Guide: Openssl in WampServer 2.5 Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance. System-Variable: Open the Windows System panel (“WIN+Q” Search: system) > Advanced System Settings > Advanced > Environment variables Add a new entry in system variables with name OPENSSL_CONF and its … Read more
Having spoken to MailChimp, the certificate they’re still (Jan 2016) using – for compatibility reasons, they told me – is the GTE CyberTrust Global Root (note GTE was bought by Digicert), so you don’t need to replace the entire bundle, just add or force PHP to read this certificate: https://gte-cybertrust-global-root.digicert.com/info/index.html (note you’ll get an ‘insecure … Read more
Certificate validation did not fail, so the verify argument doesn’t apply here. What failed is the cipher negotiation; none of the ciphers requests is willing to use match those the server is willing to use. If you run your curl command with the -v switch you’ll see what cipher suite was negotiated by curl for … Read more
It is only possible if you use a simple HTTPS connection (not SSL Sockets) using the properties -Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256 See the post at http://fsanglier.blogspot.com.es/ Java 7 introduced support for TLS v1.2 (refer to http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html) BUT does not enable it by default. In other words, your client app must explicitly specify “TLS v1.2” at SSLContext creation, … Read more
The ServerConnector should be setup with an SslContextFactory. The rest of the work you are doing in the HttpConfiguration is irrelevant to setting up SSL. A good example of setting up SSL in embedded mode is maintained in the embedded jetty examples project. http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java Edit: to be more clear (thanks Erik) Update: June 2016 The … Read more
I figured out the problem. I revoked and regenerated the certificate again, and this time I only exported the private key (without the certificate). In Keychain access, I exported as .p12 and used the new file and it worked. For some reason, PushSharp wasn’t play well with .p12 when both certificate and private key are … Read more
Both certificates should exist prior to the connection. They’re usually created by Certification Authorities (not necessarily the same). (There are alternative cases where verification can be done differently, but some verification will need to be made.) The server certificate should be created by a CA that the client trusts (and following the naming conventions defined … Read more
First, about the distinction between key and certificate (regarding “CA key”), there are 3 pieces used when talking about public-key certificates (typically X.509): the public key, the private key and the certificate. The public key and the private key form a pair. You can sign and decrypt with the private key, you can verify (a … Read more
See the webpack docs There is a flag you can add to the webpack-dev-server command webpack-dev-server –https
One more solution in case it helps anyone: My scenario: using Windows 10 Kubernetes installed via Docker Desktop ui 2.1.0.1 the installer created config file at ~/.kube/config the value in ~/.kube/config for server is https://kubernetes.docker.internal:6443 using proxy Issue: kubectl commands to this endpoint were going through the proxy, I figured it out after running kubectl … Read more