Browsing articles tagged with "ssl - 2/83 - Admins Goodies"
Nov 14, 2012
tom

Securing SSL requests with mod_cluster?

In case I have both the httpd and JBoss in secure LAN, is it possible to terminate SSL requests at httpd, and pass the request to available JBoss via mod_cluster? Any idea what configuration involved? Asked by SyRenity By default, mod_cluster will terminate your SSL connection and pass information to the backend un-encrypted. See http://docs.jboss.org/mod_cluster/1.0.0/html/UsingSSL.html for instructions. Note section 12.2 which shows the extra configuration required to use SSL between the proxy and the backend […]

Continue Reading »
Nov 7, 2012
tom

AWS installing mod_ssl on apache

I tried installing mod_ssl,I used this command apt-get install mod_ssl to install but I got an error saying unable to locate package mod_ssl. After executing the above command, I got below output Reading package list.. Done Build dependency tree Reading state information done.. E:unable to locate package mod_ssl How do I resolve it ? Asked by user1263374 Run the command dpkg -S mod_ssl.so. Chances are that it will display something like: apache2.2-common: /usr/lib/apache2/modules/mod_ssl.so It means […]

Continue Reading »
Oct 16, 2012
tom

SSL Proxy: Forwarding without the encryption

I have a python application listening on port 9001 for HTTP traffic. I’m trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I’m not doing anything crazy with the site names and SSL certs, I […]

Continue Reading »
Oct 13, 2012
tom

Is it possible to do client certificate authentication without running HTTPS on a webserver?

(Please note: this question is one of many “why don’t you just try it?” questions. I certainly will, but since I haven’t found an obvious answer by googling, I thought I might as well make it easier for someone who might need this later by asking on ServerFault) My web application is served over HTTPS behind some load balancers and allows users to authenticate using client certificates in some cases. Now I’m being asked whether […]

Continue Reading »
Oct 10, 2012
tom

Invisible Apache redirect

I would like subdomain.mydomain.com to invisibly redirect to https://[myServerIP]:2083. (There is an SSL issue here). So far I managed to do it, but the redirection is visible and I don’t want it: RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^subdomain.\.mydomain\.com$ RewriteRule ^ https://[myServerIP]:2083/ Would it be a way to achieve the same redirection while maintaining permanently my beautiful “subdomain.mydomain.com” in the address bar? EDIT with the ProxyPass directive: I tried some variations with ProxyPass but it will […]

Continue Reading »
Oct 9, 2012
tom

Watchguard SSL VPN and Outlook 2010

Recently I installed a watchguard xtm 21 appliance. Everything went fine until I updated from Office 2007 to Office 2010. Behind my watchguard appliance I’ve got an Exchange 2007 server, which I was able to reach with Outlook 2007 (when working remote over ssl vpn connection). Now with Outlook 2010, working remote over ssl vpn, I’m not able to reach my Exchange server. Do I need to change some settings, (port configuration?) specific for Outlook […]

Continue Reading »
Oct 7, 2012
tom

Strategy to isolate multiple nginx ssl apps with single domain via suburi’s?

Warning: so far I have only learnt how to use nginx to serve apps with their own domain and server block. But I think its time to dive a little deeper. To mitigate the need for multiple SSL certificates or expensive wildcard certificates I would like to serve multiple apps (e.g. rails apps, php apps, node.js apps) from one nginx server_name. e.g. rooturl/railsapp rooturl/nodejsapp rooturl/phpshop rooturl/phpblog I am unsure on ideal strategy. Some examples I […]

Continue Reading »
Oct 2, 2012
tom

Apache Key: Which is it using?

I’m running an Apache server on Ubuntu. When I restart it, it asks me for a pass phrase; here’s what the dialog looks like: Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server 127.0.0.1:443 (RSA) Enter pass phrase: I’ve already worked out how to remove the pass phrase from the key file in question, but […]

Continue Reading »
Sep 30, 2012
tom

Disable all but RC4 in apache

Our PCI compliance vendor requires that we disable all but RC4 encryption on our web server. Currently our apache config file looks like this: SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH:!AES256-SHA:!ECDHE-RSA-AES256-SHA384:!AES128-SHA:!DES-CBC:!aNull:!eNull:!LOW:!SSLv2 However, https://www.ssllabs.com reports the following ciphers are allowed: TLS_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA How can I configure apache to only allow RC4? Asked by Daniel Turns out it was pretty easy. The “High” option in my original question was including the other ciphers. By reducing it to […]

Continue Reading »
Sep 25, 2012
tom

Designing server setup for 80 req/sec site – will this do?

I am tasked with designing a server setup for a site that has to handle about 5k requests per minute (80 – 90 per second). The only constraints that I am aware of are that the site probably will be written in Django and most, if not all, of the traffic will be encrypted. Will the following server setup be enough to handle these requirements? With this being my first such serious job I would […]

Continue Reading »
Pages:«1234567...83»