2.       Choose “Continue to this website (not recommended)“.

 3. Click on “Certificate Error” beside the address bar and select view certificates.

If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as administrator and load the page again.

4. Once you have the install certificate button available, select “Install Certificate”.

5. This will launch the Certificate Import Wizard. Make sure to Choose the option “Place all certificates in the following store” and select browse.

7. Click Finish on Completing the Certificate Import Wizard

8. Click yes on the security warning to install the certificate

9. If you want to verify the Certificate has been installed you can load the certificates snap in and you should see it under Certificates –Current User-Trusted Root Certification Authorities-Certificates.

To serve pages and other resource via HTTPS, you must obtain and install a certificate for Secure Sockets Layer (SSL) on the IIS server. Normally you obtain the SSL certificate from a certificate authority (CA) that is generally recognized by browsers and other Internet-capable client software. If the certificate is issued by a CA that is recognized by the browser, the communication with the server occurs with no special action required by the user. Hence for production servers, obtaining a CA-issued certificate is highly recommended. See Obtaining and installing an SSL certificate from a certificate authority for information.

Once you have an SSL certificate installed, you can access Web pages and other resources on the server using HTTPS. If the resource carries sensitive information, it is recommended that you require clients to use HTTPS to use the resource. See Requiring the use of HTTPS for details.

For development and testing purposes, using a self-signed SSL certificate may be adequate. Browsers and other clients will not automatically accept such certificates and will display a warning message for the certificate. See Using a self-signed SSL certificate for details.

Determining whether a SSL certificate is installed

If you are not certain whether a SSL certificate is installed on your IIS Web server, follow the steps below.

1. Open Internet Information Services (IIS) Manager, from Control Panel – Administrative Tools.
2. In the left pane of IIS Manager, expand the tree to find your server, then Web Sites within your server, then Default Web Site. (If additional Web Sites have been created, you may need to apply these steps to the one where your ArcGIS Server instance website is installed.)
3. Right-click on Default Web Site and choose Properties from the context menu. The Properties window for the web site opens.
4. In the Properties of the website, click the Directory Security tab. Under the Secure communication section of this tab panel, if a View Certificate button appears, then an SSL certificate has been installed. If a Request Certificate button appears, then no SSL certificate has been installed.

Obtaining and installing an SSL certificate from a certificate authority

This section outlines the procedure for obtaining and installing an SSL certificate from a certificate authority (CA). For complete information, please consult your system administrator, outside consultant, or other resources on security. See this page at Microsoft for more information on using SSL in IIS: Using SSL to Encrypt Confidential Data.

1. Create a request for a certificate using IIS Manager. For instructions, see Request a Server Certificate. (This applies to Windows Server 2003. Other products may differ.)
2. Send the request to a recognized certificate authority. For a list of CAs that work with Microsoft software, see Microsoft Root Certificate Program Members.
3. Once you obtain the certificate, install the certificate into the IIS server. For instructions, see Install a Server Certificate. (This page applies to Windows Server 2003. Other products may differ.)

After the certificate is installed, clients can access pages and other resources using the HTTPS protocol. You can also require that HTTPS be used when accessing a resource.

If you later need to remove an SSL certificate, please refer to IIS documentation on tools such as HTTPCfg (for Windows XP/Server 2003) or netsh (for Vista/Server 2008).

SSL port on the Web server

SSL requests to the Web server are sent to a specific port on the server. A port (or TCP port) tells the destination machine what program will handle the request. By default, Web servers handle SSL requests on port 443. If the default port is used, then clients do not need to specify the port in the request. If a non-default port is set on the Web server, then URLs must include it, for example, https://gis.example.com:8443/mywebapp.

You can use a non-default SSL port for your IIS Web site, but you should set it before installing ArcGIS Server (specifically, the ArcGIS Server Web applications, or ArcGIS instance). If you install your ArcGIS Server instance, and then configure SSL to non-default port, you may need to update the SSL port value in ArcGIS Server. Likewise, if you change the SSL port after configuring security for your ArcGIS Server, then you will need to update ArcGIS Server with the new port number.

