ssl

CFNetwork SSLHandshake failed iOS 9

by

iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app’s Info.plist file. The syntax for the Info.plist configuration looks like this: <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>yourserver.com</key> <dict> <!–Include to allow subdomains–> <key>NSIncludesSubdomains</key> <true/> <!–Include to allow insecure HTTP requests–> <key>NSExceptionAllowsInsecureHTTPLoads</key> … Read more

HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK

by

It’s a pretty common problem in Windows. You need just to set cacert.pem to curl.cainfo. Since PHP 5.3.7 you could do: download https://curl.se/ca/cacert.pem and save it somewhere. update php.ini — add curl.cainfo = “PATH_TO/cacert.pem” Otherwise you will need to do the following for every cURL resource: curl_setopt ($ch, CURLOPT_CAINFO, “PATH_TO/cacert.pem”);

PHP Get Site URL Protocol – http vs https

by

This works for me if (isset($_SERVER[‘HTTPS’]) && ($_SERVER[‘HTTPS’] == ‘on’ || $_SERVER[‘HTTPS’] == 1) || isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) { $protocol=”https://”; } else { $protocol=”http://”; }

PHP – SSL certificate error: unable to get local issuer certificate

by

Finally got this to work! Download the certificate bundle. Put it somewhere. In my case, that was c:\wamp\ directory (if you are using Wamp 64 bit then it’s c:\wamp64\). Enable mod_ssl in Apache and php_openssl.dll in php.ini (uncomment them by removing ; at the beginning). But be careful, my problem was that I had two … Read more

SSL handshake alert: unrecognized_name error since upgrade to Java 1.7.0

by

Java 7 introduced SNI support which is enabled by default. I have found out that certain misconfigured servers send an “Unrecognized Name” warning in the SSL handshake which is ignored by most clients… except for Java. As @Bob Kerns mentioned, the Oracle engineers refuse to “fix” this bug/feature. As workaround, they suggest to set the … Read more

SSL InsecurePlatform error when using Requests package

by

Use the somewhat hidden security feature: pip install requests[security] or pip install pyOpenSSL ndg-httpsclient pyasn1 Both commands install following extra packages: pyOpenSSL cryptography idna Please note that this is not required for python-2.7.9+. If pip install fails with errors, check whether you have required development packages for libffi, libssl and python installed in your system … Read more

Where do you include the jQuery library from? Google JSAPI? CDN?

by

Without a doubt I choose to have JQuery served by Google API servers. I didn’t go with the jsapi method since I don’t leverage any other Google API’s, however if that ever changed then I would consider it… First: The Google api servers are distributed across the world instead of my single server location: Closer … Read more

Trust Anchor not found for Android SSL Connection

by

Contrary to the accepted answer you do not need a custom trust manager, you need to fix your server configuration! I hit the same problem while connecting to an Apache server with an incorrectly installed dynadot/alphassl certificate. I’m connecting using HttpsUrlConnection (Java/Android), which was throwing – javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. … Read more

Force SSL/https using .htaccess and mod_rewrite

by

For Apache, you can use mod_ssl to force SSL with the SSLRequireSSL Directive: This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)