SELinux and Semanage to customize Apache SSL certificate and key path

I want to create a custom path for the SSL certificate and write apache for each user, for example:

user1 will have the SSL path like this:

/home/user1/ssl/certificate.cer
/home/user1/ssl/ca_certificate.cer
/home/user1/ssl/certificate.key

SELinux does not allow Apache to start when I use the custom SSL directive in the httpd.conf file. Is there a week command that I can use to tell SELinux my custom SSL certificate and key path for Apache?

SSL certificate expired

Dear people

I am not a web hosting expert but I am not a computer novice

I have a friend of mine, he has a website, his SSL certificate expires … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1803116&goto=newpost

ssl – openfortivpn Stuck at "INFO: Tunnel is working" (os ubuntu)

I run openfortivpn on the ubuntu server, it is always stuck in "INFO: tunnel is working".
using -v, you can see that it always repeats "pppd —> gateway" and "gateway —> pppd"
I have no idea, can anyone help me? Thank you!

Some of the debugging information is as follows:
DEBUG: Setting the path to the vpn server …
DEBUG: IP route add to xxx.xxx.xxx.xxx/255.255.255.255 through 192.168.1.1 dev ens3
DEBUG: IP route add to 10.10.250.0/255.255.255.0 through 10.211.100.2 dev ppp0
DEBUG: IP route add to 10.10.250.1/255.255.255.255 through 10.211.100.2 dev ppp0
DEBUG: IP route add to 10.10.250.80/255.255.255.255 through 10.211.100.2 dev ppp0
DEBUG: IP route add to 10.1.5.5/255.255.255.255 through 10.211.100.2 dev ppp0
DEBUG: IP route add to 10.1.5.0/255.255.255.0 through 10.211.100.2 dev ppp0
DEBUG: IP route add to 10.10.250.80/255.255.255.255 through 10.211.100.2 dev ppp0
WARNING: The path to the gateway already exists.
INFO: Add VPN Name Servers …
DEBUG: Name servers are already present in /etc/resolv.conf.
INFORMATION: Tunnel is in operation.
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
DEBUG: pppd —> gateway (10 bytes)
DEBUG: gateway —> pppd (10 bytes)
……
……

Connect a custom domain to Google App Engine without Google Cloud Dashboard (only with DNS, with SSL)

I have a problem connecting an external domain to my current application.

I have my application domain example.com and I have another domain external.com.
I want the user to use the external.com domain to access this.example.com.
The URL will still be external.com, but you are using this.example.com (which is in the Google app engine).

I'm trying to add CNAME record that point to

HostName: * , Cname: this.example.com

I do not understand that it works.

Also, will I need an SSL certificate, will I need to create another certificate for my domain from external.com, or is just the certificate ok at * .example.com?

Using some tools I got this output:

getent hosts www.external.com
xxxx:xxxx:xxxx:xxx::xxxx ghs.googlehosted.com www.external.com this.example.com


host www.external.com
www.external.com is an alias for this.example.com.
this.example.com is an alias for ghs.googlehosted.com.
ghs.googlehosted.com has address xxx.xxx.xx.xxx
ghs.googlehosted.com has IPv6 address xxxx:xxxx:xxxx:xxx::xxxx

Is it possible to avoid the Google Cloud dashboard?

Thank you!

ssl: WordPress / Easy WP SMTP error when sending TLS secure mail to Exchange 2016 server in prem

I have a Windows Server 2012R2 web server without domain that hosts WordPress with the Easy WP SMTP plugin in our DMZ. You are supposed to send an email to our internal Exchange 2016 server for things like alerts, new subscriptions, etc. I used to use unsecured SMTP over port 25, but we are trying to configure it to use TLS on port 587. But, I can't send it as Exchange Server keeps rejecting the connection:

    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,0,10.0.0.44:587,192.168.200.3:58156,+,,
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,1,10.0.0.44:587,192.168.200.3:58156,>,"220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 30 Mar 2020 08:25:53 -0500",
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,2,10.0.0.44:587,192.168.200.3:58156,<,EHLO www.domain.com,
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,3,10.0.0.44:587,192.168.200.3:58156,>,250  mail.domain.com Hello [192.168.200.3] SIZE 36700160 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,4,10.0.0.44:587,192.168.200.3:58156,<,STARTTLS,
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,5,10.0.0.44:587,192.168.200.3:58156,>,220 2.0.0 SMTP server ready,
    2020-03-30T13:25:53.654Z,,08D7D3F917D985E4,6,10.0.0.44:587,192.168.200.3:58156,*," CN=*.domain.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB 4F8D1253CAE6C3AA06ED0310EAA39158 827CCAB98B7AC22709CBC1408C74CCED89060C98 2020-03-17T19:00:00.000Z 2021-03-18T18:59:59.000Z *.domain.com;domain.com",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
    2020-03-30T13:26:08.998Z,,08D7D3F917D985E4,7,10.0.0.44:587,192.168.200.3:58156,*,,TLS negotiation failed with error CertUnknown
    2020-03-30T13:26:08.998Z,,08D7D3F917D985E4,8,10.0.0.44:587,192.168.200.3:58156,-,,Local

The certificate is fine because many other TLS connections at 587 work without any problem.

