I have Data Virt running via the standalone.sh script, and can log in with my username and password. My next task is configuring it so that it automatically runs whenever the instance is up and running (without having to execute standalone.sh), and uses SSL (port 443) rather than my username and password to log me in. I added the vault.keystore, dv_keystore.jks, and dv_truststore.jks files, and modified both standalone.sh and standalone.xml, according to the JBoss and other online documentation, to account for using these files. I start the standalone.sh script, which runs without any errors. When I browse to:
http://<IP>:8443/dashboard
after starting standalone.sh, I get the following error:
This page can't be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://:8443 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4, which is not considered secure. Please contact your site administrator.
The settings Use TLS-1.0-ON, Use TLS-1.1-ON, and Use TLS-1.2-ON are all checked in the Browser properties.
By contrast, when I browse to
http://<IP>:8443/dashboard
when standalone.sh is not running, I get the following:
This page can't be displayed
- Make sure the web address https://:8443 is correct.
- Look for the page with your search engine.
- Refresh the page in a few minutes.
It appears the browser is sensing something going on when standalone.sh is running, but something is not allowing the browser to access the dashboard.
What am I missing here?
Have you validated any other ssl access? Is it just an issue with the dashboard application?
Related
I have a mail server working ok with Postfix+Courirer+MySql (virtual users), and SquirrelMail, I could never configure SqMail properly for message characters sets, so I would like to give a try to Roundcube, I have installed it, I did some configs, but at login screen I always get:
IMAP Error in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php (196): Login failed for user#domain.tls from AA.BBB.CC.DDD. Could not connect to ssl://domail.tls:993: Conection refused
I've been searching around and testing changes on config but no success, can anybody advice me on how to proceed to achieve the functioning of Roundcube.
My current system still works...
What info is suitable for you to have an idea of what could be wrong?
I am behind an enterprise firewall, have checked "Auto-detect proxy settings" in System Settings -> HTTP Proxy. I entered the correct credentials and checked "Remember". I know the credentials are correct, as I am able, for example, to download and install plugins.
However, IntelliJ keeps asking me periodically to re-enter the proxy credentials. Why?
For me the solution was changing proxy setting to "No Proxy" from "Auto-detect".
Idea retrieves proxy settings anyway from Windows.
Version:2019.3
Raising a case they said the SSL certificate gets replaced via the proxy.
I was baffled as it works for some people and not others. People sitting next to each other!
Essentially the proxy gets in the way (from all non-JDK reports) and this is why you can't see the Last Seen dates in the site for all licensees.
The KB: https://intellij-support.jetbrains.com/hc/en-us/articles/206544889-SignatureException-Signature-doesn-t-match-or-Signature-length-not-correct-got-256-but-was-expecting-512
Solution:
The only alternative is to use the Offline Activation codes for each user who will need to login to https://JetBrains.com and get their individual Offline Activation code. Then activate the software offline. Help Menu > Register.
I have implemented FCM for web using fcm documentation.
Everything'll be fine if I set url like : 'http://xxx' I have no error.
But when I set url : 'https://xxx..', I get error:
"Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script."
code: "messaging/failed-serviceworker-registration"
"Messaging: We are unable to register the default service worker. Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script. (messaging/failed-serviceworker-registration)."
Can anyone show me how to fix this error?
This is a general problem when wanting to test service workers in a local development environment without proper SSL certificates. It is not specific to Firebase Messaging but pertains to Service Workers in general.
Here is the solution I found when using Google Chrome: Testing Service workers locally with self-signed certificates
Unfortunately, I don't know yet how to circument the issue with other browsers, but probably there must be similar ways.
For Chrome, you need to start a new instance of Chrome, with some flags telling it to ignore SSL certificate errors for your local origin:
In Linux (and maybe Mac):
google-chrome --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://127.0.0.1 --user-data-dir=/tmp/foo
The https://127.0.0.1 here is the location where your app (and service worker) is hosted locally. You might need to adjust this to use the appropriate port, if serving on a different port than the standard HTTPS port 443, e.g. https://127.0.0.1:3000, when serving your app over HTTPS on port 3000.
The --user-data-dir=/tmp/foo is necessary to start a new instance, with a new user profile, if another instance of Chrome is already running.
In Windows (might vary, depending on where your chrome.exe is):
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --ignore-certificate-errors --unsafely-treat-insecure-origin-as-secure=https://localhost:1123
Again, you might have to adjust the port.
Easier method that worked for me:
Just paste chrome://flags/#allow-insecure-localhost in your chrome browser, and Enable the setting that says something like "Allow invalid certificates for resources loaded from localhost."
I am trying to monitor https traffic with Fiddler, using current newest version:2.4.4.5
I've successfully set up https, certificates and I can see the full https encrypted traffic for example browsing my bank's web site.
...however...
When I trying to monitor an other server I got this error message in the response window:
"Failed to secure existing connection for 77.87.178.160. A call to SSPI failed, see inner exception. InnerException: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm"
For full Fiddler window see:
The client is not a in this case browser, but a custom client program, which communicates with its own server.
My question: Is this exception misleading and in reality some other error prevents the secure channel to set up?
...or...
We have still chance to monitor this https communication?
Thx in advance
What is the client program?
This error typically indicates that that client application is only offering certain HTTPS ciphers, and those ciphers are not supported by Fiddler.
