Forums

  • 1

    SSL Visibility appliance deployment

    Posted on Jan 10 2018, 7:25 PM Last Updated on Mar 29 2018, 9:47 PM

    by kgotla Makwepa 0

    Hi, 

    I work for wholesale Internet service provider, we dont authenticate (no digital certs) our clients since we provide them with transport only. How can we deploy SSLV appliance to inspect ssl traffic passing through us.

    BR

    Read More

    • DigiCert SSL TLS Certificates
    • Not Applicable
    • Products
  • 0

    New features in SSLV 4.2.2

    Posted on Jan 05 2018, 4:29 AM Last Updated on Mar 30 2018, 4:09 PM

    by Tim Murphy 1

    Over the holidays the SSL Visibility team released software version 4.2.2 enabling new features, keeping pace with customer demand.  There are several enhancements, but here are a few that stood out:

    HSM Support

    A Hardware Security Module (HSM) provides additional security for storing cryptographic keys and certificates. The SSL Visibility Appliance (SSLV) can use a network-attached HSM appliance to store resigning CA keys, and to perform digital signature operations. The SSL Visibility Appliance interacts with an HSM on its management interface. SSLV exchanges signing requests and responses with the attached HSM appliance, over HTTPS.

    Once mutually authenticated with the HSM, SSLV can send certificate digests to the HSM so that the HSM can sign these using the Intermediate CA private key that is stored in the HSM. The digitally signed digest is then returned to SSLV for inclusion in the re-signed server certificate that is sent to the client. SSLV can be configured to access multiple HSM devices for resiliency and an individual HSM device may be accessed by multiple SSLV appliances and if needed by ProxySG devices as well.

    Asymmetric Traffic

    Asymmetric Traffic enables where the packets for both directions of a network flow are seen on different network interfaces on the SSL Visibility Appliance. Asymmetric routing is the normal use case for asymmetric segments. This is where the network for management reasons decides to route traffic so that inbound and outbound packets are sent over different paths. Using an asymmetric segment to support situations where a customer is using Link Aggregation to bond two links together to provide higher bandwidth.

    IPS/ProxySG Segments

    SSLV now supports the creation of a ProxySG Segment that enables customers to extend an additional active appliance on either side of a proxy within a single segment. This new segment allows a device such an IPS (Intrusion Prevention System) to be used in conjunction with a proxy without the need for decryption and re-encryption on each inter-device hop.

    This is significant as it is often desirable to process network traffic through multiple different security appliances amortizing the cost of SSL decryption service across multiple heterogeneous devices. As new value-added services require tighter, and in cases, custom integration with each device, supporting dedicated physical interfaces to each device becomes the next architectural step. 

    Last release (4.2.1) gave us TLS 1.3 support for draft 18-21. Now with the new features in 4.2.2, you may want to update your software today.  If you have any questions, please contact your Symantec account team.

    Read More

    • DigiCert SSL TLS Certificates
    • Products
  • 0

    Code signing - best practices

    Posted on Oct 04 2017, 9:23 PM Last Updated on Oct 04 2017, 9:23 PM

    by Tom Schleyer 0

    What is the best practice for signing someone else's software?  We sell a product developed and branded for us by another company, but we sign the installers.  Is there

    any risk in doing this? (e.g. legal issues, certificate revocation)

    Read More

    • Products
    • Code Signing Certificates for Microsoft Authenticode
  • 0

    Regarding Code Signing Certificate in installshield...

    Posted on Jun 18 2017, 11:05 AM Last Updated on Jun 19 2017, 5:36 AM

    by Bhushan Inamdar 0

    Hi, 
    Requesting some basic info regarding including the code signing certificate in the installshield 2013 to sign our setup.exe file. We had a certificate from Symantec and/or Verisign that expired a few days ago. We believe that the earlier certificate used for code signing was SHA1 based and we had the .pfx for it. We could easily include it in installshield to sign our setup.exe file. So we got a new certificate from them which is a SHA-256 cert from Symantec. However, they won't release the private key. Hence we cannot generate a. pfx file which used to include in our installshield. They say that, here on who ever wants to do the code signing using installshield needs the dongle attached to the computer to get the private key verification done. I don't quite understand what they mean. However, it is clear that they want us to connect with the dongle for private key verification. So if I do not have the pfx file, how can I achieve code signing using installshield 2013? I also read on the Web that the support for SHA-256 certs was not available in 2013 and that one would have to migrate to 2015 or above to do something of that sort. So our team has hit a roadblock with this stupid thing and that our automated build process is failing. 
    Hence, request you to provide me any pointers as to how can we get this thing done. 
    Thanks and Regards, 
    Bhushan

    Read More

    • Windows 10
    • Products
    • Code Signing Certificates for Microsoft Authenticode
  • 0

    HSTS problem on one computer, can it happen on other?

