Is a Wildcard SAN certificate possible? [closed]

Yes, it’s certainly technically possible. For instance, the cetrtificate for Microsoft Outlook Web Access (https://outlook.office365.com) was issued to outlook.com, and has a combination of wildcarded and non-wildcarded names in the SAN section: DNS Name=outlook.com DNS Name=*.outlook.com DNS Name=office365.com DNS Name=*.office365.com DNS Name=*.live.com DNS Name=*.internal.outlook.com DNS Name=*.outlook.office365.com DNS Name=outlook.office.com DNS Name=attachment.outlook.office.net DNS Name=attachment.outlook.officeppe.net Of course, as …

Read more

pip always fails ssl verification

It may be related to the 2018 change of PyPI domains. Please ensure your firewall/proxy allows access to/from: pypi.org files.pythonhosted.org So you could give a try to something like: $ python -m pip install –trusted-host files.pythonhosted.org –trusted-host pypi.org –trusted-host pypi.python.org [–proxy …] [–user] <packagename> Please see $ pip help install for the –user option description …

Read more

curl: Unknown error (0x80092012) – The revocation function was unable to check revocation for the certificate

I’ve been using curl through a mitm proxy for pen-testing and getting the same issue. I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this: curl “https://www.example.com” –ssl-no-revoke -x 127.0.0.1:8081 The -x parameter passes the proxy details – you may not need this.

Nginx does redirect, not proxy

You have to use the proxy_redirect to handle the redirection. Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response. Suppose a proxied server returned the header field “Location:https://myserver/uri/”. The directive will rewrite this string to “Location: http://nginx_server:8080/uri/”. Example: proxy_redirect https://myserver/ http://nginx_server:8080/; Source: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect