sicoobcooplivre Posted March 31, 2022 Share Posted March 31, 2022 Good Morning! I'm using Delphi 10.3 and uniGUI uniGUI Personal 1.90.0.1549 When I use the SSL demo to study how to use SSL certificate, it gives the error ssl.exe: 00000EAC: 08:17:20 [Indy]:EIdOSSLUnderlyingCryptoError : Error accepting connection with SSL. error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown : Addr: $00790FB7 Does anyone have any idea what could be wrong to help me? Thank you very much! Quote Link to comment Share on other sites More sharing options...
Sherzod Posted March 31, 2022 Share Posted March 31, 2022 Hello, ? Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted March 31, 2022 Author Share Posted March 31, 2022 Sorry, I read your answer but didn't understand! I'm testing in Edge and it doesn't work, the same error! Is there any configuration I should do to make SSL work? Thank you! Quote Link to comment Share on other sites More sharing options...
Sherzod Posted March 31, 2022 Share Posted March 31, 2022 Do you have a self-signed certificate? Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted March 31, 2022 Author Share Posted March 31, 2022 Yea! My scenario is the following: I created my application for intranet! I followed the uniGUI manual to create the SSL certificate. I tested it some time ago on the SSL Demo, and I remember that it worked right away. Now the need arose for me to configure the application to work with SSL. I went to compile the demo again to test, and it gives me the error I said! I already updated the dlls libeay32.dll and ssleay32.dll but nothing helped! Can you help me? Thank you! Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted March 31, 2022 Author Share Posted March 31, 2022 @Sherzod would you please have any idea how I can configure it to work? Thank you! Quote Link to comment Share on other sites More sharing options...
Sherzod Posted March 31, 2022 Share Posted March 31, 2022 Errors only in debug mode? Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted March 31, 2022 Author Share Posted March 31, 2022 The error appears both in Debug mode and running! I really need to make it work for my intranet application! Do you have another idea of what I can do? Thank you! Quote Link to comment Share on other sites More sharing options...
Sherzod Posted March 31, 2022 Share Posted March 31, 2022 3 minutes ago, sicoobcooplivre said: The error appears both in Debug mode and running! Release mode? Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted March 31, 2022 Author Share Posted March 31, 2022 Yes! Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted March 31, 2022 Share Posted March 31, 2022 10 hours ago, sicoobcooplivre said: Good Morning! I'm using Delphi 10.3 and uniGUI uniGUI Personal 1.90.0.1549 When I use the SSL demo to study how to use SSL certificate, it gives the error ssl.exe: 00000EAC: 08:17:20 [Indy]:EIdOSSLUnderlyingCryptoError : Error accepting connection with SSL. error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown : Addr: $00790FB7 Does anyone have any idea what could be wrong to help me? Thank you very much! http://forums.unigui.com/index.php?/topic/15767-ssl/&do=findComment&comment=86771 Quote Link to comment Share on other sites More sharing options...
picyka Posted March 31, 2022 Share Posted March 31, 2022 10 hours ago, sicoobcooplivre said: Bom Dia! Estou usando Delphi 10.3 e uniGUI uniGUI Personal 1.90.0.1549 Quando uso a demonstração SSL para estudar como usar o certificado SSL, dá o erro ssl.exe: 00000EAC: 08:17:20 [Indy]:EIdOSSLUnderlyingCryptoError : Erro ao aceitar conexão com SSL. erro: 14094416: rotinas SSL: ssl3_read_bytes: certificado de alerta sslv3 desconhecido: Addr: $ 00790FB7 Alguém tem alguma idéia do que pode estar errado para me ajudar? Muito obrigado! I sent a private message Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted April 1, 2022 Author Share Posted April 1, 2022 @picykaThanks Even running in non-debug mode gives the same error! Gives the same error in Edge, IE, Firefox! Is there any solution? Thanks for listening! I'm Brazilian yes! Pleasure! Quote Link to comment Share on other sites More sharing options...
