irigsoft Posted October 22, 2021 Share Posted October 22, 2021 Hello. This is not exactly a problem with UNIGUI, but I can't use SSL in my StandAlone application. Here are my settings and error when starting the application. Error: I have not install nothing (certificates or something else). What I can do ? Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 First of all: you haven't enabled SSL (2nd property in your screenshot). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 56 minutes ago, likemike said: First of all: you haven't enabled SSL (2nd property in your screenshot). Hello, Is enabled on server start, but with Enable = True same error occur. Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 I suggest to put the PEM-files in the same directory as the main program. Especially the DLL-files have to be in the directory of the application. If that don't work try to use ssl\cert.pem instead of \ssl\cert.pem etc. (without the leading backslash). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 33 minutes ago, likemike said: I suggest to put the PEM-files in the same directory as the main program I try it, but no success. settings of server was: RootCertFile=root.pem and so on. "Especially the DLL-files have to be in the directory of the application." - they are there I will try with this: DLL files into sysWOW64 and this: If that don't work try to use ssl\cert.pem instead of \ssl\cert.pem etc. (without the leading backslash). Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 Are you sure, that the PEM-files are correct? A certificate has a maximum validation of 1 year. Your PEM-files are from 2018. Are you sure, you need a password? My certificate (generated with Commodo) doesn't need a password. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 4 minutes ago, likemike said: Are you sure, that the PEM-files are correct? A certificate has a maximum validation of 1 year. Your PEM-files are from 2018. Are you sure, you need a password? My certificate (generated with Commodo) doesn't need a password. I use test certificates with unigui. but message is not "Not valid certificate", there is "not such files...." :( Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 I'm sure, that the test certificates are not TLS1.2 compatible. They're only can be used with SSL v2 or v3. Best way is to get a certificate from ZeroSSL with free use (but has only 3 month validation). I've written a instruction how to get and implement it. On 3/9/2021 at 8:17 PM, likemike said: OK! I assume, your server is a Windows based computer (for ex. Windows 10). This tutorial depends on the free of charge SSL certificate from zerossl ( https://app.zerossl.com/dashboard ). a. Create an account on https://app.zerossl.com/dashboard b. Certificates->New certificate c. switch off CSR autogenerates d. insert your company etc. e. you have 3 possibilities to verify, that your are the owner of the domain f. (only needed, when you use dynamic IP service like Noip.com or DynDns) In this case you can only verify your domain with the HTTP-Upload method. Therefore you have to install a webserver on the host computer. So load and install XAMPP (https://www.apachefriends.org/de/index.html) and run it minimally (clear every hook possible ). Then forward port 80 in the router to your host computer IP. If an error occurs with port 443, set the listen port to “Listen 8078” in the file “c:\xampp\apache\conf\extra\httpd-ssl.conf” (line 36). Start xampp-control.exe and start Apache. Now copy the file created by ZeroSSL in the directory “c:\xampp\htdocs\.well-known\pki-validation” (the last two directories have to be created first) g. now perform the validation at zerossl. h. download the certificate now (Server=Default). i. unpack the certificate in your HyperServer-directory j. rename private.key to key.pem now you have to convert the CRT-files to x509 encryption k. install OpenSSL (https://sourceforge.net/projects/openssl/files/latest/download) l. start Win64-OpenSSL Command Prompt m. from the OpenSSL command line, switch to the hyperserver directory and call: openssl x509 -in certificate.crt -out cert.pem -outform PEM openssl x509 -in ca_bundle.crt -out root.pem -outform PEM n. then do a right-click on both CRT files and install the certificate (for local computer). o. because SSL-versions lower than TLS1_2 are rejected by modern browsers it's important to set in UniGui: SSL.SSLOptions.Method = sslvTLSv1_2 SSL.SSLOptions.SSLVersions = [sslvTLSv1_2] That's it. I recommend the use of NoIP.COM if you need a Dynamic IP-Service. It's free and easy to install. I hope, this helps a bit to handle the SSL-stuff with UniGui. Regards Mike 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 1 hour ago, likemike said: I'm sure, that the test certificates are not TLS1.2 compatible. They're only can be used with SSL v2 or v3. Best way is to get a certificate from ZeroSSL with free use (but has only 3 month validation). I've written a instruction how to get and implement it. searching on web for error, this is openssl problem https://www.google.com/search?q=system+library%3Afopen%3Ano+such+file+or+directory&ei=RKNyYaXIE6_87_UP6Yu4iAE&ved=0ahUKEwil-oTe993zAhUv_rsIHekFDhEQ4dUDCA4&uact=5&oq=system+library%3Afopen%3Ano+such+file+or+directory&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsANKBAhBGABQrIVEWKyFRGCKikRoAnACeACAAUKIAUKSAQExmAEAoAEByAEEwAEB&sclient=gws-wiz Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 If you use the default PEM-files from UniGui this could not be an OpenSSL problem, because the files are already created. Have you tried it with SSL v3 encryption? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 12 minutes ago, likemike said: If you use the default PEM-files from UniGui this could not be an OpenSSL problem, because the files are already created. Have you tried it with SSL v3 encryption? Sorry selecting SSL V3 make error: Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 No problem! But be aware, that SSL v3 isn't supported anymore (too low security). So the actual browsers won't classify this encryption as safe (no lock is displayed next to the URL). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 3 minutes ago, likemike said: No problem! But be aware, that SSL v3 isn't supported anymore (too low security). So the actual browsers won't classify this encryption as safe (no lock is displayed next to the URL). I am sorry but problem exist, SSL was disabled Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 I am sorry but even with SSL demo I have a problem starting SSL. Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted October 22, 2021 Share Posted October 22, 2021 1 minute ago, irigsoft said: I am sorry but even with SSL demo I have a problem starting SSL. The Demo use an old method (Open SSL) wich is not valid today. Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted October 22, 2021 Share Posted October 22, 2021 http://forums.unigui.com/index.php?/topic/15767-ssl/&do=findComment&comment=86771 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 23 minutes ago, Abaksoft said: The Demo use an old method (Open SSL) wich is not valid today. This is windows error , I cant get server to start. On my first try just enabled TLS_1_2 on my project and start but get erors. Now i try to start with SSL demo, but again errors ocurs. How do I try using SSL? Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 16 minutes ago, irigsoft said: I am sorry but even with SSL demo I have a problem starting SSL. If this is your file structure, then there must be no path in the PEM-files: (delete "\ssl\") Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 3 minutes ago, likemike said: If this is your file structure, then there must be no path in the PEM-files: (delete "\ssl\") No, I just start SSL demo . This are settings: files: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 I have copied files ssleay32.dll and libeay32.dll on Windows\SysWOW64 and Windows\System32 My Windows is 64bit Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 It seems to be, that you use an older UniGui-version. In my version (1551) there is one more property and the date of the DLL-files is 7 months newer (21.12.2019). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 2 minutes ago, likemike said: It seems to be, that you use an older UniGui-version. In my version (1551) there is one more property and the date of the DLL-files is 7 months newer (21.12.2019). Yes, version is a 1524. On VCL application I have no problem using them, but I can't understand why unigui can't find DLLs or certificates? Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 If you use HyperServer you might try to copy the DLL-files in the Hyperserver-directory. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 22, 2021 Author Share Posted October 22, 2021 18 minutes ago, likemike said: If you use HyperServer you might try to copy the DLL-files in the Hyperserver-directory. I do not use HyperServer. I have not installed openSSL. Searching the web, I found only this: https://github.com/lexik/LexikJWTAuthenticationBundle/issues/842 https://stackoverflow.com/questions/52787456/openssl-config-failed-error02001003system-libraryfopenno-such-process-in-ap All they say: remove OPENSSL_CONF, but there is no such configuration in the system variables. Do I need to install certificates (root.PEM) on Windows? Quote Link to comment Share on other sites More sharing options...
likemike Posted October 22, 2021 Share Posted October 22, 2021 OpenSSL is not necessary for UniGui apps. Only, if you create a new certificate, you'll need it once (see my instruction). It's not necessary to install the certificate in windows. Only the PEM-files have to be in the app-directory! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.