I want to bind 2 certificates on a port in my Windows server.
But it doesn't let me add the second certificate once one has already been added for it. Or unless I clear the bindings for the port using netsh delete command.
Adding the second certificate shows this error -
System error 183. Cannot create file when that file already exists
netsh http add sslcert ipport=0.0.0.0:2195 certhash="$thumbprint" appid='{472f53d0-29e1-4cf4-ba9c-79f362d8f6fa}'
Is it possible to bind multiple certificate to the same port?
Thanks in advance.
I have found a solution for this. Surprisingly I didn't find a single resource about this across the web.
It seems that you can't bind multiple certificates if you set the IP as 0.0.0.0 (which I think, is wildcard)
So, for the other certificate, I had to use some other IP.
Since in my case the destination IP address is known and is fixed, which is 17.x.x.x IP address block (Apple) .
So for the second certificate, I changed the ipport in the command to 17.0.0.0:2195.
And voila, it worked!
Related
This tutorial use left parameter when setup strongswan, while this tutorial also use leftid parameter. What is the difference between left and leftid?
Found answer from here:
One defines the local IP address(es), `left`, which does not have to be specified
unless it should be restricted. The other, `leftid`, the local identity used during
authentication, which will default to the local IP address or the subject DN of the
local certificate, if one is configured.
Note that the convention is to use `left...` options for local settings and `right...` for
those of the remote, but they might get swapped if an IP in `right` is found locally.
Please refer to the man page for ipsec.conf (`man ipsec.conf`) or the [wiki page for
the conn section][1] for details.
----
You can't set `left` to an IP address that's not installed on any local interface. As you
can see in the log, the daemon won't be able to send packets from that address.
Likewise, inbound request are dropped because the destination address doesn't match
the config (the `no IKE config found for ...` message). So either don't configure it (same
as setting it to `%any`) or configure a local address from/on which packets can be
sent/received (e.g. `172.30.13.1` in your case).
[1]: https://wiki.strongswan.org/projects/strongswan/wiki/Connsection
I know how to configure WL to listen for a my IP address instead of localhost. I had done it in past and it worked as well. Today suddenly things are broken, as usual I started my server configured for listening to my IP address and I was not even able to open the WL console.
I thought it could be some proxy issue so I removed all my proxies and then tried but no help. Then just to be double sure I used curl and tried to GET the admin page but still no help.
Then I thought that it could related to some recent firewall blocking rules my company might have pushed so this link and added my port to unblock list for both inbound and unbound rules, but still not help.
Does anyone has any idea whether there is something I can do to debug or rectify this issue. Please note that I have already tried changing my WL listen address to "no address", specific address etc. but it doesn't help, and I have tried netstat -a -n command and I can see there is a connection listening for my IP:port, but in the end I cannot access that connection/socket or in other words I cannot access my WL admin console or my application
I am assuming that your servers and applications are running. But you are not able to access them.
In this case, You can start from here.
1. Verify whether you are able to ping the admin host. If so, see whether telnet is allowed on admin port.
2. Try accessing the console with both FQDN and ip address.
3. If vnc server is configured on your server which is hosting weblogic, try launching chrome from VNC to access weblogic admin console.
This is first time I setup ftp server and I'm not really clever at network thing.
How do i want my connection to look like.
HOME > INTERNET > OFFICE_ROUTER > OFFICE_WORKSTATION > FTP_SERVER
OFFICE_WORKSTATION has 2 NIC: connection to FTP_SERVER and internet connection by OFFICE_ROUTER, FTP_SERVER has only connetion to OFFICE_WORKSTATION (localNetwork)
What I already did is vsftpd on FTP_SERVER with tls and it's already accesible from localNetwork - OFFICE_WORKSTATION (e.g by using totalCommander > 10.10.10.10:21)
I did port and ip forwarding on OFFICE_ROUTER (let's say its public ip is 192.192.192.1 and local 192.168.10.1)
So when I connect from HOME to OFFICE_ROUTER it sends me further to OFFICE_WORKSTATION.
Then i setup netsh on OFFICE_WORKSTATION ( localNetwork ip 10.10.10.50, inernetNetwork ip 192.168.10.10) to get 192.168.10.10:21 from internet and send it to 10.10.10.10:21 which is my FTP_SERVER. But such setup gives me "500 illegal PORT command"
Maybe it's because FTP_SERVER don't know how to send data back ? Because now it should respond from 10.10.10.10:21 (FTP_SERVER) to 10.10.10:50 OFFICE_WORKSTATION) and here netsh should take care of it and output it to OFFICE_ROUTER
I already know that ftp uses two ports data and command. Maybe i shoud forward both ports ?
I did test where my OFFICE_WORKSTATION serve FTP and I was able to connect it by HOME station by using single portForwarding on OFFICE_ROUTER.
With totalCommander from OFFICE_WORKSTATION i connect to 10.10.10.10:21 and it works, but if i try (also from OFFICE_WORKSTATION) in totalCommander to use those configured ports ( 192.168.10.10:21 > 10.10.10.10:21 ) I've got same error "500 illegal PORT command"
I want my OFFICE_WORKSTATION to serve as portForwarding (i don't even know how to call it). So at the end I think problem lies in error/problem in portForwarding configuration.
I would be very pleased if someone could give me some hints.
This is first time I setup ftp server
Don't.
Please, do not use FTP. You really, really do not want to use FTP. We do not want you to use FTP. Vint Cerf does not want you to use FTP. Bill Gates does not want you to use FTP. Even FTPS (which I'm guessing is what you are trying to say).
There are few things worse than FTP. FTPS is one of them. Setting up FTPS with any sort of NAT is really difficult for an expert systems admin.
There are lots of better solutions - SFTP (note order of letters - it's completely different) for one.
I have successfully setup IIS on my local development machine (dev branch - setup as localdev.me) but when I went to setup another branch (hotfix - setup as localhotfix.me) I am running into issues. The issues are due to the way the site is setup. The subdomain of the url is used to determine which Database to connect to. So going to host.localdev.me will connect to the host database. So in IIS I have the following settings for the bindings of the site.
Type Host Name Port IP Address
http localdev.me 80 *
http *.localdev.me 80 *
I can ping localdev.me with any subdomain and I get the loopback address as expected. When I then setup the hotfix branch (exactly the same as the dev but with the following bindings) I get name not resolved errors.
Type Host Name Port IP Address
http localhotfix.me 80 *
http *.localhotfix.me 80 *
Is there a reason the first setup would work and not the second? What is perhaps even stranger if I tell IIS to stop I can still ping subdomains on localdev.me and get the loopback address.
I could always get it working by manually specifying the host name in my windows hosts file but I would rather not do that as I would need to go in and edit the file every time we add a new subdomain.
EDIT: These are the specific errors I am getting.
ping localhotfix.me
Ping request could not find host localhotfix.me. Please check the name and try again.
EDIT2: I have a solution that works fairly well. It requires Acrylic DNS and installation of the Microsoft Loopback Adapter. I set the loopback adapter to a valid IP Address and set the DNS server to 127.0.0.1 then edit the AcrylicHosts file to contain entries for each domain with a wildcard. Once I did all of this I was able to ping localhotfix.me along with *.localhotfix.me. I believe the reason localdev.me worked is because it is a valid domain. The name would resolve at which point I believe IIS was able to take over. But thats really just an educated guess. But kindof makes sense as to why it worked for one and not the other.
The reason *.localdev.me works without a hosts file is because the public DNS for that domain resolves to 127.0.0.1 as long as it is not localdev.me or www.localdev.me. You can check this using nslookup *.localdev.me (replace the asterisk with anything except www) while your hosts file is empty. On the other hand, *.localhotfix.me is not registered in public DNS at all, which is why you'd need a hosts file entry for those.
We've set up port forwarding so that our users can access the web server on server foo through a SSH tunnel.
The port forwarding causes requests to 999 on the local machine to be forwarded to port 80.
On their own machine they open the SSH tunnell and then enter into their local browser ...
http://localhost:999/d/a.html
... on their local browser and their local browser receives the equivalent output to :
http://foo/d/a.html
This is all fine. However within a.html is a relative link to b.html (the link is just plain "b.html" - no virtual directory, no host name). The browser inteprets that link as being ...
http://localhost/d/b.html
... that is the port qualifier has been lost and so when the link is used instead of it going down the SSH tunnel the client machine attempts to resolve the address itself and finds it can't.
I assume this must be a common problem but how is it resolved ?
I'm answering my own question here. Based upon the above comments I've reviewed what's happening and it is (almost certainly) something unrelated to the tunnelling. Please ignore the question and thanks for your time.