picyka Posted April 1, 2022 Share Posted April 1, 2022 2 minutes ago, sicoobcooplivre said: @picykaThanks Even running in non-debug mode gives the same error! Gives the same error in Edge, IE, Firefox! Is there any solution? Thanks for listening! I'm Brazilian yes! Pleasure! Passei meu contato no privado. Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted April 1, 2022 Share Posted April 1, 2022 5 hours ago, picyka said: Passei meu contato no privado. Hello, From google : "When you use a self-signed SSL certificate, browsers cannot verify its authenticity. This means that the browser will detect an invalid SSL certificate and display a warning message to indicate the problem to users.15 déc. 2021" Perhaps in the past, it was validate and used for unigui demo, today it is nomore used. You have to buy a genium SSL from a known auhtority. You can try with somme cheaper SSL. Quote Link to comment Share on other sites More sharing options...
sicoobcooplivre Posted April 4, 2022 Author Share Posted April 4, 2022 Thank you, I will study here! Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted May 20, 2023 Share Posted May 20, 2023 Dears, I am developping an intranet Unigui application for SuperMarket : The purpose is to Scan BarCode from manager Smartphone Camera, in real time for Inventory. As the camera requires SSL, the URL will be a classical local Server IP adress like : https://192.168.1.5:8077 ( Customer server = 192.168.1.5 ) OK, we can buy Certificate from authority or get a free one, but in this case, supermarket customers have no internet. So, it's not possible to attribute a Domaine Name in intranet https://www.mysupermarket.com So, I give up ... The solution will be a Self Signed Certificate (with IPAdress). But all browsers reject this certificate. I googled and found how to export / import for accepting Certificate, but not work with the Unigui Farshad DEMO SSL. Any idea ? Thx. Quote Link to comment Share on other sites More sharing options...
Sherzod Posted May 20, 2023 Share Posted May 20, 2023 3 hours ago, Abaksoft said: The solution will be a Self Signed Certificate (with IPAdress). Hello, Can you please clarify? First of all, were you able to generate a self-signed certificate with an IP address? Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted May 21, 2023 Share Posted May 21, 2023 8 hours ago, Sherzod said: Hello, Can you please clarify? First of all, were you able to generate a self-signed certificate with an IP address? Thank you Sherzod. On customer Server, with OpenSSL as describe on unigui developer manual, and SSL Demo, No more. In other words, how can we run an SSL unigui app in local network (without internet) ? Thx. Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted May 24, 2023 Share Posted May 24, 2023 Dears, I was finally able to do something: If one day, you will have to develop an Unigui app: - Under local network, - Without Internet, - Which requires an SSL (example Scann Camera) Then read the following: I thought, wrongly to create "Self Signed Certificate". Today, most of browsers reject them. So, after 3 days search, I understood that it was necessary to use another technic : Create a localhost Certificate by mkcert This is inspired by (thx to the Author) : https://technixleo.com/create-locally-trusted-ssl-certificates-with-mkcert-on-windows OK...Step by Step : 1. Installing mkcert on Windows 1.1 mkcert can be installed by Chocolatey To install Chocolatey, you must first ensure the Policy AllSigned Open PowerShell as Admin Get-ExecutionPolicy if Restricted then : Set-ExecutionPolicy AllSigned 1.2 To install Chocolatey see https://chocolatey.org/install In PowerSehlle type (in a single line): Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) 1.3 install mkcert In PowerSehlle type: choco install mkcert The mkCert Directory (by default) is: C:\Users\...\AppData\Local\mkcert 2. Generate my 2 pem files In PowerSehlle type: mkcert -install This will generate 2 files in C:\Users\...\AppData\Local\mkcert: rootCA.pem rootCA-key.pem 3. Generate a localhost.p12 Certificate In PowerSehlle type: mkcert -pkcs12 localhost This will generate localhost.p12 certificate which will be in the PowerShell directory, ie: ..