In looking to provide a self-hosted ServiceStack backend to a single-page app, I want to require SSL.
I've seen the answers related to configuring the server with the certificate using httpcfg/netsh, but I'd like to not have that configuration step if possible.
I found this answer, but it doesn't compile.
The PrivateKey class is missing. Of course, I'm assuming PrivateKey.Save(...) does something similar to what httpcfg/netsh does during the manual configuration. My question is, is this 'no configuration' approach with SSL on HttpListener possible? Is that previously linked answer even possible? If so, where does PrivateKey come from?
Related
I have installed ejabberd on a vm and i successfully made accounts and accessed the admin panel. I have tried to get https enabled via lets encrypt but i havent managed to get it running. After checking the docs, google as well as the forum here i still didnt find a useful description to get this done.
thanks in advance for any further information on that note.
There are a pair of paragraphs regarding Let’s Encrypt SSL certificates in this tutorial: https://www.process-one.net/blog/how-to-move-the-office-to-real-time-im-on-ejabberd/
Once you have setup the certificates, you can enable the tls option in several listeners, like ejabberd_c2s, and probably you want to enable in ejabberd_http too. See the first example here, concretely the configuration of port 5281:
https://docs.ejabberd.im/admin/configuration/listen/#examples
I'm experimenting with an instance of Glassfish v4.1 installed in a VM trying to make mutal authentication work. Everything goes like a charm, except the CRL (certificate revocation list) part. I've searched through the whole Internet, but it seems nobody knows about managing CRL's in Glassfish v4.1. The only sites I found were this and this. The first one refers to Glassfish v2/v3. None of them works.
Does anyone know if Glassfish v4.1 allows the implementation of CRL through a static file, like the article at the first link suggests? If so, how can I achieve it?
I finally found out how to make it work. The first link I gave in my question pointed in the good direction, but it had an error. Actually, the property "crlFile" doesn't exist, at least not in Glassfish v3.0.1 ([Oracle GlassFish Server 3.0.1 Domain File Format Reference]). The right name is "crl-file" and it's an atribute of the element ssl.
<ssl crl-file="config/crl.pem" .... />
If you define this attribute, Glassfish enables the CRL checking, looking for the revoked certificates in the specified file. The solution is also valid for Glassfish v4.1.
I wish this may help someone at some moment.
I've spent the better part of this afternoon trying to figure out how to implement SSL/TLS support directly in the Play Framework 2.1 web server without having to use a front end proxy, to no avail. I have all of my certificates signed by a CA and I'm told Play 2.1 supports SSL, but am lost on the configuration options to use in application.conf to set this up. There doesn't appear to be a clear answer out there in the documentation.
Couple questions:
Do I HAVE to convert my .crt and .key files to a .jks file (Java keystore) or can I use them as-is?
If I have to import to the Java keystore, can someone provide some insight into how this is done? I have seen a lot of conflicting documentation on this.
What are the configuration options in the Play Framework 2.1.x application.conf to set this up?
As I stated before, I could not find any clear answers after a couple hours of Googling, so I figured I better ask here. Also, I want to reiterate - I DO NOT want to use a front-end web server like Apache for specific reasons, so I am looking ONLY to set up SSL/TLS support directly in Play.
EDIT:
I have found this thread: http://grokbase.com/t/gg/play-framework/1326s1ttny/2-1-ssl but I can't get any of it to work still. Not sure if I'm created the JKS file correctly by combining all of my bundled CRT files AND the private key into a single file then importing and I'm not sure what I should use for the "path to keystore".
I'm looking for a mod_auth_tkt for Nginx? I have multiple applications using auth_tkt compatible cookies and would like to have SSO. I don't want to use apache2 mod_auth_tkt, since I have nginx already running. Is there a auth_tkt compatible module for nginx?
I came across this challenge today (multi-domain SSO using Nginx), so I suppose an answer is better late than never.
I was coming from having used auth_tkt with Apache2.
Ultimately I ended up with an implementation of Pubcookie, for which somebody wrote and documented an Nginx module.
The setup is very similar:
A CGI script intercepts the request and performs login procedure for the user using whatever mechanism is configured
Upon successful authentication:
a. A cookie is set on the enterprise_domain
b. User is redirected to the originally requested resources
Some warning though, I had to hack the source a fair bit for pubcookie and the nginx module to get it to work with non-SSL sites - it seems to have been written with SSL as a fixed assumption.
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.