I use something similar to this for my admin folder in wordpress: #redirect all https traffic to http, unless it is pointed at /checkout RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !^/checkout/?.*$ RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L] The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance. If … Read more
Sun’s JSSE doesn’t support SSLv2 but it supports the SSlv2ClientHello, to support some SSL servers that require it. You can turn it off by removing it from the enabled protocols. IBM’s JSSE does support SSLv2 entirely. From the JSSE Reference Guide: For example, some older server implementations speak only SSLv3 and do not understand TLS. … Read more
The certificate itself for www.reporo.com (not reporo.com) is valid, but it is missing a chain certificate as shown in the report by ssllabs: Chain issues Incomplete …. 2 Extra download Thawte DV SSL CA Fingerprint: 3ca958f3e7d6837e1c1acf8b0f6a2e6d487d6762 The “Incomplete” and “Extra download” are the major points. Some browsers will have the missing chain certificate cached, others … Read more
There is a solution at here which gracefully works for me. Just call SSLUtilities.trustAllHostnames(); SSLUtilities.trustAllHttpsCertificates(); Before your SSL connection. You can also capture more solution by searching Internet for java ssl trustall. Here is the copy of that solution (in case of maybe a broken link in future): import java.security.GeneralSecurityException; import java.security.SecureRandom; import java.security.cert.X509Certificate; import … Read more
The configuration is done via an SSLContext, which is effectively a factory for the SSLSocketFactory (or SSLEngine). By default, this will be configured from the javax.net.ssl.* properties. In addition, when a server requests a certificate, it sends a TLS/SSL CertificateRequest message that contains a list of CA’s distinguished names that it’s willing to accept. Although … Read more
This should be sufficient. I use this when testing code against testing and staging servers where we don’t have properly signed certificates. However, you should really really strongly consider getting a valid SSL certificate on your production server. Nobody wants to be wiretapped and have their privacy violated. SSLContext sc = SSLContext.getInstance(“TLS”); sc.init(null, new TrustManager[] … Read more
While the scripts directory in Rails 4 is gone, the bin directory remains. You can get WEBrick working with an SSL certificate by editing the bin/rails script. Tested on Rails 4 and Ruby 2.1.1, installed with rbenv. Much of this is from this blog post and this Stack Overflow question. #!/usr/bin/env ruby require ‘rails/commands/server’ require … Read more
It is an SSL version problem. The server only supports SSLv3, and Java will start at v2, and attempt to negotiate upwards, but not all servers support that type of negotiation. Forcing java to use SSLv3 only is the only solution I’m aware of. Edit, there are two ways to do this that I’m aware … Read more
Finally got the solution to my problem, so I’ll post the results here if anyone else gets stuck. Thanks to Michael Martin of Michael’s Software Thoughts & Ramblings I discovered that: keytool by default uses the DSA algorithm when generating the self-signed cert. Earlier versions of Firefox accepted these keys without problem. With Firefox 3 … Read more
The reason why you don’t have to load a certificate locally is that you’ve explicitly chosen not to verify the certificate, with this trust manager that trusts all certificates. The traffic will still be encrypted, but you’re opening the connection to Man-In-The-Middle attacks: you’re communicating secretly with someone, you’re just not sure whether it’s the … Read more