I have tried to find good answer for it, but I haven’t gotten good article about this topic.
Since there are 2 types of client applications (in bigger picture) – one that runs on server and one that you download and runs in your browser.
My question comes in about the one, that runs in your machine (that you download at first visit – Blazor WebAssembly to be specific).
Do I need to enable SSL (HTTPS) for this application or web server, that hosts this application as well or is it not needed in the end?
Does only having API connection encrypted be enough?
Yes, this is a cost saving masure, since this is for my hobby project and I would like to keep running costs as minimal as possible. But since I still exchange data, that should not be seen by 3rd party, this application needs to be secure.
To enable HTTPS I would need second Static IP, which is 3$ a month (which is not much), but again, it is additional cost for me, that I would rather not have.
Is there any book which can cover security from certs point of view in detail. I want topics like
- SSL certs for webservers/ sites
- Security certs for authenticating clients rather username/password
- PGP keys, ssh keys anything realted
- CA cert chain, bundle , database certs
- diff types of formats of certs , keys
- Security at diff layers of OSI Model /protocols
We have used –ssl-cert=path –ssl-mode=VERIFY_CA while login but unable to login as it is throwing ssl-error
"ERROR 2026 (HY000): SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITY"
I’ve noticed that the search engine Shodan grabs screenshots from hosts running an RDP service, even if they offer a certificate.
To my understanding, the certificate is used to authentify the server, and encrypt the traffic sent and received (exactly like they are used in HTTPS), and thus should be irrelevant to the protection of hosts exposing RDP to the internet, but when I try to connect to such a service using xfreerdp, I get prompted for a password before I get to where the screenshot was taken, and then the error message :
freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014].
I read that Shodan does not try passwords, it just grabs screenshots from accessible targets without credentials How is Shodan able to grab such screenshots? or what does xfreerdp do instead of launching the RDP display?
If I connect to a WIFI AP and it wants to install a root cert. They read my HTTPS traffic, Right?
Does using OpenSSH on my cell phone to my home router help protect me? Or can this traffic be decrypted as well?
When we connect to postgreSQL via ssl-mode=verify-full how will I make sure if the certificate I passed is used while making the connection?
With ssl_is_used(); shows only true or false. Is there any other extension or pg_catalog views that shows the root cert used in making connection to the DB ?
i write a splider for nike.com but this website ssl need verify ssl fingerprint
i dowload the client cert from chrome, and use
openssl x509 -inform der -in nike.cer -out nike_certificate.pem requests.post(cert=nike_certificate.pem)
(Caused by SSLError(SSLError(336265225, '[SSL] PEM lib (_ssl.c:3845)')))
To prevent MITM from my app I will use cert pinning.
To prevent having not approved parties communicate to my server I can use Mutal TLS, which actually accepting communication from trusted sources.
Am I am missing something or it sounds the same?
I bought and installed a SSL cert for my domain but then changed my mind and canceled the purchase and bought a slightly cheaper one. The old cert is then revoked and I proceed to install the new cert.
Here is when things got worse. The domain still showing old revoked SSL and that makes my site couldn’t be loaded on Firefox or any browser which are using OCSP. I tried reinstalling the new cert and even reissue it but to no avail.
Can anyone tell me how exactly can I purge the old revoked cert from getting in a way of the new cert? I believed this has caused downtime to my site.
Is this an issue with SSL provider or server side? The hosting company kept bouncing this and blaming SSL provider while the other one pointed me to the hosting company.
For example if my friend develops a webapp with a custom cert and I add them as CA to my browser, can they do any damage? I mean for example somehow faking certs and stealing my banking password, etc.? Are there such risks with custom cert authorities?