https – How to set the Bit Length when generating SSL Certificate with Java keytool?

I’m going to create a SSL Certificate so I can use https on my web site. I have to generate a Certificate Signing Request (CSR) and I did generate such a file with the Java keytool following the guide Generate a Certificate Signing Request (CSR) on Tomcat, but when I upload my CSR, I get a message from GlobalSign:

We suggest that a Bit Length of 2048 bits is used when generating your CSR.
Please regenerate your CSR and select this Bit Length.

So how do I set the Bit Length to 2048 bits using the Java keytool?

I generated the CSR file with: keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename

And before that I created my certificate keystore and private key with: keytool -genkey -alias your_alaias_name -keyalg RSA -keystore your_keystore_filename

authentication – Can’t connect to postgresql database with SSL using GSSAPI

With postgresql 12.4, I’ve got this in pg_hba.conf:

hostssl all all 192.168.0.0 255.255.0.0 gss map=myrealm

but whenever I try to connect with:

psql 'postgresql://hostname/database?sslmode=require'

I get

2020-11-26 16:03:37.934 GMT (9585) FATAL:  no pg_hba.conf entry for host "192.168.215.220", user "username", database "database", SSL off

If I replace hostssl with host I can connect (with GSSAPI).

How do I get psql to connect with SSL? I have ssl = on in my postgresql.conf and I have valid server.crt and server.key in the PGDATA directory.

Thanks

ssl – windows servers and disabling the legacy protocols

I’m disabling the legacy protocols on some Windows servers and I have amended the registry according to this article:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/retire-those-old-legacy-protocols/ba-p/259396

However after I reboot the servers if I run the command:

[Net.ServicePointManager]::SecurityProtocol

it throws:

PS C:WINDOWSsystem32> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12

so I see that Tls1.2 is now enabled but I didn’t expect to see the other two still enabled. So, my question is:

is the procedure not working or is the command that I ran to check that has a different scope? Maybe the procedure works and the protocols are deactivated but that command has a different scope

[MilesWeb] – Upto 61% OFF on Reseller Hosting | Free SSL & 24×7 Support

Setup your own web hosting business without the hassles of huge investments and management of the infrastructure <a href="https://www.milesweb.com/hosting/reseller-

hosting” target=”_blank”>MilesWeb offers excellent value-for-money reseller hosting in India, Singapore, Australia, Canada, UK and the US with benefits like
Free WHMCS , White Label Reselling, Free Migration and Custom Branding. As a reseller, you can create packages of your choice to resell at prices determined by

you, also maintaining your profitability. Sign up and get instant access to your cPanel/WHM control panel!

Reseller Hosting Server Locations:

  • India
  • USA

Why Choose MilesWeb Reseller Hosting?

  • Free SSL Certificate
  • 100% White Labeled
  • Free Malware Scan & Removal
  • Free Website Builder
  • Free Website Migration

[/list]

Below is the list of Linux Reseller Hosting plans offered by MilesWeb:

Quote:

Get Upto 61% OFF[/color] on Bronze, Silver, Gold, and Platinum reseller hosting plans. Renewal would be at regular price.


Bronze Plan:

  • 10 cPanel Accounts
  • 20GB SSD Disk Space
  • Host Unlimited Domains
  • Unlimited Bandwidth
  • WHM/cPanel/Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [COLOR=#ff0000]$4.20 [/COLOR]/mo – Buy Now

Silver Plan:

  • 20 cPanel Accounts
  • 50GB SSD Space
  • Host Unlimited Domains
  • Unlimited Bandwidth
  • WHM/cPanel/Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [COLOR=#ff0000]$8 [/COLOR]/mo – Buy Now

Gold Plan:

  • 40 cPanel Accounts
  • 100GB SSD Space
  • Host Unlimited Domains
  • Unlimited Bandwidth
  • WHM/cPanel/Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [COLOR=#ff0000]$13 [/COLOR]/mo – Buy Now

Platinum Plan:

  • 60 cPanel Accounts
  • 150GB SSD Space
  • Host Unlimited Domains
  • Unlimited Bandwidth
  • WHM/cPanel/Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [COLOR=#ff0000]$16 [/COLOR]/mo – Buy Now

Add-ons offered by MilesWeb:

  • WHMCS Plus License : $12 Per Month
  • WHMCS Professional License : $20 Per Month
  • WHMCS Business License : $32 Per Month

For more details on Reseller Hosting plans visit : https://www.milesweb.com/hosting/reseller-hosting

Quote:

Get [color=#ff0000]40% OFF[/color] on Pluto, Mars and Jupiter reseller hosting plans. Renewal would be at regular price.


