It is highly recommended these days to run the entire site on TLS (https that is) if possible. The overhead concern is a thing of the past, it is no longer an issue with the newer TLS protocols, because it is now maintaining sessions, and even caching them for reuse if the client drops the … Read more
I think below worked for me (I was adding a root certificate on blackfire/blackfire image which extends from alpine): RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* \ mkdir /usr/local/share/ca-certificates/extra COPY .docker/other/cert_Intertrials-CA.crt /usr/local/share/ca-certificates/extra RUN update-ca-certificates I then logged into that VM and see it has added it to the merged cert file, … Read more
In my case, on windows, It was not working after setting of name, e mail as well as certificates path for git config. following command run from command prompt fixed this issue. git config –global http.sslcainfo “C:\Program Files\Git\usr\ssl\certs\ca-bundle.crt” path of your ca-bundle.crt may vary in your case.
While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv. Much of this is from this blog post and this Stack Overflow question. #!/usr/bin/env ruby require ‘rails/commands/server’ require … Read more
The comment by Rory that the proxy would have to use a self-signed cert if not stricltly true. The proxy could be implemented to generate a new cert for each new SSL host it is asked to deal with and sign it with a common root cert. In the OP’s scenario of a corportate environment … Read more
WCF 4.0 has solved this issue in some instances with a new config option that use Request Headers: <behaviors> <serviceBehaviors> <behavior name=”AutoVaultUploadBehavior”> <useRequestHeadersForMetadataAddress> <defaultPorts> <add scheme=”https” port=”443″ /> </defaultPorts> </useRequestHeadersForMetadataAddress>
Working code ( in jdk1.6.0_23) for #1. Imports import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; The actual trust all TrustManager code. TrustManager trm = new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } }; SSLContext … Read more
Using keytool, create a random key pair: keytool -genkeypair -alias boguscert -storepass storePassword -keypass secretPassword -keystore emptyStore.keystore -dname “CN=Developer, OU=Department, O=Company, L=City, ST=State, C=CA” then delete it keytool -delete -alias boguscert -storepass storePassword -keystore emptyStore.keystore review its contents: $ keytool -list -keystore emptyStore.keystore -storepass storePassword Keystore type: JKS Keystore provider: SUN Your keystore contains 0 … Read more
The first thing I do whenever I hit a 404 with a newly-developed WCF Web Service is checking the handler mapping required to interpret this type of call, because it’s often the cause of the issue. There are several ways to work around the problem, many of which require a manual execution of the ServiceModelReg.exe … Read more
Converting certificates between cer/pem/crt/der/pfx/p12 can be done in Linux with the use of OpenSSL tool via the terminal. These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. Convert a DER file (.crt .cer .der) to PEM openssl x509 -inform der -in … Read more