which version of watchguard ssl vpn uses SHA1 2A42AF641D4B59A5BC7DB461879AE3DC4D2B874D
tried in manny ways
Related
OpenVPN based Site-to-Site VPN between Azure on premise server is it secure?
We are trying to setup Site to site connection but our firewall doesn't have Ikev2
So we want to setup the vpn without the need of the firewall. It seems OpenVPN in azure can do the job
Although it uses certificates to authenticate but i'm not sure the security and performance of bypassing the firewall.
I would love to know your input of how to setup and if this route is the best.
Thanks in advance
OpenVPN uses tunneling over SSL. So traffic over OpenVPN is encrypted and it is safe to use. As it is using SSL/TLS for Key exchange it is safe to by pass your firewall.
I intend to buy a wildcard SSL certificate for mydomain.com. From my ISP I map test.mydomain.com - using CNAME setting - to an Azure VM (not a simple web app) running a webserver (e.g. blahblah-vm.cloudapp.net) where I have opened port 80 and 443.
Now, my client connects to https://test.mydomain.com. Will there be any issues? Do I need to somehow prepare the VM with the mydomain.com SSL certificate or will it just work thanks to the CNAME mapping?
Does your VM have a static Public IP address? If yes, you could use A Records. Also, we can use CNAME map the Azure VM's FQDN.
Now, my client connects to https://test.mydomain.com. Will there be
any issues?
Before you connect to https://test.mydomain.com, we should install SSL certificate on your PC first.
Do I need to somehow prepare the VM with the mydomain.com SSL
certificate or will it just work thanks to the CNAME mapping?
There is no need to prepare something except install SSL certificate.
Update:
If your VM is windows, and use IIS to deploy your web server, we can use SSL certificate here:
I have an F5 load-balanced 4-server cluster environment that I'm building, so I'm looking to centralize our certificates to prevent needing to install them all on every server. Windows 2012 / IIS 8 seems to have centralized certificates, but that is only to secure my endpoint in IIS for inbound traffic.
What about for outbound traffic? They all will be initiating TLS transactions to external entities, so I need a way to store all these on a single server and have each of the IIS boxes "tap into" that cert store for the private and public keys that are necessary to send that TLS message.
Any suggestions?
You're looking for an HSM which the F5 will support and IIS also supports a few major vendors (Thales and Safe-Net both have IIS supported HSMs). They're not cheap from what I remember but that's exactly what you're looking for.
If you don't want to go that route, you can opt for the dirty solution of using the BIG-IP as your cert store and rely on self-signed certs on the IIS pool members.
Inbound: Incoming traffic terminates on BIG-IP using the valid CA-signed cert SSL Client profile. BIG-IP re-encrypts to IIS using a generic SSL server profile. Not pretty but it works.
Outbound: You would have to use the BIG-IP as the default gateway of the IIS server so you can direct the outbound TLS from BIG-IP instead of IIS directly.
Devcentral: SSL Acceleration - Can I encrypt outbound traffic
Hope this helps.
-Chase
Can we ignore SSL verification for local network. My case is-
I have two applications deployed in a system. These two applications cannot communicate through internet, due to some security constraints. the two applications can communicate using their private IPs. But the certificate issued by CA is valid only for the public IP (accessible from internet), so when they tries to do a HTTP connection, it throws a Subject Alternative Name invalid exception.
I cannot use alternate certificate.
Please suggest if we can configure Java / JREs of the applications to ignore SSL validation?
Please suggest any alternate solution, if any.
It sounds to me like you might just be better off using HTTP on the local network.
If you need transport layer security on your LAN, you can probably use a VPN or SSH tunnel instead. And it sounds to me like you don't really need this, as you're OK with ignoring SSL handshake errors, which makes using SSL in the first place kind of moot.
You can set up your servers to listen on two ports, one for external requests over HTTPS, and one for internal requests on HTTP.
You can either set up your firewalls so that HTTP is only available from LAN IPs, or alternatively only listen on localhost and use a VPN or SSH tunnel to the target server and do the requests via the tunnel.
We've got a Windows Server 2003 running IIS 6 where we host multiple sites with different domains. www.site1.com, www.site2.com etc.
Now one of these sites need a SSL certificate, so I ordered a certificate from rapidssl.com for the domain www.site1.com.
The problem:
After installing this SSL certificate all https request to this server, regardless of domain, gets redirected to the www.site1.com site.
FYI: This is the only site on the server that got a SSL certificate installed.
Anyone?
cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:" solved the problem.
According to this site, SSL does not support host headers. If you have more than one IP on your server, try using one IP for the SSL website and use other IPs for the other sites. If you don't, ask for another IP for your server to your helpdesk.
It's possible...
http://www.sslshopper.com/article-how-to-configure-ssl-host-headers-in-iis-6.html
http://www.digicert.com/ssl-support/configure-iis-host-headers.htm
As per post by Kulvis