Pluto Plan:

  • 20 cPanel Accounts
  • Host 20 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • cPanel/WHM
  • Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$14.40 [/color]/mo – Buy Now

Mars Plan:

  • 40 cPanel Accounts
  • Host 40 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • cPanel/WHM
  • Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$21 [/color]/mo – Buy Now

Jupiter Plan:

  • 60 cPanel Accounts
  • Host 60 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • cPanel/WHM
  • Softaculous
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$30 [/color]/mo – Buy Now

For more details on Unlimited Reseller Hosting plans visit :

https://www.milesweb.com/hosting/unlimited-reseller

Windows Reseller Hosting offered by MilesWeb:

Quote:

Get [color=#ff0000]67% OFF[/color] on windows reseller hosting plans. Renewal would be at regular price.


Neo Plan:

  • 10 Plesk Accounts
  • 20GB SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts
  • Windows Server 2016

Discounted Price: [color=#ff0000]$4.20 [/color]/mo – Buy Now

Entry Plan:

  • 20 Plesk Accounts
  • 50GB SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts
  • Windows Server 2016

Discounted Price: [color=#ff0000]$8 [/color]/mo – Buy Now

Smart Plan:

  • 40 Plesk Accounts
  • 100GB SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts
  • Windows Server 2016

Discounted Price: [color=#ff0000]$13 [/color]/mo – Buy Now

Plus Plan:

  • 60 Plesk Accounts
  • 200GB SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts
  • Windows Server 2016

Discounted Price: [color=#ff0000]$16 [/color]/mo – Buy Now

For more details on Windows Reseller Hosting plans visit :

https://www.milesweb.com/hosting/windows-reseller-hosting

Quote:

Get [color=#ff0000]40% OFF[/color] on Pluto, Mars and Jupiter windows reseller hosting plans. Renewal would be at regular price.


Pluto Plan:

  • Host 20 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$14.40 [/color]/mo – Buy Now

Mars Plan:

  • Host 40 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$21 [/color]/mo – Buy Now

Jupiter Plan:

  • Host 60 Domains
  • Free WHMCS
  • Unlimited SSD Space
  • Unlimited Bandwidth
  • Plesk Control Panel
  • Unlimited SQL DB’s
  • Unlimited Email accounts

Discounted Price: [color=#ff0000]$30 [/color]/mo – Buy Now

For more details visit at: https://www.milesweb.com/hosting/unl…ndows-reseller

For immediate assistance, visit our website and initiate a live chat.

.

SSL Certificate – the private key you’ve selected does not appear to be valid

I have a generated SSL certificate with Goddady and I uploaded the certificate and private key into Google Cloud and I get this message “the private key you’ve selected does not appear to be valid”. I ran the following command “openssl rsa -in private.key -out private_rsa.key” and I get this message “Can’t open private.key for reading, No such file or directory
139828091827392:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen(‘private.key’,’r’)
139828091827392:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load Private Key”
Any suggestions to get this working?

https – Should I have a separate SSL certificate for CDN or I can re-use existing website’s certificate?

I’m about to add CDN to my website, doing the research. My plans are to use CDN for static content only (CSS, JS, images), so the initial HTML pages are always dynamic, and some other critical downloads are also non-cacheable. I don’t know if this changes anything in how I connect CDN or not, from what I’ve read, I just change the nameservers to point to CDN and don’t need to alter any links from my side, and CDN inspects headers to see what should be cached and what should not.

My question

Do I need to buy a separate SSL certificate especially for CDN and have it installed at CDN or I can use the same DV certificate I bought for my website, e.g., from Sectigo? In other words, should I own 2 certificates in case having CDN, or can own just one (DV) and use it both on my server and on CDN? And let us suppose that the answer is “I need 2 certificates”. Does it matter what kind of certificate is then used on the CDN side (self-signed, DV, OV, EV) ?

https – Nginx: could not allocate new session in SSL session shared cache “SSL” while SSL handshaking

What to make of this error? I get it a few times a day, often in a clump. 14 of them yesterday, scattered throughout, but with a cluster of 9 within a few seconds of each other.

