Go Back   Rage3D » Rage3D Discussion Area » Community and Site Discussions » Off Topic Lounge
Rage3D Subscribe Register FAQ Members List Calendar Mark Forums Read

Off Topic Lounge Discuss anything you want here folks. A place for computer junkies to boldly post Off Topic... Rant and rave if it is necessary, but just try to keep it clean!

Reply
 
Thread Tools Display Modes
Old Jan 25, 2012, 02:37 PM   #1
Advertisement (Guests Only)

Login or Register to remove this ad
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default Anyone familiar with SSL issues?

I have an SSLd WCF web service that is consumed by a desktop .Net application. It works fine for most people, but some customers simply can't connect to it and receive SSL/TLS exceptions reporting a failure to secure. If I get the customer to browse to the service in IE, it thinks the certificate is untrusted and asks them to push a certificate exception, but when I browse to it (internally or externally) it's fine.

Can corporate proxies/firewalls screw with SSL negotiation? One customer says they use a 'proxy script' (you can tell I'm not an IT bod) which as far as I can tell pushes everything non-internal to something like corporate.proxy:80. Does this mean it'll try to send SSL connections through port 80, and so screw them up?
kepler is offline   Reply With Quote
Old Jan 25, 2012, 02:58 PM   #2
riho
Breaking a take
 
Join Date: Jun 2002
Location: Estonia Estonia
Posts: 5,015
riho can beat 'Minesweeper' on any difficultyriho can beat 'Minesweeper' on any difficulty


Default

Quote:
Originally Posted by andyfowler View Post
I have an SSLd WCF web service that is consumed by a desktop .Net application. It works fine for most people, but some customers simply can't connect to it and receive SSL/TLS exceptions reporting a failure to secure. If I get the customer to browse to the service in IE, it thinks the certificate is untrusted and asks them to push a certificate exception, but when I browse to it (internally or externally) it's fine.

Can corporate proxies/firewalls screw with SSL negotiation? One customer says they use a 'proxy script' (you can tell I'm not an IT bod) which as far as I can tell pushes everything non-internal to something like corporate.proxy:80. Does this mean it'll try to send SSL connections through port 80, and so screw them up?
What kind of cert is it? Self signed or issued by a legit CA?
riho is offline   Reply With Quote
Old Jan 25, 2012, 03:04 PM   #3
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default

Quote:
Originally Posted by riho View Post
What kind of cert is it? Self signed or issued by a legit CA?
Legit, Verisign.
kepler is offline   Reply With Quote
Advertisement (Guests Only)
Login or Register to remove this ad
Old Jan 25, 2012, 03:10 PM   #4
riho
Breaking a take
 
Join Date: Jun 2002
Location: Estonia Estonia
Posts: 5,015
riho can beat 'Minesweeper' on any difficultyriho can beat 'Minesweeper' on any difficulty


Default

Quote:
Originally Posted by andyfowler View Post
Legit, Verisign.
Can you test on some workstation or laptop (or virtual machine) by clearing all trusted CA's from your windows certificate store (making the verisign cert untrusted) and then see if that reproduces the issue?

Last edited by riho : Jan 25, 2012 at 03:13 PM.
riho is offline   Reply With Quote
Old Jan 25, 2012, 03:49 PM   #5
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default

Quote:
Originally Posted by riho View Post
Can you test on some workstation or laptop (or virtual machine) by clearing all trusted CA's from your windows certificate store (making the verisign cert untrusted) and then see if that reproduces the issue?
No, I can suggest it as a diagnostic step but tbh most of the SSL deployment stuff is largely over my head (yeah I've identified a training requirement there ). As far as I can tell though the certificate should be fine. It's in about 30 customer environments atm, and only a couple are reporting issues.

Though, as I said, I don't know a hell of a lot about SSL so I could easily be missing something.
kepler is offline   Reply With Quote
Old Jan 26, 2012, 04:01 AM   #6
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default

Hrm. Well, this is less than ideal.

kepler is offline   Reply With Quote
Old Jan 26, 2012, 01:45 PM   #7
Mahjik
Motoring Goodness
 
Join Date: Nov 2001
Location: United States Kansas City, MO
Posts: 11,308
Mahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badges


Default

Most root certs by the trusted companies like VeriSign or EnTrust are shipped and updated via Windows security updates. Usually when a VeriSign cert is not trusted by a Windows device, the device is not up to date with their Windows updates.

http://support.microsoft.com/kb/931125
Mahjik is offline   Reply With Quote
Old Jan 26, 2012, 01:50 PM   #8
riho
Breaking a take
 
Join Date: Jun 2002
Location: Estonia Estonia
Posts: 5,015
riho can beat 'Minesweeper' on any difficultyriho can beat 'Minesweeper' on any difficulty


Default

If the issue is with the missing CA cert maybe you can distribute it with the application? Or let some of the clients install it and try it then.
riho is offline   Reply With Quote
Old Jan 27, 2012, 03:44 AM   #9
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default

Thanks guys, much appreciated.
kepler is offline   Reply With Quote
Old Jan 27, 2012, 05:42 AM   #10
kepler
Radeon Arctic Islands
 
Join Date: Oct 2003
Location: Germany Weil der Stadt
Posts: 23,430
kepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single boundkepler can leap small-ish buildings in a single bound


Default

Update: We got the users IT depts to install their security updates and it's fixed.

I'm also going to push to see if I can get it included as part of the install package (once I have a read up on managing the updates, their currency, etc).

I owe you both a pint.
kepler is offline   Reply With Quote
Old Jan 27, 2012, 08:34 AM   #11
Mahjik
Motoring Goodness
 
Join Date: Nov 2001
Location: United States Kansas City, MO
Posts: 11,308
Mahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badgesMahjik doesn't need no stinkin' badges


Default

Mahjik is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
anyone familiar with this, m audio co2? warmonger180 Home Theaters and Photography 3 May 3, 2011 05:40 AM
Anyone Familiar with VBA in Excel? kmillerusaf Off Topic Lounge 10 Jul 31, 2008 08:19 AM
anyone familiar with agoraphobia? night Off Topic Lounge 15 Dec 8, 2004 09:58 AM
Anyone familiar with M-Net ? Soulkrusha Programmers Discussion Forum 1 Apr 17, 2004 03:09 PM
ASUS Q-Fan. Anyone familiar ? dovshuman General Hardware 2 Sep 16, 2003 11:55 AM


All times are GMT -5. The time now is 11:40 PM.



Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
All trademarks used are properties of their respective owners. Copyright ©1998-2011 Rage3D.com
Links monetized by VigLink