Announcement

Collapse
No announcement yet.

SSL only works locally

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    SSL only works locally

    I sent an email with our issue, but i thought maybe someone could benefit from whatever we learn here. That and I think Commit support is tired of my emails.

    We FINALLY got our SSL files in the correct format.

    If we go to http://127.0.0.1:4961 or https://127.0.0.1:4962 locally we can login both ways and the https site says it is secure with the little padlock and all.

    Only problem is it only works locally. When we change the UseSSLEncryption=N to UseSSLEncryption=Y. we cant login from the web anymore.

    we have the external ip set to commit.mywebsite.com and an A records from the dns web server pointing to the server's external IP. Works fine until we turn the SSL N to Y.

    What else do we need to change to make it work?

    Second question: is there a way to force SSL only once this is working? I don't want anyone using the unsecured version anymore. (Other than blocking the port on the firewall)

    I would rather it redirect everyone so customers and employees have a smooth transition.

    Re: SSL only works locally

    As we've just replied to you by email (please try not to double-post) The fact that it does not work is external to RangerMSP because the service does not 'care' where it is called from and what's its IP address is. From our experience it is most likely a firewall issue - either the port for SSL is blocked or the httpS protocol over it is. Besides, restricting SSL is not currently an option.

    Hope this helps.

    Comment


      Re: SSL only works locally

      @ nattivillin I'm assuming you have made the necessary adjustment to your firewall to alow the traffic to flow on port 4962?
      Also what browser are you using?

      Answer to the second question is turn off port forwarding on 4961 in the firewall once everything is working

      Comment


        Re: SSL only works locally

        What specifically is the problem? Is it that you cannot login once you get to the logon page or is it that you cannot reach the logon page in the first place?

        Comment


          Re: SSL only works locally

          I didnt double post. If you meant dont email and post things, here, i did that for the benefit of the community since they cant read our emails.

          We had a slew of issues we had to fix. The primary fix to the problem listed here was a for formatting of the ip address in the ini file. We had the port at the end and commit said that was a nono. Even though that has worked for 5+ years, once we turned on the ssl, it no longer worked for whatever reason.

          The other issues we had were local DNS issues. When the request went out for the a record it had to be routed back to us and the internal dns servers didn't know how to translate the external ip of the building to the internal ip of the server. (or something like that).

          Commit suggested we add an entry to the local dns server so it worked on the lan as well and it did.

          We had to pay someone $200 to get this working for us. Apparently nobody on staff knows enough about certs to get it to work, and i was tired of having customers data flying over the wire unencrypted.

          Just thing about what target is going though right now. 70Million accounts compromised. 1/3 of the adult US population.

          If one of my clients got hacked and it was found out what we had all their information stored in a system that could be accessed unencrypted we'd be out of business.

          Now I just have to find a way to see failed login attempts without manually reading the log every day.

          Comment


            Re: SSL only works locally

            Hi Nattivillin, I thought I would share a script I use to email the failed logon attempts to me. It will only email new attempts each time as it logs each line of text scanned in the registry.
            I have marked the lines you need to edit clearly so you should all be able to work it out.
            copy and paste it to notepad, save it as a .vbs, set it as a scheduled task to run say every 5 minutes, MAKE Sure you execute it with administrative privileges or it wont be able to write to the registry.
            hope you enjoy:

            Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing", _
            cdoSendUsingPort = 2, _
            cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver"
            Const ForReading = 1

            Dim intStartAtLine, strFileCreateddate, i, strResults, strTextToScanFor

            'who are you mailing to?
            strMailto = "EMAILADDRESS GOES HERE"

            'default email address the message will be from
            strMailFrom = "EMAILFROMADDRESS GOES HERE"

            'set SMTP email server address here
            strSMTPServer = "MAILSERVER IP GOES HERE"

            'full path to the file you wish to monitor
            FileToRead = "\\SERVERNAME\<replace-with-the-path-to-the-failed-logins-log-file>"