My first thought was that my cache wasn’t big enough, but at 50m I think that’s good enough for 200,000 sessions. I have a timeout of 24h and typically get 1,000,000 page views per month, so I don’t think that’s likely to be the issue.

Furthermore, if the cache WERE to run out of space, I’m pretty sure it would just silently purge the oldest entry and add the new one, with no message in the error log.

So what causes this error? I feel it can’t be a problem with the system being IO-bound – I have NVMe drives that are barely tickled by the level of traffic I have.

Any ideas?

Thank you

seo – SSL certificate both on origin server and CDN

I’m about to add CDN to my website and I’ve being doing research, but some things have raised questions instead of getting answers. (Please let me know if I should split my questions separately, each in its own topic, I just thought I’d spam with this amount of questions… plus, they are all tightly coupled)

  1. SEPARATE CERTIFICATE OR NOT, 2 OR 1 Do I need to buy a separate SSL certificate especially for CDN or I can use the same DV certificate I bought, e.g., from Sectigo? In other words, should I own 2 certificates, or can own just one on both my server and on CDN? (note I am not interested in self-signed certificates)

  2. DO URLS CHANGE OR NOT I believe most CDN providers do not require changing URLs to static content, but is that true with most popular CDNs or some of them do require changing URLs? E.g. do I have to change links from root relative to absolute with domain being the CDN’s? Or everything goes through CDN nameservers?

  3. FINAL LINKS FROM VIEW-SOURCE Given that CDN is already in place and I haven’t modified my links on my website, what kind of links will I see for static content URLs when I right click and choose “View Source” in the browser? Mine or somehow substituted by CDN edge servers?

  4. SEO/CDN: DUPLICATE CONTENT I’ve read that after introduction of CDN there might appear duplicate content in search engines.
    4.1. Should I do anything special to prevent this on the application side apart from having link rel=”canonical” on every HTML page?

    4.2. Should I do anything special to prevent this on the CDN control panel side?

  5. MAIN SERVER WITH SSL, CDN WITHOUT Suppose I have DV certificate installed for my website. Every request is over HTTPS, including static content. The browser address bar happily turns green and all is good. Now I add CDN to my website but I do not add SSL certificate for CDN-delivered content (I assume it will be delivered over HTTP). What happens with the address bar and what do visitors see who lend on my website (e.g. warning)? Has the website now become “insecure” just because static content is delivered over HTTP and not HTTPS? And what actually determines whether to show that the website is secured with SSL or not – the initial request (e.g. HTML, which must not be cached by CDN but instead forwarded directly) ?

  6. INSTALL SSL MANDATORY WHERE TO CDN OR ORIGIN? I’ve also read that, quote, “it’s better to install certificate to CDN”, end of quote. That confused me a lot. What does “better” mean? I believe that SSL certificate absolutely must be installed on main origin server, and additionally can be installed to CDN, but not vice versa. Correct?

  7. COMMON OR NOT Do the answers for the above questions pertain to most CDN providers? E.g. KeyCDN, CloudFlare, Akamai, etc., or it depends?

linux – Problemas ao renovar o SSL na Digital Ocean

Oi, tenho um problema no valor do TXT na Digital Ocean na hora de reativar o ssl do wildcard,
Usei nslookup e returnou:

Non-authoritative answer:
*** Can't find _acme-challenge.domain.com.br: No answer
On CertBot after press enter to validate TXT value:

Domain: domain.com.br
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.domain.com.br

Tentei reduzir o tempo TTL, mas ainda não deu certo.
Como posso resolver?

ssl – IIS 8.5 redirect HTTP URL to HTTPS

Using IIS 8.5 – our website has been live for several months internally on the corporate network with no SSL cert. Users have been accessing the site through the HTTP URL (let call it http://companyapp) .

I have now a HTTPS certificate and when I apply the cert to the website by adding a new binding the HTTPS URL is https://companyapp:8443 and the HTTPS is working from the browser. -Port 443 is already in use on the server for a different (non IIS) application .

However I want to configure IIS so that when the user types the URL http://companyapp , the browser will go to https://companyapp – Ideally there will be no port number required in the URL.

I want to do this in the most efficient way, so just curious what my options are as I am admin on the server running IIS but I don’t have DNS admin rights on the network.
Thanks