Jetty SSL configuration Apache karaf

I am trying to configure the jetty to work with SSL in Apache Karaf OSGI container.http works, but https does not work. What could be the problem?My configuration details below:etc/jetty.xml<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <Set name="host"> <Property name="jetty.host" /> </Set> <Set name="port"> <Property name="jetty.port" default="8282" /> </Set> <Set name="m...

Some clients accept SSL cert; others reject it

Some HTTP clients accept this certificate, and others do not. What could make the difference?Java rejects it.((javax.net.ssl.HttpsURLConnection)new java.net.URL("https://www.lucidpress.com") .openConnection()) .getInputStream() javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching www.lucidpress.com found. at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1715) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:257) ...

How does it work: Found one SSL certificate two different chains and two different root CAs

I bought an SSL Certificate from GeoTrust. On checking the certificate chain on different Devices I found two different chains. Both chain are valid!On chain ends in Root-CA C=US, O=Equifax, OU=Equifax Secure Certificate Authority and the other one in Root-CA C=US, O=GeoTrust Inc., CN=GeoTrust Global CA. The different between this chains are in the first chain "GeoTrust Global CA" is signed by "Equifax Secure Certificate Authority" and in at the second "GeoTrust Global CA" is self-signed. But in both chain the Fingerprint of "GeoTrust Global CA" is "C0:7A:98:68:8D:89:FB:AB...

Channels are not running after the certificate renewal on MQ windows

We are trying to import the new renewed certs into keystore in MQ windows in our production but the channels are going to retying status after deploying the certs. Looks like somehow our queue manager is not reading the certs from the below error. The issuer of the certs are same before and now. The certs being used is rootCA5, serverCA5 and personal Cert. The channels are working fine when we put back the old certs. I have checked the permissions on the ssl folder and keystore, they are fine. Looking for some valuable suggestions as our old certs are going to expire tomorr...

Using self-signed SSL certificate works, but CA signed certificate results in handshake alert failure 40 in response to client hello

So far, I've used openssl, sslyze, keystore utilities, and some of the standard Windows diagnostics commands to try and characterize this problem. The summary is that as soon as I attempt to use a keystore that has the CA signed certificate in it, I get an immediate handshake failure 40 after the client hello. The connection never gets as far as a server hello with the CA cert in place.On the same machine (Windows Server 2012), if I use a self signed certificate, the connection works as expected.Openssl shows the handshake failure with the CA certificate in place.sslyze s...

Connecting to a Websphere MQ in Java with SSL/Keystore

I'd like to connect to a Websphere 6.0 MQ via Java. I have already working code for a "normal" queue, but now I need to access a new queue which is SSL encrypted (keystore). I have been sent a file called something.jks, which I assume is a certificate I need to store somewhere. I have been searching the net, but I can't find the right information.This is the code I use for the "normal" queue. I assume I need to set some property, but not sure which one.MQQueueConnectionFactory connectionFactory = new MQQueueConnectionFactory();connectionFactory.setChannel(channel_);conne...

SSL/TLS handshake between Websphere MQ Server and Client

I'm debugging SSL errors between Websphere MQ Server and Client using T.Rob's suggestions and need help understanding the SSL handshake (SSL connect to MQ using .net mq client SSLV3?). My WMQ 7.5 client application is C code and uses a keystore (.kdb). Utilizing a CHLTAB provided by the WebSphere admin. The WMQ server is running Java and the channel is defined with mutual authentication. The article states that in the SSL/TLS handshake, the server always sends its public certificate in response to a connections request. The client then must validate that certificate by fir...

How, having IIS pfx with L1K, creat CSR for L1M and have cert returned compatible with Tomcat?

I have IIS server with pfx containing L1K cert. I need to request a new L1M cert for it, AND will need to also be able to import the returning cert to a java keystore as the URL in question will move from IIS to Apache Tomact.Help! I think I found the way to do this.*credit to this site:https://www.jamf.com/jamf-nation/discussions/4646/converting-a-windows-pfx-or-windows-pkcs12-keystore-to-a-jks-keystore1 - use keytool to import PFX into JKSkeytool -importkeystore -srckeystore .pfx -srcstoretype pkcs12 -destkeystore .jks -deststoretype JKS2 - get details such as Alias fr...

Verify errorcode = 20 : unable to get local issuer certificate

I have a certificate chain in server:Certificate chain 0 s:/******/O=Foobar International BV/OU**** i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=**** - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=**** - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification AuthorityAnd my local root CA certificate is: s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** i:/C=US/O=VeriSign, Inc./OU=VeriSign Trus...

Kubernetes (kubeadm) missing public certificates in containers for outgoing connections

I've setup a kubernetes cluster on my contabo (provider) server(s).Everything is running great so far, till I wanted to access an external SSL domain from a container.I was able to reproduce the steps by Setting up a new serverRunning kubeadm init on itRun kubectl run -i --tty test --image=tutum/curl --restart=Never -- shRun (in the container) root@test:/# curl https://acme-v01.api.letsencrypt.org/directory -v Hostname was NOT found in DNS cacheTrying 91.194.91.220...Connected to acme-v01.api.letsencrypt.org (91.194.91.220) port 443 (#0)successfully set certificate v...

MQ TLS communication with Weblogic using foreign JMS

I am trying to connect to MQ from weblogic 12c server using foreign JMS( using .bindings file). But not able to figure out where to configure cipher suite in Weblogic for SSL/TLS communication. I know how to do it in java code. But have no clue how to specify it in Weblogic resources. Any help will be highly appreciated. You put the MQ SSL/TLS information in the bindings file. [XXX]

Wildcard SSL certificates on Cloud66

We currently have a single development environment with Cloud66. We are hoping to expand to staging and production environments which will be secured with SSL. Is it possible to use the same wildcard certificate to secure all three environments (obviously with different names for each)?I've added the detail below as I don't think my original question was clear enough.Specifically what I want to know is if Cloud66 will allow a single wildcard certificate to be used to secure domains across a number of stacks or if a single certificate can only be used on a single stack. Y...

SSL connect to MQ using .net mq client SSLV3?

Currently I am having a problem connecting to the server due to the following issue:When I tried to connect to the server, it returned an error: MQRC_SSL_INITIALIZATION_ERRORUpon closer analysis via WireShark, I found that the Client is attempting to connect to the server using SSL v2, while the server can only accept SSL V3, thus rejecting the connection.I checked through the document, but am not able to find any information onwhat SSL version the .Net client supports.I would like to check whether the SSL version is controlled from the .Net MQclient, and if so, how can we ...

Route 53 Naked/Root Domain Alias Record

Route 53 supports Alias records which use Amazon S3 static websites to dynamically resolve naked domains to their www counterparts using a 301 redirect. I am wondering whether the Alias record will support SSL:http:// example.com -> http:// www.example.com (this will work)https:// example.com -> https:// www.example.com (will this work?)I realize that SSL doesn't have anything to do with DNS, but Route 53's implementation of the Alias record (using an S3 static website) concerns me.It seems like dnsimple's ALIAS record does support SSL:http://support.dnsimple.com/articles/d...

JMS connection handshake is failing for SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA

I am using Spring boot 1.2.2 and JDK1.8.0.40, I have specified the SSL cipher suit as SSL_RSA_WITH_3DES_EDE_CBC_SHA and also import cer file to keystore.When I run my project, I set the jvm arguments as following:-Djavax.net.debug=all -Djavax.net.ssl.keyStore=/java_home/jre/lib/security/cacerts -Djava.net.keyStorePassword=changeitBut I always get handing exception:javax.net.ssl.SSLHandshakeException: No appropriate protocol(protocol is disabled or cipher suites are inappropriate)SEND TLSv1.2 ALERT: fatal, description = handshake_failureWRITE: TLSv1.2 Alert, length = 2[Raw w...

purchased ssl for one website but all other website respond to https

I purchased a ssl for one website but all other addon (domain) are working with https with the contain of my ssl siteexample: https//www.example.com (I purchased ssl for this one)In same hosting I have 5 domain like www.domain1.com and like so, but they don't have ssl But when I try to open www.domain1.com (without ssl) with https its working but with the contain of my ssl site i.e www.example.comI tried with .htaccess but its not working Options +FollowSymlinks -MultiViews RewriteEngine on RewriteCond %{SERVER_PORT} =443 RewriteRule . http://%{HTTP_HOST}%{REQUE...

Page 1 of 58  |  Show More Pages:  Top Prev Next Last