ssl
cURL not working (Error #77) for SSL connections on CentOS for non-root users
I just had a similar problem with Error#77 on CentOS7. I was missing the softlink /etc/pki/tls/certs/ca-bundle.crt that is installed with the ca-certificates RPM. ‘curl’ was attempting to open this path to get the Certificate Authorities. I discovered with: strace curl https://example.com and saw clearly that the open failed on that link. My fix was: yum … Read more
Nginx configuration leads to endless redirect loop
I’ve toyed around with a bunch of these answers but nothing worked for me. Then I realized since I use Cloudflare the problem may not be in the server but with Cloudflare. Lo and behold when I set my SSL to Full (Strict) everything works as it should!
Nginx – Only enable SSL if SSL Certificates Exist
You can create an additional file ssl.conf and put here ssl configs: ssl_certificate /etc/nginx/certs/atvcap_cabundle.crt; ssl_certificate_key /etc/nginx/certs/atvcap.key; Then include from the main config: server_name atvcap.server.com; include /somepath/ssl.conf*; Make sure to include * symbol – this will not break when the file does not exist at development mode.
OpenSSL client certificates vs server certificates
Server Certificates: Server Certificates are identitiy of a Server to presented by it during SSL handshake. Typically they are issued by a certificate authority (CA) well known to client, The basis on which the certificate is issued is possession of some publicly known Identifier of that server, for Webserver its the Hostname of the server, … Read more
How to require SSL for all remote users
The (formerly) accepted answer by Honza seems incorrect, see its comments. It seems not possible to use a GRANT query to alter multiple users at once since MySQL does not support wildcards for user names. As you suggested yourself you can alter records in the mysql.user table directly using an UPDATE query and as Marc … Read more
Got problems with webhook to Telegram Bot API
Just another one moment, why your webhooks not work. In my case the reason was in allowed_updates webhook parameter. By calling : https://api.telegram.org/bot<your_bot_token>/getWebhookInfo You can see { “ok”: true, “result”: { “url”: “<your webhook url should be here>”, “has_custom_certificate”: false, “pending_update_count”: 0, “max_connections”: 40, “allowed_updates”: [ “callback_query” ] } } It means, that your bot … Read more
Within a web browser, is it possible for JavaScript to obtain information about the HTTPS Certificate being used for the current page?
You can use the opensource Forge project to do this. It implements SSL/TLS in JavaScript. You can make an ajax call to the server and use a callback to inspect the certificate. Keep in mind that the server is the one sending the JavaScript so this shouldn’t be used to determine whether or not you … Read more
SSL Pinning and certificate expiry
Note: I’m more familiar with browser to server pinning (HTTP Public Key Pinning – HPKP) rather than app to server pinning, but I presume the principal is the same. In HPKP the pinning policy is provided by the server as a HTTP header but understand this is often built into the app rather than read … Read more