Jump to content

Problem with SSL root certificate

irigsoft

By irigsoft
in General

 Share

Recommended Posts

irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
33 minutes ago, likemike said:

I suggest to put the PEM-files in the same directory as the main program

I try it, but no success.

settings of server was: RootCertFile=root.pem and so on.

"Especially the DLL-files have to be in the directory of the application."  - they are there

I will try with this: DLL files into sysWOW64

and this: If that don't work try to use ssl\cert.pem instead of \ssl\cert.pem etc. (without the leading backslash).

Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
4 minutes ago, likemike said:

Are you sure, that the PEM-files are correct? A certificate has a maximum validation of 1 year. Your PEM-files are from 2018.

Are you sure, you need a password? My certificate (generated with Commodo) doesn't need a password.

I use test certificates with unigui.

but message is not "Not valid certificate", there is "not such files...." :(

Link to comment
Share on other sites
likemike Advanced Member

likemike

Posted
Posted

I'm sure, that the test certificates are not TLS1.2 compatible. They're only can be used with SSL v2 or v3.

Best way is to get a certificate from ZeroSSL with free use (but has only 3 month validation). I've written a instruction how to get and implement it.

 

On 3/9/2021 at 8:17 PM, likemike said:

OK!

I assume, your server is a Windows based computer (for ex. Windows 10).

This tutorial depends on the free of charge SSL certificate from zerossl ( https://app.zerossl.com/dashboard ).

a. Create an account on https://app.zerossl.com/dashboard
b. Certificates->New certificate
c. switch off CSR autogenerates
d. insert your company etc.
e. you have 3 possibilities to verify, that your are the owner of the domain
f. (only needed, when you use dynamic IP service like Noip.com or DynDns)
In this case you can only verify your domain with the HTTP-Upload method. Therefore you have to install a webserver on the host computer. So load and install XAMPP (https://www.apachefriends.org/de/index.html) and run it minimally (clear every hook possible ).
Then forward port 80 in the router to your host computer IP. If an error occurs with port 443, set the listen port to “Listen 8078” in the file “c:\xampp\apache\conf\extra\httpd-ssl.conf” (line 36). Start xampp-control.exe and start Apache.
Now copy the file created by ZeroSSL in the directory “c:\xampp\htdocs\.well-known\pki-validation” (the last two directories have to be created first)

g. now perform the validation at zerossl.
h. download the certificate now (Server=Default).
i. unpack the certificate in your HyperServer-directory
j. rename private.key to key.pem
   now you have to convert the CRT-files to x509 encryption
k. install OpenSSL (https://sourceforge.net/projects/openssl/files/latest/download)
l. start Win64-OpenSSL Command Prompt
m. from the OpenSSL command line, switch to the hyperserver directory and call:

  • openssl x509 -in certificate.crt -out cert.pem -outform PEM
  • openssl x509 -in ca_bundle.crt -out root.pem -outform PEM

n. then do a right-click on both CRT files and install the certificate (for local computer).
o. because SSL-versions lower than TLS1_2  are rejected by modern browsers it's important to set in UniGui:

  •   SSL.SSLOptions.Method = sslvTLSv1_2
  •   SSL.SSLOptions.SSLVersions = [sslvTLSv1_2]

That's it. I recommend the use of NoIP.COM if you need a Dynamic IP-Service. It's free and easy to install.

I hope, this helps a bit to handle the SSL-stuff with UniGui.
Regards
Mike

  • Thanks 1
Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
1 hour ago, likemike said:

I'm sure, that the test certificates are not TLS1.2 compatible. They're only can be used with SSL v2 or v3.

Best way is to get a certificate from ZeroSSL with free use (but has only 3 month validation). I've written a instruction how to get and implement it.

 

searching on web for error, this is openssl problem

https://www.google.com/search?q=system+library%3Afopen%3Ano+such+file+or+directory&ei=RKNyYaXIE6_87_UP6Yu4iAE&ved=0ahUKEwil-oTe993zAhUv_rsIHekFDhEQ4dUDCA4&uact=5&oq=system+library%3Afopen%3Ano+such+file+or+directory&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsANKBAhBGABQrIVEWKyFRGCKikRoAnACeACAAUKIAUKSAQExmAEAoAEByAEEwAEB&sclient=gws-wiz

Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
3 minutes ago, likemike said:

No problem! But be aware, that SSL v3 isn't supported anymore (too low security). So the actual browsers won't classify this encryption as safe (no lock is displayed next to the URL).

I am sorry but problem exist, SSL was disabled

Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
23 minutes ago, Abaksoft said:

The Demo use an old method (Open SSL) wich is not valid today.

This is windows error , I cant get server to start. On my first try just enabled TLS_1_2 on my project and start but get erors.

Now i try to start with SSL demo, but again errors ocurs.

How do I try using SSL?

Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
2 minutes ago, likemike said:

It seems to be, that you use an older UniGui-version. In my version (1551) there is one more property and the date of the DLL-files is 7 months newer (21.12.2019).

Yes, version is a 1524.

On VCL application I have no problem using them, but I can't understand why unigui can't find DLLs or certificates?

Link to comment
Share on other sites
irigsoft Advanced Member

irigsoft

Posted
  • Author
Posted
18 minutes ago, likemike said:

If you use HyperServer you might try to copy the DLL-files in the Hyperserver-directory.

I do not use HyperServer.

I have not installed openSSL. Searching the web, I found only this:

https://github.com/lexik/LexikJWTAuthenticationBundle/issues/842

https://stackoverflow.com/questions/52787456/openssl-config-failed-error02001003system-libraryfopenno-such-process-in-ap

All they say: remove OPENSSL_CONF, but there is no such configuration in the system variables.

 

Do I need to install certificates (root.PEM) on Windows?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...