I am planning to disable SSL protocol in my site and moving to the TLS secure protocol. I will be making the configuration change in httpd. Does it require any changes to the server and client certificates or credentials which are already in place?
No it doesn't. Only the supportedProtocols needs to change.
Related
Supposing I have a nginx server with mtls enabled. The nginx instance works ok for the client certificates already configured.
Is there any way to add extra client certificates (newly registered_ without restarting the server?
If not are there any servers or software solutions that resolve certificates dynamically?
I don't understand. I need reverse proxy with tls client certificate.
OpenBSD relayd can act as reverse proxy, but it doesn't have tls
client certificate verification.
OpenBSD httpd has tls client cert verification, but it can't act as reverse proxy.
I've seen relayd and TLS client cert verification http://openbsd-archive.7691.n7.nabble.com/relayd-and-TLS-client-cert-verification-td355673.html, and it seems that relayd can support tls client cert verification since Dec '18, anyway, I can't find anything about it in the current (May '19) OpenBSD relayd(8) man page.
OpenBSD moved the default http server from Nginx to httpd, to be used with relayd, anyway, they haven't achieved the full set of functionality of Nginx (yet).
I'm quite annoyed about this, anyway, I'm almost sure, or at least confident, that they'll achieve it.
I can implement with Nginx the "classic" https server with fast-cgi + https-to-http reverse proxy to websocket applications. But I tested httpd and relayd, and I would like to move to them.
Does anyone here know whether and when OpenBSD will offer reverse proxy + tls client cert verification?
Thank you very much in advance, regards
I just received an email from Authorize.net informing that they deactivate connections to their server using TLS1.0 and TLS1.1.
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
How to check which TLS use in my website?
How to check which TLS use in my website?
Use Qualys SSL Labs vulnerability tester to check which TLS version you are using: https://www.ssllabs.com/ssltest/
You may certainly see that you support several versions (this is the most common case).
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
You have nothing to do, web hosting services by GoDaddy are already supporting TLS 1.2 connections (and TLS 1.0 and TLS 1.1 - they do not support SSL v3 nor SSL v2 anymore, and it's a good thing).
I have a question regarding the configuration of SSL preferences on OpenShift.
As far I know, the SSL termination in OpenShift is executed on the HAproxy, which serves as reverse proxy to route to user gears.
Is there a possibility, to configure the SSL preferences, to use user specific order of prefered ciphers, and also to turn off some versions of SSL/TLS as it is possible for instance in tomcat, or is the SSL cipher and versions configuration platform specific and can't be changed by user?
I have a virtual server with a few websites on it. To be honest I know next to nothing about SSL. When Itry to log in to my servers Web Host Manager or any of my sites Cpanels I get a screen (In chrome) saying "This website is not trusted". Is this because the server needs to have SSL installed on it?
Maybe it's not even to do with SSL, but any explanation is appreciated.
SSL secures your conecction between your browser and the server. If you have important data there you should install SSL to protect your connection from "sniffing".
SSL is network protocol so you have to install it or enable it on the server.
here is resource for installing/enabling SSL on Apache server:
http://www.digicert.com/ssl-certificate-installation-apache.htm
and here is how to install/enable SSL on IIS:
http://support.microsoft.com/kb/299875