Difference between revisions of "HTTPS"

From BC$ MobileTV Wiki
Jump to: navigation, search
 
(8 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
== Resources ==
 
== Resources ==
  
 +
* CA Security -- The London Protocol: https://casecurity.org/2018/06/27/the-london-protocol/<ref>RESEARCH PAPER –RELATIVE INCIDENCE OF PHISHING AMONG DV, OV, AND EV ENCRYPTED WEBSITES: https://casecurity.org/wp-content/uploads/2017/09/Incidence-of-Phishing-Among-DV-OV-and-EV-Websites-9-13-2017-short-ve....pdf</ref><ref>Digicert Withdraws from the CA Security Council: https://news.ycombinator.com/item?id=17438022</ref>
 
* generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2
 
* generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2
 
* Code to disable SSL certificate checking for any new instances of HttpsUrlConnection: https://gist.github.com/aembleton/889392<ref>Way to Ignore SSL certificate using ''HttpsURLConnection'': https://stackoverflow.com/questions/33084855/way-to-ignore-ssl-certificate-using-httpsurlconnection</ref><ref>Skip SSL HostName Verification Java ''HttpsURLConnection'': pankajmalhotra.com/Skip-SSL-HostName-Verification-Java-HttpsURLConnection</ref>
 
* Code to disable SSL certificate checking for any new instances of HttpsUrlConnection: https://gist.github.com/aembleton/889392<ref>Way to Ignore SSL certificate using ''HttpsURLConnection'': https://stackoverflow.com/questions/33084855/way-to-ignore-ssl-certificate-using-httpsurlconnection</ref><ref>Skip SSL HostName Verification Java ''HttpsURLConnection'': pankajmalhotra.com/Skip-SSL-HostName-Verification-Java-HttpsURLConnection</ref>
Line 15: Line 16:
 
== Tutorials ==
 
== Tutorials ==
  
 +
* Configuring your server to provide HTTPS using Let's Encrypt and Nginx: https://medium.com/hackernoon/configuring-your-server-to-provide-https-using-lets-encrypt-and-nginx-e46a5ae93e41
 
* How to View SSL Certificate Details in Each Browser and What You Can Learn: https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details
 
* How to View SSL Certificate Details in Each Browser and What You Can Learn: https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details
 
* HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
 
* HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
Line 30: Line 32:
 
* Apache HttpClient 4.1 - Proxy Settings: https://stackoverflow.com/questions/4955644/apache-httpclient-4-1-proxy-settings
 
* Apache HttpClient 4.1 - Proxy Settings: https://stackoverflow.com/questions/4955644/apache-httpclient-4-1-proxy-settings
 
* Connecting Through Proxy Servers in Core Java: https://www.baeldung.com/java-connect-via-proxy-server
 
* Connecting Through Proxy Servers in Core Java: https://www.baeldung.com/java-connect-via-proxy-server
 +
<ref>How to resolve error message ''java.io.IOException'' Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Invalid URI"'' by explicitly pointing to your system's proxy (particularly useful on corporate connections often stuck behind Proxy/Firewall): https://stackoverflow.com/questions/52713258/java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-http-1-1-400</ref>
 +
<ref>How to fix ''java.io.IOException: Unable to tunnel through proxy. Proxy returns “HTTP/1.1 400 Bad Request”''?: https://stackoverflow.com/questions/59520223/how-to-fix-java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-h</ref>
 +
<ref>Unable to connect to Production / Developement Server from Eclipse IDE: https://developer.salesforce.com/forums/?id=906F00000009CXGIA2</ref>
 +
<ref>Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https: https://stackoverflow.com/questions/41505219/unable-to-tunnel-through-proxy-proxy-returns-http-1-1-407-via-https</ref>
 +
<ref>IO Exception: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required": https://github.com/jeremylong/DependencyCheck/issues/718</ref>
 +
<ref>Basic authentication fails for outgoing proxy in Java 8u111: https://confluence.atlassian.com/kb/basic-authentication-fails-for-outgoing-proxy-in-java-8u111-909643110.html</ref>
  
 
* '''How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec'''
 
* '''How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec'''
Line 45: Line 53:
 
* Oracle guide to Creating, Exporting, and Importing SSL Certificates: https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG178
 
* Oracle guide to Creating, Exporting, and Importing SSL Certificates: https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG178
 
<ref>Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client</ref>
 
<ref>Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client</ref>
 +
<ref>Unit/Integration Testing HTTPS in Java with a self-signed certificate: https://blog.arkey.fr/2017/10/19/self-signed-certificates-in-java.en/</ref>
 
<ref>Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using ''keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit'')</ref>
 
<ref>Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using ''keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit'')</ref>
 
<ref>Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates</ref>
 
<ref>Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates</ref>
Line 51: Line 60:
 
<ref>How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs</ref>
 
<ref>How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs</ref>
 
<ref>Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156</ref>
 
<ref>Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156</ref>
 +
<ref>When I will get HTTP 504 error using java HttpUrlConnection Class: https://stackoverflow.com/questions/21776176/when-i-will-get-http-504-error-using-java-httpurlconnection-class</ref>
 
