HTTPS

From BC$ MobileTV Wiki

Revision as of 20:51, 14 October 2020 by Bcmoney (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

HyperText Transfer Protocol Secure (also known as HTTP + SSL and Secure Hypertext Transfer Protocol; commonly abbreviated https) is a Transport-layer security mechanism, most commonly implementing SSL or TSL encryption mechanisms.

Contents

1 Resources
2 Tutorials
3 External Links
4 References
5 See Also

Resources

generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2
Code to disable SSL certificate checking for any new instances of HttpsUrlConnection: https://gist.github.com/aembleton/889392
Unable to connect to SSL services due to "PKIX Path Building Failed" error: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html | SRC (SSL Poke^[1]^[2] test class & instructions)

Tutorials

How to View SSL Certificate Details in Each Browser and What You Can Learn: https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details
HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
The HTTP Series (Part 5) -- Security: https://dzone.com/articles/the-http-series-part-5-security
Testing for SSL renegotiation: https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html (SSL renegotation is a DDOS vulnerability)
Tips for Securing SSL Renegotiation: https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/^[3]

An HTTPS client and HTTPS server demo in Java: https://www.pixelstech.net/article/1445603357-A-HTTPS-client-and-HTTPS-server-demo-in-Java
Android’s HTTP(S) Clients: https://android-developers.googleblog.com/2011/09/androids-http-clients.html^[4]
Security with HTTPS and SSL: https://developer.android.com/training/articles/security-ssl.html#java
How to use java.net.URLConnection to fire and handle HTTP requests?: https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests/32781880#32781880
Subsequent HTTPS POST request in Java with cookies retained: https://stackoverflow.com/questions/32591295/subsequent-https-post-request-in-java-with-cookies-retained/32592521#32592521
Apache HttpClient 4.1 - Proxy Settings: https://stackoverflow.com/questions/4955644/apache-httpclient-4-1-proxy-settings
Connecting Through Proxy Servers in Core Java: https://www.baeldung.com/java-connect-via-proxy-server

How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec
Heroku Dev center - Creating a Self-Signed SSL Certificate: https://devcenter.heroku.com/articles/ssl-certificate-self
Self-Signed, Trusted Certificates for Node.js & Express.js: https://www.kevinleary.net/self-signed-trusted-certificates-node-js-express-js/^[5]
Quick & Easy HTTPS For Local Development (when you need to simulate LoadBalancer/Proxy): https://blog.codeship.com/quick-easy-https-for-local-development/
HTTPS security best practices: https://advancedweb.hu/2018/08/21/https_security/
X.509 client certificates with Spring Security: https://blog.codecentric.de/en/2018/08/x-509-client-certificates-with-spring-security/
A simple post-HTTP-to-HTTPS SEO checklist: https://www.hashemian.com/blog/2017/09/simple-post-http-to-https-seo-checklist.htm

The Java Developer’s Guide to SSL Certificates: https://medium.com/@codebyamir/the-java-developers-guide-to-ssl-certificates-b78142b3a0fc
Installing Trusted Certificates into a Java Keystore: https://blogs.oracle.com/jtc/installing-trusted-certificates-into-a-java-keystore
How to add certificate chain to keystore?: https://stackoverflow.com/questions/16062072/how-to-add-certificate-chain-to-keystore
Java HTTPS to a server with a self-signed certificate: https://www.artificialworlds.net/blog/2015/12/07/java-https-to-a-server-with-a-self-signed-certificate/
Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client

^[6] ^[7] ^[8] ^[9] ^[10]

How to Configure SSL Certificate in Apache Web Server: https://www.itsmarttricks.com/how-to-configure-ssl-certificate-in-apache-web-server/

External Links

wikipedia: HTTP Secure
wikipedia: Secure Hypertext Transfer Protocol
A Basic Understanding of Web Protocols -- HTTP and HTTPS: https://dzone.com/articles/easy-understanding-of-web-protocols-http-and-https
Why HTTPS matters: https://web.dev/why-https-matters/
Moving to HTTPS from HTTP -- How And Why You Need To Migrate: https://dzone.com/articles/safer-web-practices-with-https-website-https-from
HTTPS crypto-shame -- TV Licensing website pulled offline: https://www.theregister.co.uk/2018/09/06/tv_licensing_https_fail/
Let's Encrypt is Not a Really, Really, Really Bad Idea!: https://www.defenseagainstthedarkarts.com/lets-encrypt-is-not-a-really-really-really-bad-idea/
Is it safe to use SSL SNI in production?: https://blog.layershift.com/sni-ssl-production-ready/

References

↑ Use SSL Poke to test Java SSL connection: https://matthewdavis111.com/java/poke-ssl-test-java-certs/
↑ Connecting to SSL services: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html
↑ TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation
↑ Possible switch from Apache Http Client to HttpUrlConnection: https://github.com/android-async-http/android-async-http/issues/75
↑ Securing your localhost for NodeJS Dev environments: https://blog.praveen.science/securing-your-localhost/
↑ Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit)
↑ Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates
↑ Convert P7B to PFX with OpenSSL: https://www.lisenet.com/2014/convert-p7b-to-pfx-with-openssl/
↑ How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs
↑ Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156

See Also

HTTP | SSL | TLS | Security | SEO

Retrieved from "http://wiki.bcmoney-mobiletv.com/index.php?title=HTTPS&oldid=54844"

Communication Protocol