You only need to update the SSL port in ArcGIS Server if you have enabled or intend to enable security for GIS Web services, and the security will use tokens. The services security will use tokens if you store users in SQL Server or a custom provider.

To update the ArcGIS Server instance with a new or non-default SSL port number:

1. Using a text or XML editor, open the file <ArcGIS instance>\Security\web.config. The <ArcGIS instance> is typically the folder C:\Inetpub\wwwroot\ArcGIS, but if you have a different location for your IIS Web Site, or installed the ArcGIS Web applications to another name, locate the folder and use its Security folder.
2. In the security web.config, find this setting (your SSL port value may differ):<add key="SSLPort" value="443" />and change the value to to new SSL port number. Save and close the file.
3. If you have not yet configured security, you may skip the remaining steps for now. Otherwise, open ArcGIS Server Manager, log in, and go to Security-Settings. Click Configure in this panel.
4. Follow the wizard to configure security to the user and role location desired. Even if you have previously configured security, you need to repeat the process to have the new SSL port picked up.
5. After completing the security wizard, test access to your secured services to confirm that the settings have been applied correctly.

Requiring the use of HTTPS

You should require clients to use HTTPS to access Web pages and resources with sensitive data. This includes login pages but may also include whole Web applications.

Using HTTPS adds overhead to communications between client and server. Use or require HTTPS only for resources that should not be disclosed to third parties.

If you want to require HTTPS for an ArcGIS Server service or folder, you can use ArcGIS Server to require HTTPS. For details, see Requiring HTTPS for folders and services in the topic Securing Internet connections to services.

You can also use the IIS Web server to require HTTPS (SSL) for a Web application, Web page or other resource:

1. Start IIS Manager by opening Control Panel, then Administrative Tools, then Internet Information Services.
2. Expand the Web Sites node and, in turn, expand the Web site that contains the resource to restrict to HTTPS. By default, IIS serves sites in the Default Web Site. In the Web site, navigate through the tree to find the Web application, folder, Web page, or other resource you want to restrict to HTTPS.
3. Right-click the resource and choose Properties. The Properties dialog box opens for the resource.
4. Click the Directory (or File) Security tab. On this tab, in the Secure Communications area, click the Edit button. If this button is not available, then the IIS server does not have an SSL certificate installed. See the previous section “Obtaining and installing an SSL certificate from a certificate authority” to obtain and install a certificate.
5. On the Secure Communications dialog box that opens, check the box to Require secure channel (SSL).
6. Click OK to close this dialog box, as well as the Properties dialog box, for the resource. Close IIS Manager.
7. Test by attempting to retrieve the resource using http://. You should see a message that HTTPS is required. Retrieve the resource using https://.

Note that if clients request a page or resource via HTTP when it requires HTTPS, they are not automatically redirected to the HTTPS URL of the resource. It is possible to programmatically redirect such requests (search Internet resources for a variety of developer resources), but no out-of-the-box tools are available. Make sure your users are aware that they need to use https:// to access the resource.

Using a self-signed SSL certificate

For development and testing, a self-signed SSL certificate may be adequate. Using a self-signed certificate is not recommended for production sites. Browser users will see a security warning when loading a resource from a site that uses a self-signed certificate. You should not trust any self-signed certificate unless you are certain of the identity of the server and organization you are connecting to. In addition to browser issues, some server applications may have problems working with self-signed certificates. Some tips are included in the steps below for some server applications, but for other types of applications, you may need to install the certificate for the server in a way that the server and application recognize it.

Self-signed certificates can be generated in a number of ways. Consult texts on security, security experts, or Web sites for options.

On Windows Server 2008 and Windows Vista, the IIS Manager has a built-in tool for generating a self-signed SSL certificate.

For Windows Server 2003 and Windows XP, the following procedure uses the SelfSSL tool in the IIS 6.0 Resource Kit to create and install a self-signed SSL certificate.

