ssl

HTTPS error “data length too long” in s3_pkt.c from Socket.io

by

I’m unsure weather it works. But here’s my idea/suggestion: Idea: I assume that you (possibly) tried to access a URL which is too long. This happens if data often is tansmitted via GET-Parameters. The official limit for a URL is below 512 Bytes. Details: The HTTP specification says that a protocol line may be at … Read more

Chromium throws NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED [closed]

by

I have the same problem. This is what I found out so far: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380 https://bugs.chromium.org/p/chromium/issues/detail?id=664177 https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT2160 Are you also using Version 53.0.2785.143? Looks like it is important when the build happened: https://chromium.googlesource.com/chromium/src/net/+/master/cert/ct_policy_enforcer.cc#44 Looks like the best workaround is to upgrade to 54.x, wait for a patch or use another browser. Update: A new version of … Read more

Nginx Redirect HTTP to HTTPS and non-www to ww

by

The SSL redirect won’t work if your SSL certificate doesn’t support the non-www domain. The config is correct but can be reduced to just 1 redirect server Also don’t forget to reload Nginx sudo service nginx reload server { listen 80; listen 443 ssl; server_name example.com; # add ssl settings return 301 https://www.example.com$request_uri; }

HttpGet with HTTPS : SSLPeerUnverifiedException

by

Note: Do not do this in production code, use http instead, or the actual self signed public key as suggested above. On HttpClient 4.xx: import static org.junit.Assert.assertEquals; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.junit.Test; public class HttpClientTrustingAllCertsTest { … Read more

How to send a https request with a certificate golang

by

You need to add CA of your certificate to your transport like: package main import ( “crypto/tls” “io/ioutil” “log” “net/http” “crypto/x509” ) func main() { caCert, err := ioutil.ReadFile(“rootCA.crt”) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ RootCAs: caCertPool, }, }, } _, err := … Read more

Is a Wildcard SAN certificate possible? [closed]

by

Yes, it’s certainly technically possible. For instance, the cetrtificate for Microsoft Outlook Web Access (https://outlook.office365.com) was issued to outlook.com, and has a combination of wildcarded and non-wildcarded names in the SAN section: DNS Name=outlook.com DNS Name=*.outlook.com DNS Name=office365.com DNS Name=*.office365.com DNS Name=*.live.com DNS Name=*.internal.outlook.com DNS Name=*.outlook.office365.com DNS Name=outlook.office.com DNS Name=attachment.outlook.office.net DNS Name=attachment.outlook.officeppe.net Of course, as … Read more