem: unable to get local issuer certificate. The same code is working on development server and when I moved to client server it is not working. DO I need to purchase s

Self-signed SSL certificates

Can I purchase a single SSL certificate for domain A and sign all of my other domains with the domain A as reference. Will it work ?I think you're looking for wildcard certificates. Issuing a cert for * would be valid for sub1.mydomain.c

Fiddler - Capture and decrypt HTTPS traffic from the iPad app

I'm trying to monitor the HTTPS requests/responses for my iPad app using Fiddler. I have a Windows 7 PC running Fiddler and have configured the HTTP proxy on my iPad to point to the PC using port 8888. This works fine and the CONNECT tunnel messages

Heroku SSL on the root domain

I am trying to setup SSL for my heroku app. I am using the hostname based SSL add-on. The heroku documentation states the following: Hostname based SSL will not work with root domains as it relies on CNAME aliasing of your custom domain names. CNAME

How is the escape?

Everybody recommends to buy a SSL certificate for my website that prevents from many security issues mainly eavesdropping. I read articles on eavesdropping but how eavesdropping can hack my website passwords? Do SSL is strictly required to protect fr

Use the JavaScript Encryption Module instead of SSL / HTTPS

Is that worth it to use some JS encryption library to make safe communication instead of SSL? I ask this because I want to secure my application built on Google App Engine and it doesn't let you to use your own domain for SSL requests. What are good

Get a pyOpenSSL Client to Use SSL Session Summary

I've been trying with no success to get my pyOpenSSL client to use TLS/SSL session resume when making several connections sucessively (it's sending http requests) to a Tomcat application server. I'm pretty sure everything is fine on the server end si

SSL certificates with an unknown domain name

We're having an issue with securing an intranet / internet website with SSL where we can't know the qualified domain name in advance. Basically, I'm trying to make a program that will be installed on a webserver outside my direct control, to be acces

Use makecert for SSL development

Here's my situation: I'm trying to create a SSL certificate that will be installed on all developer's machine's, along with two internal servers (everything is non-production). What do I need to do to create a certificate that can be installed in all