SSL Certificate for stand alone IW Server - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html) +--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html) +---- Forum: English (https://www.atozed.com/forums/forum-16.html) +----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html) +----- Thread: SSL Certificate for stand alone IW Server (/thread-3021.html) Pages:
1
2
|
SSL Certificate for stand alone IW Server - rudyPos - 02-10-2023 I have a stand alone IW web server not associated with a IIS web server for example. I have successfully used a self signed certificate created with the IWCertificateManager.exe. In the browsers used there is the warning (error) message stating the web site is unsafe (self signed cert). Allowing the exception then proceeds to the web page(s) and all is well. I recently decided to use a proper SSL certificate (Sertigo in my case) and I was able to use the certificate files successfully in the application, HOWEVER now the browser produces a warning (error) message that the web site is unsafe because the certificate is for a domain, not 127.0.0.1 for example (allow exception etc). Tech support for Sertigo indicated in that case a self signed certificate can be used. I know cyber security is paramount so I am asking what am I missing? Most notes I read about self signed certificates is that they are not to be used 'in production'. Some other posts here on this forum I saw comments that the IWCertificateManager.exe is shipped with other IW applications. How is that carried out at the end site? I do not think you can get proper SSL Certificate without a domain (a.com or www.a.com). I saw that the more expensive certificates allow "more" wildcards for the domain parameter(s) but I do not think that is what is needed for a stand alone IW app. Any comments or guidance is greatly appreciated. I stand alone... RE: SSL Certificate for stand alone IW Server - joelcc - 02-17-2023 When you generate a certificate you need to generate it for a specific domain. For example: www.yourdomain.com. Then you need to setup your dns records for this domain (that you purchased) to point to your "public" ip address of the IWserver. (This is usually done through a firewall.) Then all of the users should use www.yourdomian.com to get to your iwserver. RE: SSL Certificate for stand alone IW Server - Alexandre Machado - 02-21-2023 Rudy, You are correct. Self-signed certificates can be only used for development, i.e. testing of your application while you can still use the HTTPS protocol to see how it behaves. But it can't be used in production. As Joe mentioned above, you need to point your domain (one that you probably have registered as www.yourcompany.com) and point it to the server IP address (the one where the IP application is running on). Then, whenever you type www.yourcompany.com the Internet DNS servers will resolve that to your server IP (although the request doesn't contain any IP address, only the name of the server). Then the certificate will be correctly accepted by the browser). RE: SSL Certificate for stand alone IW Server - Alexandre Machado - 02-21-2023 BTW, there is an extensive document here showing how to create a production-ready SSL Certificate for your IW applications (also for Indy-based SA applications) https://www.atozed.com/2022/11/creating-and-installing-a-certificate-for-your-intraweb-http-sys-applications/ RE: SSL Certificate for stand alone IW Server - rudyPos - 02-22-2023 Thank you for all your feedback, I have seen the link referred to and used the instructions with success. My environment is an Intraweb stand alone app not connected to the Internet, and the "domain" of the certificate will certainly not be available on the PC running the Intraweb stand alone app. Is there a way on the internal network that has it's own "domain" but not the "domain" in the certificate to make it work? Do many different certificates need to be generated for use on many different internal networks? I do not understand something... best regards RE: SSL Certificate for stand alone IW Server - DanBarclay - 02-22-2023 (02-21-2023, 11:53 PM)Alexandre Machado Wrote: BTW, there is an extensive document here showing how to create a production-ready SSL Certificate for your IW applications (also for Indy-based SA applications) FWIW, inside the download zip the exe internal file version (Properties|Details) for 1.0.0.3 reads 1.0.0.2. (a nit that nobody else will care about but thought I'd mention it...) https://www.atozed.com/intraweb/certmanager/ Dan RE: SSL Certificate for stand alone IW Server - Сергей Александрович - 03-25-2023 Good afternoon, Alexander. I'm trying to implement a secure connection on a CA application. I did everything according to the manual https://www.atozed.com/intraweb/certmanager / . SSLOptions .Port = 443, CertFileName, KeyFileName, RootCertFileName – specified . SA server starts without errors. The connection on port 80 is successful, but an error message is displayed when attempting a secure connection: https://stk-b.ru / - not protected NET::ERR_CERT_AUTORITY_INVALID Maybe somewhere in the server parameters need to install something? The browser shows an error : Invalid certificate Common Name (CN) stk-b.ru Organization (O) <Is not part of the certificate> Department (OU) <Is not part of the certificate> Common name (CN) (STAGING) Artificial Apricot R3 Organization (O) (STAGING) Let's Encrypt Department (OU) <Is not part of the certificate> Date of issue Saturday, March 25, 2023 at 16:36:39 Valid on Friday, June 23, 2023 at 16:36:38 RE: SSL Certificate for stand alone IW Server - Сергей Александрович - 03-27-2023 Many files have been created in the acmeconfig directory. Please specify which ones should be specified in the parameters of the Indy SA server. (TIWSSLOptions) (TIWSSLCertificateOptions) CertFileName KeyFileName RootCertFileName I'm sorry for the stupid question, but what I'm doing does not lead to a result. (secure connection is not working) RE: SSL Certificate for stand alone IW Server - ioan - 03-27-2023 (03-27-2023, 06:39 AM)Сергей Александрович Wrote: Many files have been created in the acmeconfig directory. Please specify which ones should be specified in the parameters of the Indy SA server. I never used the Atozed Certmanager, but if it works just like the win-acme, then you should have the following files: stk-b.ru-key.pem stk-b.ru-crt.pem stk-b.ru-chain.pem And here is how you use them: CertFileName := 'stk-b.ru-crt.pem' KeyFileName := 'stk-b.ru-key.pem' RootCertFileName := 'stk-b.ru-chain.pem' RE: SSL Certificate for stand alone IW Server - Сергей Александрович - 03-28-2023 thank you for participating. Yes, that's right, that's what I'm doing... It seems that the problem is not how I specify the keys, but in the Windows settings.... |