This is with regards to Oracle web logic server 12c.
I have deployed trusted SSL certificates and configure custom identity and trust stores on both admin and managed server.
I was asked to start both of these servers in SSL mode (https) only as these servers were attacked by hackers. For regular login (http), I am using ./startWebLogic.sh to start admin server and ./start ManagedWebLogic.sh <managed server name> http://adminservername:portnumber to start managed server.
How can I start these servers in https/ssl mode only?
Disabled non SSL port/HTTPS port and enabled SSL port on both administration server and managed servers
Related
My setup:
Azure Vm : Windows server 2008
IIS 7.5
I have purchased a domain from godaddy and pointed it to the Azure VPS. Initially the website was running on IIS using http on port 80. I have purchased SSL from godaddy using CSR and installed them as following
Intermediate certificate using MMC
Server certificate using IIS
Then I bind the certificate with my website using https on port 443, but when I visited my website it's not loading up it on https and gives an error "This site can't be reached. I have also checked secure world wide web and https is checked in my firewall settings.
I solved it by
Goto your Azure VM
In Azure VM -> Find Endpoints
Click on Add endpoint
Add endpoint for you port (in my case 443) and give it a name ( e.g https)
Save
Done
Is there a way to automatically deploy a .NET/Windows based Amazon Elastic Beanstalk instance with an SSL cert?
I already have the DNS for the domain in the SSL cert setup to point to the Beanstalk instance.
I can remote in and configure the server manually but I was wondering if there is a way to make it part of the deployment package (similar to what Windows Azure has).
If this isn't built in to Elastic Beanstalk, are there any hooks to run PowerShell scripts after deployment (or update) of my instance?
The AWS Elastic Beanstalk Developer Guide explains how to enable an SSL certificate for your Elastic Beanstalk environment.
The relevant part is:
Controlling the HTTPS port
Elastic Load Balancing supports the HTTPS/TLS protocol to enable
traffic encryption for client connections to the load balancer.
Connections from the load balancer to the EC2 instances are done using
plaintext. By default, the HTTPS port is turned off.
To turn on the HTTPS port
Create and upload a certificate and key to the AWS Access and Identity Management (AWS IAM) service. The IAM service will store the
certificate and provide an Amazon Resource Name (ARN) for the SSL
certificate you've uploaded. For more information creating and
uploading certificates, see the Managing Server Certificates section
of Using AWS Identity and Access Management.
Specify the HTTPS port by selecting a port from the HTTPS Listener Port drop-down list.
In the SSL Certificate ID text box, enter the Amazon Resources Name (ARN) of your SSL certificate (e.g.,
arn:aws:iam::123456789012:server-certificate/abc/certs/build). Use the
SSL certificate that you created and uploaded in step 1. For
information on viewing the certificate's ARN, see Verify the
Certificate Object topic in the Creating and Uploading Server
Certificates section of the Using IAM Guide.
I have any ASP.Net application running on IIS 7.5.
How can I incorporate SSL certificate to an single application in a domain.
Example , I have a website as www.mywebsite.com. Now I created another application which can be accessed by typing www.mywebsite.com/newapplication.
Now I could like to have SSL certificate only for www.mywebsite.com/newapplication and NOT FOR www.mywebsite.com.
IS THIS POSSIBLE ...???HOW ??
Thanks for your help
Start by configuring IIS to accept both http (80) and https (443) traffic. Then, configure your SSL certificate at site level. Now for each application that you create within your site (for example, your www.mywebsite.com/newapplication) you can explicitly configure if it requires SSL or not, by checking the Require SSL option under the SSL settings, visible in IIS management console when the application is selected.
I have a 3-node web farm being managed by IIS7 and Application Request Routing. I have a folder hierarchy in my web app that needs to be secured via SSL. What is the best practice for getting ARR to correctly route these SSL requests? I have installed the same certificate on all web farm servers and the server running ARR. I have tried enabling and disabling the SSL Off-loading feature
Thanks,
Matthew
I'm an idiot. I forgot to open SSL through our firewall.
Is it possible to have a FTP server using SSL on a application server that does not use SSL?
How would you setup an ASP.NET 2.0 to consume a SSL certificate?
This certianly sounds possible but is it advisable, is it good practice?
The choice on using SSL us made on a per connection level, usually determined by the IP port being used (i.e. will be set up between client and server before any application code involved).
The same service/content could be set up on multiple ports each with a different choice for SSL.
The certificate is per host name, but servers can generally support appearing under different names.
To use SSL with ASP.NET takes nothing special, it just works once the IIS web site is configured to support SSL (or to require it: when connections to port 80 for HTTP are redirected to the SSL port); this choice can be made on a per folder basis.
FTP is at the application layer, and SSL is lower, at the presentation layer. The SSL sessions are on a per connection basis. Take a look at the Wikipedia page. The SSL connection is established before anything happens with your application. Your FTP server probably isn't running inside your .NET application server, is it? You should be able to setup an SSH server listening for SCP connections separately. If it really does run from inside your app server, you should be able to listen on a separate port for the SSL connection.
Short of any of that, heres a good link for configuring SSL in IIS. You don't have to make the certificates mandatory. That way you can allow unsecured traffic and secure traffic if that fits in with your application model.
While protecting an application with SSL is always a good idea, it is technically not trivial.
Having a web application protected with SSL requires the webserver to be reachable on a new port (443/https instead of 80/http). This has to be configured "system-wide". Also, there may be only one certificate per IP-address, which is often a problem when hosting multiple domains on the same server.