How to use httpd (https / ssl) as proxy server for tomcat

I have installed httpd and tomcat on my server, but somehow I can't connect them.


        ServerName www.harshrathod.dev
        ServerAlias harshrathod.dev
        ServerAdmin ******************
        DocumentRoot /var/www/html
        DirectoryIndex index.html
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.harshrathod.dev [OR]
RewriteCond %{SERVER_NAME} =harshrathod.dev
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

ProxyRequests off
ProxyPass /projects/legend ajp://localhost:8009/legend
ProxyPassReverse /projects/legend ajp://localhost:8009/legend


Accessing the legend page at harshrathod.dev displays an error instead of responding with the index.jsp page at "../webapps/legend". Both servers are up and running. HTTPD is listening on 80 and tomcat on localhost: 8080

Do I need to paste this in:

ProxyRequests off
ProxyPass /projects/legend ajp://localhost:8009/legend
ProxyPassReverse /projects/legend ajp://localhost:8009/legend

in httpd-el-ssl.conf?

How to intercept SSL requests made by an Android flutter application?

How is it possible to intercept https requests made by a flutter application that I do not own the source code (I only have an apk file)?
I've already tried the Xposed Framework SSL pinning module. (Unlucky)

Authentication: How can I avoid SSL / TLS tethering in my app?

I am debugging my Windows application that has SSL / TLS tethering, and I want to skip / remove it so I can debug the endpoints. How could I get the CLIENT_HANDSHAKE that the app uses?

I can definitely patch the app but not the code because it would make it vulnerable. So how could I do this?

security – SSL connection in Android Studio

I am trying to generate a secure connection through my project in android studio. Which connects to an API in PHP. I manage to configure the php server, so that it can be invoked via HTTPs, but from the project, I cannot manage to connect only via HTTPs. When invoking the API, from the project, the HTTPs certificate being active, it returns information to me, as well as if the certificate is not configured on the server.
That is, it does not distinguish whether the certificate is active on the server or not. I always invoke over HTTPs, and whether the certificate is active or not, it returns a response.
I would like to know if the code I am developing is correct and how to identify if an HTTPs connection has been generated with the API service.

I attach the android studio project code,

    try {

        String link = "https://192.168.1.10/servicios/idiomasItems/consulta_idioma.php";


        HttpParams httpParameters = new BasicHttpParams();

        int timeoutConnection = 3000;
        HttpConnectionParams.setConnectionTimeout(httpParameters, timeoutConnection);

        int timeoutSocket = 5000;
        HttpConnectionParams.setSoTimeout(httpParameters, timeoutSocket);


        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        InputStream raw = contexto.getApplicationContext().getAssets().open("certificadoPrueba_10.crt");


        if (raw == null) {
            System.out.println("OJO: ¡¡No existe el archivo de configuración!!");
        }
        else {
            System.out.println("OJO_ SI: ¡¡Existe el archivo de configuración!!");
        }



        Certificate ca;
        ca = cf.generateCertificate(raw);

        System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());

        raw.close();


        // Create a KeyStore containing our trusted CAs
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);

        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);





        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());



            SSLSocketFactory sf = new CustomSSLSocketFactory(trustStore);

            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            //HttpParams params = new BasicHttpParams();
            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("https", sf, 443));

            //ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
            //client= new DefaultHttpClient(ccm, params);

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(httpParameters, registry);
            HttpClient httpClient = new DefaultHttpClient(ccm, httpParameters);




        HttpPost httppost = new HttpPost(link);

        List params = new ArrayList();

        params.add(new BasicNameValuePair("idioma", idioma(0).toJSON() ));

        httppost.setEntity(new UrlEncodedFormEntity(params));

        HttpResponse resp = httpClient.execute(httppost);
        respStr = EntityUtils.toString(resp.getEntity());


    } catch(Exception ex) {

        System.out.println("ERROR, " + ex.getMessage() );

        respStr = "ERR-" + ex.toString();

    }

    return respStr;

apache – SSL Mod Compiled Against Server

I have a problem with the redirection of www + https and I saw this error in the logs:

(ssl: warn) (pid 204: tid 412) AH01916: Init: (localhost: 443) You
HTTP configured (80) on the standard HTTPS port (443)!

So I try to find a way to get more details in apahce_error.log by changing LogLevel Warn to LogLevel Trace6 for more details and I get the following error:

mod_ssl / 2.4.37 compiled against server: Apache 2.4.37, Library: OpenSSL / 1.1.a

I also noticed that when I try to turn on my apache-> ssl module it will automatically turn off.
But my website can run the job on https, which I'm not sure if it should be strange or not (O_O).
I hope I can solve this problem before continuing with the next one.
Please help and TIA!