    Posted on May 25 2017, 9:12 AM Last Updated on Mar 30 2018, 4:10 PM

    by Milos Stojanovic 0

    Hello, I have a problem maybe someone here can help me out with.

    We host websites on dedicated Linux server and use Letsencrypt for SSL.

    That works fune, but on bosses Chrome he is getting an SSL error and a warning that "the website uses HSTS" which prevents him from simply going Advanced->visit website. If he deletes a domain at chrome://net-internals/#hsts it works fine, but we have a file sharing system (Owncloud 9) at /files subfolder which still didn't work until he deleted domain.com/files at same screen, and still he wasn't able to log on, as after logging on he was shown same error screen.

    The error shows only on his computer and it is Chrome related as everything works fine on Mozilla.

    What we would like to know is this: is there a chance that someone else, like a random website visitor or a customer who may try to use shared link, may run into same problem, which would look bad (as it is a SSL error which prevents from viewing a website) and is there something I can look into to fix that server side? Thanks in advance.

    Read More

    • DigiCert SSL TLS Certificates
    • Linux
    • Products
  • 0

    Problem Socket_Error

    Posted on May 05 2017, 5:18 PM Last Updated on May 05 2017, 5:52 PM

    by VISHAL MUSKU 0

    Hi,

    I am trying to run the SDK code DotNetAPICheck.cs. 

    Used 127.0.0.1 as IP and default port 1344,  but I am getting error  ERR_SOCKET_ERR.
    at com.symantec.scanengine.api.testObj.Scan(fileForScan);

    Request you to guide. Awating for your valuable response.

    Regards,
    Vishal

    Read More

    • Products
    • Secure App Service
    • Windows 7
  • 0

    Error while trying to sign APK

    Posted on Apr 25 2017, 10:24 AM Last Updated on Apr 25 2017, 12:18 PM

    by Beket Kalkabekov 0

    Hi, 

    we are using Code Signing for Android cloud service, while trying to sign Uploaded APK, getting next error "Signing of your selected files has failed. This may be due to a selection of a file that is of a type that is not valid for the signing service, or the file is not formed correctly."

    Then I try to sign another unsigned APK , which was successfully signed before in november 2016, and get same error "Signing of your selected files has failed...."

    What can be wrong?

    Read More

    • Products
    • Code Signing for Android
    • Windows 7
  • 0

    New server and new domain blacklisted

    Posted on Mar 16 2017, 3:33 PM Last Updated on Mar 16 2017, 3:33 PM

    by max 1

    I've registered a new server and a new domain, tried to make usage of Always On SSL and found out: 

    I've been blacklisted. Why and how? I do not even get the information on why I've been blacklisted. 

    The domain name is peter-und-petra.de. No "bank" or "pay" in it, which might have caused this. 

    My hoster is telling me that they wont give me any other certificate and that Symantec doesn't whitelist a false positive blacklisted domain. Is this true? 

    How can I use the AlwaysOnSSL now? 

    Read More

    • Products
    • DigiCert Code Signing
    • Symantec Website Security
  • 15

    code signing certificate bind with .exe

    Posted on Feb 20 2017, 12:04 PM Last Updated on Oct 20 2017, 9:13 PM

    by Upendra Singh 1

    we issue code signing certificate to user .

    how to bind code signing certificate with .exe

    what is requirement of binding code signing certs with .exe

    Read More

    • Products
    • DigiCert Code Signing
  • 2

    Code Signing certificate installation

    Posted on Jan 11 2017, 11:10 AM Last Updated on Jan 11 2017, 2:13 PM

    by Upendra Singh 2

    Dear All  

    I Have code signing licence and register follow these steps . But i have not received link to access pki portal so please guide me which steps follow .

    i have received one registration confirmation mail from licence portal. 

    1. Access the  URL:
      https://my.symantec.com
    2. Register  to MySymantec Symaccount with appropriate credentials
    3. Go to "Licensing" tab at the top of the screen
    4. New and Renewal Purchase
    5. Enter the “M” Serial number from the License Certificate
    6. Click Submit
    7. Click Next
    8. Enter Technical Contact 
    9. Click Complete Registration  

    I have purchased 6 Code signing Server &  160 client licence. How to Implement these licence pls guide me step by step.

    Read More

    • Products
    • Windows Server 2012
    • DigiCert SSL TLS Certificates
    • Symantec Website Security
7 pages