1. Download and install the IIS 6.0 Resource Kit from Microsoft.Install at least the SelfSSL tool. Other tools are optional.This tool is supported on Windows Server 2003, Windows Server 2008 and Windows XP. Other platforms may require a different tool.
2. Run SelfSSL and install the certificate at the IIS machine:
   • a) On the IIS machine, click Start > Programs > IIS Resources > SelfSSL > SelfSSL. This opens a command prompt window to the SelfSSL location.
   • b) Type the command to create and install a certificate. This example creates a certificate good for 365 days, for the server as www.example.com, and which will be trusted by the local browser:

                SelfSSL /V:365 /N:CN=www.example.com /K:1024 /S:1 /P:443

                     /N:CN=<YOUR COMPUTER NAME OR DOMAIN NAME> (common name of the certificate)
                    /K:1024 (key length of the certificate)
                   /V:365 (validity of the certificate in days)
                  /S:1 (ID of the site to which the certificate needs to be installed)
                 /P:443 (SSL port)

   • c) Close the SelfSSL window by typing “exit” and pressing the Enter key.
3. Test the certificate by opening a browser and loading a page on the server using https://… You should get a warning that the certificate is not from a known certificate authority. Click to proceed, and the page should load normally.
4. If you will use secured ArcGIS services in a Web ADF application running on a different server, then you should import the certificate into the certificate store of the Local Computer. See the instructions below.

The certificate will only be recognized when requested with the name as specified with the N argument above (or the machine name, if N is not specified). For example, if the machine name “myserver” default is used and the client requests the page with the fully qualified domain name “myserver.example.com”, the client will warn that the name on the certificate does not match the request.
Installing the self-signed certificate on client computers

With a self-signed certificate, the client will display a warning at the start of each session with the server. If you create a Web ADF application that uses a secured service on a server with a self-signed certificate, the service may not work in the application. To avoid these security warnings and issues, you can export the certificate from the server and import it at client machines. This should only be done for internal test and development purposes, not for production sites. To export the certificate:

1. IIS Manager, open expand the tree and right-click Default Web Site and choose Properties.
2. In the Directory Security tab, and under Secure Communications, click View Certificate.
3. In the Certificate window, click Details tab, then Copy to File.
4. In the Certificate Export Wizard, accept all defaults (don’t export private key; use DER format), name the file (for example, mymachine-ssl-cert-export.cer), and click Finish. By default, the certificate file is put in \Windows\System32\inetsrv\, but you can save it to any location.
5. Share certificate with client machines, via e-mail, file share or on the Web server.

Once the certificate is available, import it at a client machine.

On Windows XP and Server 2003:

1. Obtain a copy of the certificate file produced earlier and save it locally.
2. Double-click on the .cer file to display certificate information.
3. Click Install Certificate.
4. In Certificate Import Wizard that opens, click Next.
5. In the Certificate Store panel of the wizard, choose where to install the certificate.
   • If the computer will only run client applications (ArcGIS Desktop or browsers), keep the option to “Automatically select the certificate store based on the type of certificate”.
   • If the computer is a Web server that will host .NET Web ADF applications, then click the option to Place all certificates in the following store. Then click the Browse button, and in the Select Certificate Store dialog that opens, check the option to Show physical stores. Expand the Trusted Root Certificate Authorities, and select the Local Computer folder. Click OK to return to the Certificate Import Wizard. (Note: If the computer will run client applications as discussed above, you should re-run the import wizard after finishing step 6, and choose to install the certificate using the automatically-select option.)
6. Click Next, then Finish. A message should display that the certificate import was successful. Close the Certificate dialog.