            Set WshShell = WScript.CreateObject("WScript.Shell")

            On Error Resume Next
            strLastFileCheckedCreateDate = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\CreateDate")
            strLastFileLastLineChecked = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\LastLineChecked")

            On Error GoTo 0

            Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
            Set varFile = objFSO.GetFile(FileToRead)

            'add more text to scan for by adding ,"item" to the array below
            ' for example, to search for two strings:
            ' array("text1","text2")
            arrTextToScanFor = Array("Invalid User Name or Password","error")

            strFileCreateDate = varfile.datecreated

            If CStr(strFileCreateDate) = CStr(strLastFileCheckedCreateDate) Then
            'if the date when the current file was created DOES equal
            ' the date of the file that was checked last time - it's
            ' the same file.
            '
            'so, we would want to CONTINUE the search from where we
            ' last left off.
            'MsgBox "TEST!"
            intStartAtLine = strLastFileLastLineChecked


            ElseIf strFileCreateDate <> strLastFileCheckedCreateDate Then
            'if the date when the current file was created does not equal
            ' the date of the file that was checked last time - it's
            ' a new file that has been created.
            '
            'so, we would want to begin the search from the beginning of
            ' the file.

            intStartAtLine = 0

            End If

            i = 0
            Dim strNextLine
            'MsgBox intStartAtLine



            Set objTextFile = objFSO.OpenTextFile(FileToRead, ForReading)
            Do While objTextFile.AtEndOfStream <> True
            If i < CInt(intStartAtLine) Then
            objTextFile.skipline
            Else
            'MsgBox i
            strNextLine = objTextFile.Readline
            For each strItem in arrTextToScanFor

            If InStr(LCase(strNextLine),LCase(strItem)) Then
            strResults = strNextLine & vbcrlf & strResults
            'MsgBox strResults
            End If
            Next
            End If
            i = i + 1

            Loop
            'MsgBox strResults
            objTextFile.close

            set WshShell = CreateObject("WScript.Shell")
            WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\FileChec ked" , FileToRead, "REG_SZ"
            WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\CreateDa te", strFileCreateDate, "REG_SZ"
            WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastLine Chec ked", i, "REG_SZ"
            WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastScan ned" , Now, "REG_SZ"
            set WshShell = nothing

            If strResults <> "" Then Call sendmail(strMailFrom,strMailTo,"CommitCRM Web Failed Logon alert",strResults)

            '------------------------------------------------------------------------
            'Function EmailFile - email the warning file
            '------------------------------------------------------------------------
            Function SendMail(strFrom,strTo,strSubject,strMessage)
            Dim iMsg, iConf, Flds
            On Error GoTo 0

            '// Create the CDO connections.
            Set iMsg = CreateObject("CDO.Message")
            Set iConf = CreateObject("CDO.Configuration")
            Set Flds = iConf.Fields


            '// SMTP server configuration.
            With Flds
            .Item(cdoSendUsingMethod) = cdoSendUsingPort

            '// Set the SMTP server address here.
            .Item(cdoSMTPServer) = strSMTPServer
            .Update
            End With

            '// Set the message properties.
            With iMsg
            Set .Configuration = iConf
            .To = strMailTo
            .From = strMailFrom
            .Subject = strSubject
            .TextBody = strMessage
            End With

            'iMsg.HTMLBody = strMessage

            '// Send the message.

            iMsg.Send ' send the message.

            If CStr(err.number) <> 0 Then

            Else

            End If
            End Function

            Comment


              Re: SSL only works locally

              Which file is the actual one that logs the attempts?

              This is needed for line 18 of the script.

              \\server\commitcrm\logs\??

              Comment


                Re: SSL only works locally

                No. Please contact us by email for details.

                Comment


                  Re: SSL only works locally

                  Can you just email me? I know you have it on file.

                  Comment


                    Re: SSL only works locally

                    Please contact us by email directly. We do not share any security related topic otherwise and the email should be originated from you. Thank you.

                    Comment

                    Working...
                    X