Ensure secure data transmission over HTTPS in the absence of officially issued digital certificate

The transmission of (sensitive) data between server and client should be secured, in particular against eavesdropping and man-in-the-middle attack. The client accesses data (which is stored on the server) over HTTP through specific web interface. Hence, the client-server communication should be adapted to HTTP over TLS/SSL (i.e. HTTPS). There is no possibility to receive an officially issued digital certificate from one of the well-known certification authorities (CA). The solution should be simple, and the implementation may not take longer than ca. 2 hours.

How to configure a webserver with certificates

If you want to secure your webserver with ssl (HTTPS) then you have to generate a certificate and get it signed by a trusted CA.
Configure the webserver to use this certificate for the secured site.

If your browser complains about an untrusted connection even it gets the right certificate from the webserver, check if there are intermediate certificates you have to provide too.

If you can't configure your webserver to do this, you can past the intermediate certificate at the beginning of your certificate file (if it's ASCII-Armor) and your browser should recognize it.


Browser does not accept certificate of my own website, even if it is signed by a trusted CA

Browsers should be able to determine if the webserver is really who he says and building up a secure connection to it. Even if there are no errors in the configuration, the webserver starts and the client gets the right certificate at the connection the browser says the connection cannot be trusted and is not secure. The certificate is signed by a trusted CA and the CA certificate is trusted by the browser.

Enable https on Apache 2

How can I enable https on an apache 2 server? By default it is not enabled.

Enable SSL TCP Connections for Postgresql 9.1

How can I enable a secure ssl connection for an postgresql 9.1 server.

prepare an application server to handle secure connections

<p>In a web application users can collect information on their (or their company's) assets and plan future actions.</p><p>This information is of great value, so the user wants to keep it safe.</p><p>One basic task for a trustworthy service provider is, to let the user know if the connection is established indeed between the two.</p><p>In web applications this is usually accomplished by using a secure connection during user authentication.</p><p>So, an application server should be able to provide such secure connections.</p><p>For this task a SSL/TLS certificate is required. too bad, that there is none for this machine yet.</p>

SSL certificate on Microsoft IIS Server not working

While trying to establish a secure SSL connection for a webservice i encountered the problem that IIS did load the certificate but when trying to access the service with some other program the SSL connection timed out. Though IIS did somehow indicate that this URL needed a SSL connection (in comparison: if i tried to connect by some other port than 443 with an SSL request i didn't get a timeout), i can't figure out the problem, cause i can view the certificate in windows regulary and assume it is correct. I used several tools and methods to create the certificate but all ways failed.
Subscribe to SSL