* How to Configure SSL Certificate in Apache Web Server: https://www.itsmarttricks.com/how-to-configure-ssl-certificate-in-apache-web-server/
 
* How to Configure SSL Certificate in Apache Web Server: https://www.itsmarttricks.com/how-to-configure-ssl-certificate-in-apache-web-server/
  
Line 65: Line 75:
 
* Is it safe to use SSL SNI in production?: https://blog.layershift.com/sni-ssl-production-ready/
 
* Is it safe to use SSL SNI in production?: https://blog.layershift.com/sni-ssl-production-ready/
 
* How Firefox's ''HTTPS-only'' mode solves the first insecure request problem: https://advancedweb.hu/how-firefoxs-https-only-mode-solves-the-first-insecure-request-problem/
 
* How Firefox's ''HTTPS-only'' mode solves the first insecure request problem: https://advancedweb.hu/how-firefoxs-https-only-mode-solves-the-first-insecure-request-problem/
 
+
* DigiCert SSL Certificate Prices: How Much Does a DigiCert SSL Certificate Cost?: https://www.rapidsslonline.com/ssl/digicert-ssl-certificate-prices/
 +
* 95% of HTTPS servers (could be) vulnerable to trivial MITM attacks: https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
 +
* DST Root CA X3 Expiration (September 2021): https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
  
 
== References ==
 
== References ==

Latest revision as of 18:21, 29 December 2021

HyperText Transfer Protocol Secure (also known as HTTP + SSL and Secure Hypertext Transfer Protocol; commonly abbreviated https) is a Transport-layer security mechanism, most commonly implementing SSL or TSL encryption mechanisms.




Resources


Tutorials

[9] [10] [11] [12] [13] [14]

[16] [17] [18] [19] [20] [21] [22] [23] [24]


External Links

References

  1. RESEARCH PAPER –RELATIVE INCIDENCE OF PHISHING AMONG DV, OV, AND EV ENCRYPTED WEBSITES: https://casecurity.org/wp-content/uploads/2017/09/Incidence-of-Phishing-Among-DV-OV-and-EV-Websites-9-13-2017-short-ve....pdf
  2. Digicert Withdraws from the CA Security Council: https://news.ycombinator.com/item?id=17438022
  3. Way to Ignore SSL certificate using HttpsURLConnection: https://stackoverflow.com/questions/33084855/way-to-ignore-ssl-certificate-using-httpsurlconnection
  4. Skip SSL HostName Verification Java HttpsURLConnection: pankajmalhotra.com/Skip-SSL-HostName-Verification-Java-HttpsURLConnection
  5. Use SSL Poke to test Java SSL connection: https://matthewdavis111.com/java/poke-ssl-test-java-certs/
  6. Connecting to SSL services: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html
  7. TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation
  8. Possible switch from Apache Http Client to HttpUrlConnection: https://github.com/android-async-http/android-async-http/issues/75
  9. How to resolve error message java.io.IOException Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Invalid URI" by explicitly pointing to your system's proxy (particularly useful on corporate connections often stuck behind Proxy/Firewall): https://stackoverflow.com/questions/52713258/java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-http-1-1-400
  10. How to fix java.io.IOException: Unable to tunnel through proxy. Proxy returns “HTTP/1.1 400 Bad Request”?: https://stackoverflow.com/questions/59520223/how-to-fix-java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-h
  11. Unable to connect to Production / Developement Server from Eclipse IDE: https://developer.salesforce.com/forums/?id=906F00000009CXGIA2
  12. Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https: https://stackoverflow.com/questions/41505219/unable-to-tunnel-through-proxy-proxy-returns-http-1-1-407-via-https
  13. IO Exception: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required": https://github.com/jeremylong/DependencyCheck/issues/718
  14. Basic authentication fails for outgoing proxy in Java 8u111: https://confluence.atlassian.com/kb/basic-authentication-fails-for-outgoing-proxy-in-java-8u111-909643110.html
  15. Securing your localhost for NodeJS Dev environments: https://blog.praveen.science/securing-your-localhost/
  16. Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client
  17. Unit/Integration Testing HTTPS in Java with a self-signed certificate: https://blog.arkey.fr/2017/10/19/self-signed-certificates-in-java.en/
  18. Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit)
  19. Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates
  20. To Delete a Certificate by Using keytool: https://docs.oracle.com/cd/E19798-01/821-1751/ghleq/index.html
  21. Convert P7B to PFX with OpenSSL: https://www.lisenet.com/2014/convert-p7b-to-pfx-with-openssl/
  22. How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs
  23. Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156
  24. When I will get HTTP 504 error using java HttpUrlConnection Class: https://stackoverflow.com/questions/21776176/when-i-will-get-http-504-error-using-java-httpurlconnection-class

See Also

HTTP | SSL | TLS | Security | SEO