However, in this case, the specific problem here is almost certainly this: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx
The client is trying to use AES with SSLv3, but that isn't one of the valid ciphers for SSL3. As a consequence, the connection fails.
You might be able to workaround this by clicking Rules > Customize Rules. Scroll down to the Main() function and add the following line within the function:
CONFIG.oAcceptedServerHTTPSProtocols =
System.Security.Authentication.SslProtocols.Ssl3;
Please let me know if this works.
NOTE Current versions of Fiddler offer a UI link for this: Look at the lis of enabled protocols on the HTTPS tab.
Unbelievably this issue is still present some 6 years later.
Just installed the latest version of Fiddle (v5.0.20194.41348), and sure enough on Win7 using Chrome or IE it keeps failing with the dreaded error:
"fiddler.network.https> HTTPS handshake to google.com (for #1) failed. System.ComponentModel.Win32Exception The client and server cannot communicate, because they do not possess a common algorithm"
After some hours of testing, I found a middle ground solution which seems to work with virtually all websites. The aim was to get the highest possible security with no errors in the log. Without needing to add any code, simply changing this line under Tools > Options > HTTPS > Protocols is what worked for me (just copy and paste it):
<client>;ssl3;tls1.1;tls1.2
Basically removed the ssl2 and tls1.0 protocols which leaves us with some pretty decent security and no errors so far. Having spent hours of frustration with this error, hope someone out there might find this useful, and a big thanks to EricLaw who discovered the root of the problem.
Yes I too have seen this error when working outside of fiddler and it was connected with AuthenticateAsServer but only went wrong when using IE10 and not Chrome as the browser.
Odd thing is that it did not break all the time for IE10 using SslProtocols.Tls for the protocol so I will add a bit of code to switch the protocol if one fails
The protocol that can be used also seems to change on if you are using a proxy server like Fiddler or using an invisible server by hijacking the DNS via the hosts file to divert traffic to the server
I'm trying to get WCF to use SSL with ANYTHING for FIVE DAYS now. I've gone through countless walkthroughs, generated more certificates than a mail order diploma company, even tried hot fixes. After working with MS dev tools since VB1, I am now considering flipping burgers as a career option. WCF, as far as I can see, is a complete lemon.
Anyway, to get to my actual question: If I run through this walkthrough:
http://msdn.microsoft.com/en-us/library/ff648840.aspx
I get to step 11 (adding the service reference) and get "There was an error downloading metadata from the address. Please verify that you have entered a valid address".
Details of the error gives: There was an error downloading 'https://localhost/SSL6/Service.svc'.
Unable to connect to the remote server
No connection could be made because the target machine actively refused it 127.0.0.1:443
I'm using VS2008 on Windows 7 with IIS7. I followed the walkthrough exactly (apart from step 5 which was different on IIS7- I went into "SSL Settings" for the VD), so it shows my config (yes I've used httpsGetEnabled and mexHttpsBinding).
Anyone care to save my sanity and job?
EDIT: If I go into IIS, select the VD in content view, right-click on the svc file and browse, I get "Internet Explorer cannot display the webpage". Chrome gives "Google Chrome could not connect to localhost".
IE troubleshooting gives "the remote device or resource won't accept the connection".
If I browse using the IP address rather than using localhost via http, it says that it's secured with https ok. If I browse using the IP and https, I get HTTP error 503. The service is unavailable.
So it looks to me like a DNS issue combined with... something.
When I try to just run the service site project, I get "Unable to start debugging on the web server. Unable to connect to the web server. Verify that the web server is running and that incoming HTTP requests are not blocked by a firewall". I've checked the firewall and it's ok.
Finally cracked it. There were at least three issues at play.
1) A DNS issue of some kind with localhost. It's still unresolved on my machine, but I can work around it by using the IP addy.
2) Another issue may have been that apparently, WCF doesn't work with IIS 7 OOTB. So you need to run command prompt as administrator, and run the following command -
"%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" -r -y
3) After I got through the certificate stuff I was still getting HTTP error 503, "Service unavailable". That ended up being leftovers from my previous attempts, still listening to ports:
http://blogs.msdn.com/webtopics/archive/2010/02/17/a-not-so-common-root-cause-for-503-service-unavailable.aspx
So to get a hello world level service happening with WCF and SSL took me a whole week, and in my travels I discovered many pilgrims who had taken about the same amount of time. Microsoft: You have failed.
Are you using IIS or self hosting? If you're using IIS, it sounds like it's incorrectly configured, because it seems it's not accepting connections on port 443; I guess you're probably missing a protocol binding (https to port 443). There's a detailed discussion of setting up SSL on IIS7 here that might be useful.
Of course, you could easily verify this using the browser, you should be able to connect to the site using SSL from it.
When I have had this error occur, I have found it very useful to run the service from Visual Studio to get additional information. Right-click on the service, and then select Debug -> Start New Instance from the pop-up menu. VS will launch the service using the WcfTestClient.exe.
WcfTestClient will display all the services and endpoints in your service project. A healthy launch will list your services in the a panel on the left, and provide a Start Page tab in a panel on the right. What will happen in your case, however, is that you'll get a list of services in a panel on the top and an "Additional Information" box along the bottom. Your problem service(s) will have a Status of Error.
Click on a problem service in the upper panel, and the Additional Information box will fill with an error message and stack trace. The message will tell you exactly what that problem mex (metadata exchange) address is. That may be enough of a hint for you to solve the problem. If not, post the Additional Information here and I'll be happy to take a look at it.