On Windows Vista or Server 2008:

1. Click Start, then click Run. In the Run command box, type mmc.exe and click OK. The Microsoft Management Console (MMC) will open.
2. In the MMC, click File, then Add/Remove Snap-in…
3. In the Add or Remove Snap-ins dialog, click on Certificates, then click the Add button.
4. In the Certificates snap-in dialog that opens, click My user account, then Finish.
5. Click OK in the Add or Remove Snap-ins dialog. The Certificates snap-in is added to the MMC window.
6. Expand the Certificates-Current User node, then expand Trusted Root Certification Authorities to see its Certificates sub-node.
7. Right-click on the Certificates node within the Trusted Root Certification Authorities and click All Tasks, then Import…
8. In the Certificate Import Wizard that opens, click Next, then in the File To Import panel, click Browse and navigate to the certificate file you saved locally. Select it in the Open-file dialog and click OK. The path and name are displayed in the File To Import panel.
9. Click Next. In the Certificate Store panel, verify that the option to Place all certificates in the following store is selected, and that the certificate store displayed is Trusted Root Certification Authorities. Click Next.
10. View the summary information for the certificate import, then click Finish.
11. If the computer is a Web server that will host .NET Web ADF applications, then repeat steps 2 through 10, but in step 4, choose Computer account instead of My user account.

Once you perform these steps, Internet Explorer and other IE-based clients can use https with the server without warnings. Browsers other than Internet Explorer may require a separate acceptance of the certificate.

If the GIS Web services will be access from an ArcGIS Server Java Web ADF application, you will need to install the certificate into the Java Manager’s Java Runtime Environment (JRE), using the keytool. Any redeployment of the application to a different Web server will require adding the certificate to the Web server’s JRE.

You are watching A video, and suddenly MegaVideo Says:
“You have watched 72Minutes of Video, Please wait 51 Minutes or click here to upgrade to Premium”

Isn’t it annoying?? If you are nodding your head now..

1. Use the best Proxy Site to bypass any IP blocking and assign a new IP for you,
                     I would recommend http://www.blockedass.com   as it is safe and secure.

No Spyware, Adware or bad links and its FREE

3. If you are a bit of a budget, here is a bug that I notice, it might not work all the time, but it’s worth a try: play it half way and wait for 5 minutes, and you should be able to Play till the end of the movie, I find that this is a bug that MegaVideo does not notice YET.

4. Download a software called AlwaysVPN. It is a proxy service presently in beta http://alwaysvpn.com/
It’s a software that allows you to change use their proxy to make it seem like your IP is changing. Just install the software, run it, right click the icon in your task bar and select the alwaysvpn-UDP and connect. You’ll connect to their servers and get an IP through there. Then between movies just go to the icon in the taskbar and select disconnect and then connect again to get a new IP and Megavideo thinks you are now coming from a new source resetting your time limitations.

5. Or what you can do is clear my private data (firefox) including cookies and everything. Then I just refresh the movie and go back to the part I was at. Its the easiest thing to do for me cuz all I do is press ctrl+shift+delete and it deletes all the temporary internet files.

6. If you can, restart your internet router or reset internet connection. then you´ll get a new IP and can watch the movie.

• On your Office PC

  1. Turn on File sharing on your office PC. (If not sure how, then see note no. 4 under “Advanced Topics” below).
  2. In Windows Explorer, select the drive you want to share, and enable sharing of that drive by right-clicking on it, then selecting “Sharing…”. (Win/NT and Win/2000 users: Click on “New Share” after selecting “Sharing…”) Assign it a “Share name” and “Password”. Please do not use a password that will be easy to guess, or you are opening your PC to attacks over the Internet. Please do not enable file sharing without a password under any circumstance. For extra security, use a “share name” different from the drive name itself. For example, use “C-drive” instead of just “C”. You can also choose to share just a single folder rather than an entire drive (see note 5 below under Advanced Topics). If you are unsure, please call Ravi for advice on security.  
  3. Note down or remember the “share name” and “password” you just created. You will need these from home. For this example, let us assume that the share name is “c-drive”
  4. Remember to leave your PC turned on at night so you can access it from home.
  5. If your office system is Win/NT or /2000 and your home system is Win/95/98/ME then you need to enable guest login – see note no. 7 below under Advanced Topics. 
• On your Home PC
  1. Dial-in and connect to the network using WiscWorld Connect (e.g.) (or via DSL or Cable Modem).
  2. Open a Command prompt (MSDOS) Window (hint: Start -> Programs -> Command Prompt (Win/95/98/NT) or Start -> Programs -> Accessories -> Command Prompt (Win/ME/2000))
  3. Enter the following command:
     NET USE G: \\phy-xxxxx.physiology.wisc.edu\c-drive
     where G: is an available drive letter, phy-xxxxx.physiology.wisc.edu is the IP name/address of your computer, and “c-drive” is the share name that was assigned above.
     (NT or win/2000 users: if you are connecting from an NT system to another NT system, you will have to provide a username also. The command should then be amended as follows:
     NET USE G: \\phy-xxxxx.physiology.wisc.edu\c-drive /user:yyyy
     where “yyyy” is the username on the remote system).
     If you get an error message then see the notes under Troubleshooting (below).
  4. If all goes well, you will be prompted to enter a password.
  5. When you enter the correct password, the office disk will be connected to your home PC with the drive letter G:, and the message
     The Command was completed successfully
     will appear in the command window.
  6. You can now terminate the command window by typing “Exit”
  7. The office disk (drive G:) can now be used like any other local drive (though slower).
  8. You can disconnect from the remote disk in one of the following ways:
     • Terminate the modem connection (i.e. hang up), or
     • Right-click on the G: drive in explorer and select “disconnect”, or
     • Open the Command Window and issue the command: NET USE G: /delete

   

• Advanced Topics/Troubleshooting
  1. If you get Error 3787 when you try the “NET USE…” command, then you need to change one setting in your Dial-up Networking options. Proceed as follows:
     • My Computer -> Dial-up Networking -> Wiscworld Connect
     • Select “Server Types” then look for “Advanced Options”
     • If the “Log on to network” option is not selected, then select it by clicking on the check box next to it.
     • Close all windows, reboot and re-connect to Wiscworld
     • You can now proceed with the “NET USE…” command.
  2. If you get a message asking you to type “NET USE /?” for help when you enter the “NET USE…” command, then you should examine the “NET USE…” command carefully for syntax errors. All spaces should be entered exactly as in the example.
  3. It is possible to automate the process of connecting to your office PC disk by entering the “NET USE…” command into a batch (.BAT) file, and simply running it by double clicking. Note that this introduces a slight security risk in that your disk password is stored in the batch file as plain text, but if you are the only one using the home computer then you can proceed as follows:
     • Start Notepad (Start -> Programs -> Accessories ->Notepad)
     • Enter the following command:
       NET USE G: \\phy-xxxxx.physiology.wisc.edu\c-drive zzzzz
       (or, for NT, NET USE G: \\phy-xxxxx.physiology.wisc.edu\c-drive zzzzz /user:yyyy)
       where “zzzzz” is the password you assigned to your “c-drive” on the work computer, and phy-xxxxx is the name of your work computer.
     • Use the “Save as..” option in Notepad to save the file with the above command to suitable folder on your hard disk (e.g. in c:\batch). The file saved must be given a name of the form *.bat (e.g. CONNECT.BAT)
     • Exit Notepad, start Explorer, browse to the folder where you saved the CONNECT.BAT, then drag it out with the right mouse button to your desktop, and select “Create Shortcut Here”. This will create a shortcut on your desktop, which you can rename if you like.
     • That’s all. From now on you can (after connecting to Wiscworld) connect to your office disk by simply double-clicking on the new shortcut.
  4. If you right-click on your office hard-disk in explorer, but do not see the “Sharing” item in the menu that pops up, it means that file sharing is not enabled on your computer, and you must enable it first as follows:
     Right-click on “Network Neighborhood”, then select “Properties”. Click on the menu bar named “File and Printer Sharing”, then make sure the box marked “I want to be able to give others access to my files” is checked. Then close all windows.
     Note that this should be done on your office computer, not the home computer, and is only necessary for Win/95/98 (and not on Win/NT/2000).
  5. If you try to share your CD-ROM drive but get an “access denied” or “share directory not available” error, then please consult the article on the following web page:
     http://support.microsoft.com/support/kb/articles/q172/5/20.asp
  6. You can make your (office) system more secure by enabling sharing of just a particular folder rather than the entire disk. This is done by first deciding which folder to share (e.g. a folder named c:\guest), then use explorer to locate that folder, then right-click on the c:\guest folder and select “Sharing” from the pop-up menu. Assign it a “share name” and “password” just as you would for an entire drive. The remaining steps are the same as above, the main difference is that only this folder (and all sub-folders within) will be accessible over the net, and the rest of your drive will not be.
  7. If your office PC is running Win/NT or Win/2000, and your home PC is running Win/95/98/ME, then you have to create a “guest” user on your office computer. This is because Win/9x/ME do not allow specification of a user name with the “NET USE…” command, and instead assume the username “guest”. To create a guest user on your office system, proceed as follows: (Note: the following is not needed if both office and home PC are running Win/NT or Win/2000)
     • Start user manager (Start -> Programs -> Administrative Tools -> User Manager)
     • If there is no username “Guest” in the list of users, then click on “User” from the top menu, then select “New User” and enter “Guest” in the username field. Uncheck the box marked “User must change password on next logon” and check the box marked “Password never expires”. Enter a non-trivial password in the fields labeled “Password” and “Confirm Password”. Finally click on the Add button to create the “Guest” username.

