Jump to content

JSbtg

Members
  • Content Count

    10
  • Joined

  • Last visited

Everything posted by JSbtg

  1. Thank you! I believe I may have all my requested tasks on this completed! I will run this for a little bit and document odd things noted if I have to follow up with anything. There is a possibility my boss on an apple device was unable to access it, to view and demonstrate the changes.
  2. I have it all fixed, I am elated with joy. I have http > https, AND era.xxxx.com > era.xxxx.com/era automatically. I did skip the step of: 2. Add the following to the Tomcat conf/web.xml file above "</web-app>" <!-- Require HTTPS for everything. --> <security-constraint> <web-resource-collection> <web-resource-name>HTTPSOnly</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFID
  3. according to the documentation, the appending of the additional /era is normal? I tried accessing the tomcat GUI, but I found the "root" folder and entries in the tomcat webapps folder are not there. I suspect this is intentional to raise security of the era against malicious people.
  4. SO! I have news! I did not want to give up on this yesterday, I looked at it as, I know my cert is being used, and everything looks correct. My coworker mentioned this to our boss, and my boss checked our DNS server, there was either an error in the / or a missing PTR record. He showed me that https://era.xxxx.com/era works. Now the challenge is two items: 1. Get a hxxp://era.xxxx.com to auto-redirect to https://era.xxxx.com 2. Not have to append the additional "era" at the end of https://era.xxxx.com/era, and have just https://era.xxxx.com either work, or auto-redirect to https://e
  5. I am an idiot, but still no great progress. This whole time I have been using the internal IP of the server, to access the ERA webconsole, at https://10.0.x.x, obviously I will get a cert error for that, and there is no entry in the cert or the firewall, to route the internal address of that server, to the public request. the entries we do have, show an inbound from anywhere, requesting https://era.xxxx.com, will take the default 443, and forward to the internal IP of the ERA server. we also sho the DNS record for our cert, to show that era.xxx.com goes to the public IP associated with
  6. So I checked, and sure enough my browser IS using the certificate. under view details, I have an error red triangle next to "certificate error", a green square next to secure connection ( says it is using TLS 1.2 with a strong key exchange (ECDHE_RSA), and a strong cipher (AES_128_GCM)). I also have a green square next to Secure resources. I feel like this means I am using an inappropriate cert for this function? when I select "view certificate", I get a viewable chain length of three. not sure what to do, in the mean time I am researching "net::ERR_CERT_COMMON_
  7. I have tried again, this time with the keystore explorer tool you kindly recommend. I changed the alias and password, and edited the three respective fields in the XML. I then started the tomcat service, and got the warning of "not secure site" This makes me feel I have the process working, but the certificate, either is wrong, or I missed a step with that. I appreciate the assistance on this. Please let me know if there is any more helpful information I can supply.
  8. Thank you for the information. A few questions: Am I supposed to just be converting my certificate to the .keystore type? or am I also supposed to combine it with a cert on the machine / tomcat / eset? I converted my cert, edited the three fields at the end of the server.XML and restarted tomcat services as well as ESET remote administrator server, without success to login via HTTPS. A theory as to why, is the alias that I enter in the XML, supposed to be what is shown with the "keytool -v -list -storetype pkcs12 -keystore KEYSTORE_FILE" command? or is the ali
  9. I am new in the IT field, and I have built a windows 2016 server VM, I used the all-in-one installer to get this guy going, and have 400 clients connecting properly. I have been tasked with getting our webconsole to go to HTTPS://era.******.com without the "your connection is not private" warning on chrome. I have spent an embarrassing amount of time trying to rectify this. I am not sure which end I have is wrong, I feel it is either the certificate I am using is wrong, or I can not get the commands processed properly to get a properly configured .keystore going. I have been following: ht
×
×
  • Create New...