Text version of the video http://csharp-video-tutorials.blogspot.com/2012/12/implementing-ssl-in-aspnet-web.html Slides http://csharp-video-tutorials.blogspot.com/2013/08/part-101-implementing-ssl.html All ASP .NET Text Articles http://csharp-video-tutorials.blogspot.com/p/free-aspnet-video-tutorial.html All ASP .NET Slides http://csharp-video-tutorials.blogspot.com/p/aspnet-slides.html All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists In this video we will discuss about 1. Understand the term self-signed certificates 2. Creating self-signed certificates 3. Configuring an asp.net web application to use SSL, that is use HTTPS instead of HTTP 4. Importing and exporting certificates What are self signed certificates A self-signed certificate is an identity certificate that is signed by its own creator. Certificates are signed by Certificate Authority. In general self signed certificates are fine for testing purposes and not for production use. Creating self-signed certificates There are several ways to create self signed test certificates. Let us explore 2 of the easier options available. The easiest and simpler approach is to use IIS to create these certificates. In IIS 7.5 1. Click on the "Server Name" 2. Double click "Server Certificates" feature 3. Click on "Create Self Signed Certificate" link, under "Actions" 4. Specify a friendly name for the certificate and click OK. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate. The generated test certificate, is also automatically installed into the certificate store. MakeCert.exe tool can be used as another way to generate, test certificates. The following link from microsoft explains, various options that can be used with this tool. This is a command line tool and must be run from visual studio command prompt. http://msdn.microsoft.com/en-us/library/bfsktky3.aspx Makecert -r -pe -n "CN=YourComputerName" -b 01/01/2000 -e 01/01/2100 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 Note: Replace YourComputerName, with the name of your computer. Associating an asp.net web application with a specific certificate Add HTTPS site binding, if it is not already present 1. Open IIS 2. Expand the "Server Name" 3. Expand "Sites" 4. Select "Default Web Site" 5. Click "Binding" under "Edit Site" in "Actions" pane. 6. In the "Site Bindings" window, Click "Add" 7. Select Type = "https" and the SSL Certificate and click "OK" 8. Click "Close" on "Site Bindings" window At this point, you will be able to access your application using both HTTP and HTTPS protocol. When the site is accessed over HTTPS, you may receive a browser warning about the authenticity of the website. In a later video session we will discuss about resolving this. If you want to dis-allow, access over HTTP protocol there are 2 ways First Way: Remove HTTP binding at the IIS Server level. This option will prevent all the web applications, running on that server to use only HTTPS binding. Second Way: Let both the bindings be available at the server level and configure SSL settings at an application or web site level. 1. Select your web application in IIS 2. Double click "SSL Settings" from the features window 3. Make sure "Require SSL" checkbox is checked. 4. Click "Apply" under "Actions" pane Now, if you try to access the application using HTTP instead of HTTPS, you will get an error HTTP Error 403.4 - Forbidden The page you are trying to access is secured with Secure Sockets Layer (SSL) Use Import and Export feature of IIS to import and export certificates
Views: 77062 kudvenkat
Protect the current document from opening using cert4u as password and RC4, Microsoft RSA SChannel Cryptographic Provider as type of encryption with key size up to 64 bits.Want more? Then download our TEST4U demo from https://www.test4u.eu/en/demo TEST4U provides an innovative approach to learning. Ignore the boring e-courses and use a new, interactive tool like 700 000 satisfied users did. TEST4U is an automated test which cooperates with the actual applications and can be used to prepare the students for certification exams (e.g. Microsoft-Certiport, ECDL/ICDL, DIPLOMA etc.) and train and assess employees. More on https://www.test4u.eu/en/demo
Views: 36 test4u.eu
Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the master keys, session keys, private and ephemeral keys, and session tickets used in TLS/SSL connections. It discusses the underlying data structures, and how to extract both the keys and other useful information that provides forensic context about connection. This information is then leveraged to decrypt session that use ephemeral cipher suites, which don't rely on the private key for decryption. Information in the cache lives for at least 10 hours by default on modern configurations, storing up to 20,000 entries for client and server each. This makes it forensically relevant in cases where other evidence of connection may have dissipated. Bio: Jake Kambic is a DFIR researcher and network penetration tester
Views: 1339 DEFCONConference
-------------------- If you wish to view the "text" version of this video, please visit our Knowledge Base article at: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO21229 For further support and troubleshooting, please visit our support pages at: https://www.thawte.com/support --------------------
Views: 5972 Thawte SSLTech
Προστατέψτε το παρόν έγγραφο από άνοιγμα, χρησιμοποιώντας ως κωδικό πρόσβασης το cert4u και τύπο κρυπτογράφησης RC4, Microsoft RSA SChannel Cryptographic Provider, με μέγεθος κλειδιού 64. Θέλετε περισσότερα; Κατεβάστε το demo του TEST4U εδώ https://www.test4u.eu/demo Το TEST4U δεν είναι ένα ακόμη βαρετό βιντεομάθημα. Αντίθετα, προσεγγίζει την μάθηση με καινοτομία, για να προετοιμάσει τους εκπαιδευόμενους για εξετάσεις πιστοποίησης (π.χ. Microsoft-Certiport, ECDL/ICDL, DIPLOMA κ.λπ.) και να εκπαιδεύσει και να αξιολογήσει εργαζόμενους. Μάθετε περισσότερα στο https://www.test4u.eu/demo --------------------- Σχετικά προϊόντα TEST4U: TEST4U Microsoft Word Expert 2016, 2013, 2010, 2007, 2003 - Ελληνική έκδοση https://www.test4u.eu/el/e-tests/ms-word-2016-2013-2010-2007-2003-el-expert
Views: 29 test4u.eu
To Solve First open Control Panel 2. Click Network and Internet Connections 3. Click Internet Options 4. Click Security 5. Click Trusted Sites 6. Click Sites 7. Type "https://www.google.com" in "Add this website to the zone" and click "Add" and close. 8. Now click date and time on the taskbar. 9.Now choose correct date and time and click "Internet Time" 10. Now tick mark on "Automatically synchronize with Internet time server. 11. Select Server "time.windows.com" and click update and "OK". You don't need to complete update. Just click Ok. Now SSL Certificate error have been solved.
Views: 444778 Ibrahemtaqi
Modern encryption techniques provide several important security properties, well known to most practitioners. Or are they? What are in fact the guarantees of, say, HTTPS TLS cipher suites using authenticated encryption, IPSec vs. SSL VPNs, Property Preserving Encryption, or token vaults? We live in an era of embedded Hardware Security Modules that cost less than $1 in volume, and countless options now exist for encrypting streaming network data, files, volumes, and even entire databases. Let's take a deep dive into the edge of developed practice to discuss real-world threat scenarios to public cloud and IoT data, and look closely at how we can address specific technical risks with our current encryption toolkits. Advanced math not required. Bio: Kenneth White is a security researcher whose work focuses on networks and global systems. He is co-director of the Open Crypto Audit Project (OCAP), currently managing a large-scale audit of OpenSSL on behalf of the Linux Foundation's Core Infrastructure Initiative. Previously, White was Principal Scientist at Washington DC-based Social & Scientific Systems where he led the engineering team that designed and ran global operations and security for the largest clinical trial network in the world, with research centers in over 100 countries. White co-founded CBX Group which provides security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. Together with Matthew Green, White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software. White holds a Masters from Harvard and is a PhD candidate in neuroscience and cognitive science, with applied research in real-time classification and machine learning. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and Nature. White is a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on computational modeling, security engineering, and trust. He tweets @kennwhite.
Views: 896 Duo Security