     After you have created the shared disk or folder for remote access (as described in step-2 above under “On Your Office PC”) you should enable guest access to that shared folder. This is done as follows:

     • Use Windows Explorer and right-click on the shared device and select “Sharing”.
     • Click on the button marked “Permissions”
     • If “Everyone” or “Guests” is in the list, then nothing needs to be added. If neither is in the list then use “Add” to add “Guests” to the list of users with access to the shared folder.
     • Click “OK” to close the sharing window.

     You should now be able to connect from Win/9x/ME computers by using the “NET USE G: \\phy-xxxxx.physiology.wisc.edu\share-name” command, and the password that you assigned to the “guest” user. (Note: replace “share-name” by the actual share name that you used).

Usually certain ports are always open, such 80, 443 and 21, so we will use one of this to connect home.
First of all, make sure you have the ssh server installed on your computer at home.

sudo vi /etc/ssh/sshd_config
look for the line Port 22 and change it to Port 443
*The port 443 is generally used by https, which is, in basic words, the encrypted web browser flow.

Let’s restart it sshd:
sudo /etc/init.d/ssh restart
and check if it works properly:
ssh your_user_name@127.0.0.1 -p 443

Next problem comes up since most ISP give you dynamic IPs and you don’t know what’s your home’s ip.
First go to www.dyndns.com, create an account and read their HOWTO to create a host name: https://www.dyndns.com/services/dns/dyndns/howto.html
Once it’s done we’ll work on ddclient, the dyndns client software.

sudo apt-get install ddclient

then let’s edit the configuration file

sudo vi /etc/ddclient.conf

and make it look like this:

pid=/var/run/ddclient.pid
protocol=dyndns2
use=web
server=members.dyndns.org
login=your_username
password=’your_password’
your_hostname.your_domain.com

Once it’s edited let’s restart it:

sudo /etc/init.d/ddclient restart

and check if it works with:

dig your_hostname.your_domain.com

Now check if the ip matches yours.

Now, install firestarter and allow TCP connections to port 443. I won’t describe this point because most users know about it.
Don’t forget to forward the 443 traffic from your router to the computer you want to control. If you’re connected using a USB modem you don’t need do to it.

Now, when you’re at office simply download Putty, which is a windows ssh client or use the terminal in MacOSx or Linux to connect home.
To connect just type:

ssh your_username@your_hostname.your_domain.com -p 443

or from Putty fill the connection form and you’ll be in.