\System32 4. Import the localhost Certificate Touche Win + R key: mmc File > Add > Certificates > Add Computer account local computer OK Right click / on WEB Hosting Certificates > All Tasks Machine Room Select localhost.p12 Certificate Next specify the password (default): changeit Check: Key Exportable Place of the Certificate on : Web Hosting (dépend on your windows langage : example for french : Hébergement Web) This will create 2 Certificates (in Web Hosting): - localhost - mkcert myDESKTOP-xxx 5. Project Unigui Requires 3 files: cert.pem key.pem root.pem Do not use root.pem = rootCA.pem ( C:\Users\...\AppData\Local\mkcert ) key.pem = rootCA-key.pem ( C:\Users\...\AppData\Local\mkcert ) wich are generated by mkcert. Use instead the new 3 files, obtained online (by converting the p12 file in a new global pem file) 5.1 Split localhost.p12 into 3 Files You can obtain the 3 files via a conversion of the Certificate: localhost.p12 Use Online: https://www.sslshopper.com/ssl-converter.html - Upload the Certificate File: localhost.p12 - indicate the type: PFX/PCKC#12 - Convert To: Standard PEM - Password: changeit You will get global File, containing 3 blocks : start ...end Separate them with Notebook, and save them into 3 files: The first = cert.pem The second = root.pem The third = key.pem 5.2 Compile your project and run it : https://localhost:8077/ is Secure Have fun... ___________________ PS: if you are interesting by an easy way to scan BareCode via your Android device (wich requires an SSL url) you can use Falcon Store - Components Delphi from our Friend Marlon. Very fast and light ! http://forums.unigui.com/index.php?/topic/11359-falcon-store-components-delphi-httpsstorefalconsistemascombr/#comment-60260 4 2 Quote Link to comment Share on other sites More sharing options...
Sherzod Posted May 25, 2023 Share Posted May 25, 2023 Thank you! 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted May 25, 2023 Share Posted May 25, 2023 We win the first half of the match. Remains the second half : Using our SSL on Android via wifi. All google topics say that it's enough to import this p12 Certificat on the Mobile (Android device). I tried....But steel the cadet no Secure appears As i launch the app from my Mobile like : https://192.168.1.11:8077 and not https://localhost:8077 - So, I created a new p12 Certificat (only on server) 192.168.1.11.p12 - And test it first, on my others windows PC (local network) : just import it as described on step 4 above : Touche Win + R key: mmc ) Then Open browser with : https://192.168.1.11:8077 And....Yes the cadet is Secure. - But when i did the same on Android....Humm......Not secure I saw many google search : "importing trust certificate on android phone" No result Any help is welcome Thx Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted May 26, 2023 Share Posted May 26, 2023 On 5/20/2023 at 8:53 PM, Abaksoft said: So, it's not possible to attribute a Domaine Name in intranet https://www.mysupermarket.com Yes it is possible Solution : 1. Edit the host file : c:\windows\system32\driver\ets\host 2. Add this line for example: 192.168.1.11 mysite.com save it (192.168.1.11 is your local server) 3. Do the same on all your PC local machines. 4. Create on your server a p12 Certificate for mysite.com (as described above step3 + 4) powershell > mkcert -pkcs12 mysite.com 5. Install it on both : your server and client PC 6. Run your app from all local pc : https://mysite.com is secure ____ PS: don't ask me for mobile device (android). I don't know... 2 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted June 25, 2023 Share Posted June 25, 2023 In a previous topic, we saw how to create a Self Signed Certificate with mkCert and trusted it with mmc. That works fine but havy method ! Here we will see an other method much easier : OK, Step by Step : 1. install the latest OPENSSL 2. Prepare a conf file (NotePad) : [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = XX stateOrProvinceName = N/A localityName = N/A organizationName = Self-signed certificate commonName = 120.0.0.1: Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names [alt_names] IP.1 = 192.168.1.11 2. Save it as C:\Program Files\OpenSSL-Win64\bin\san.cnf - Replace IP.1 variable by your IP adress (local machine) - if you want DNS instead of IP, replace the Section [alt_names] by : [alt_names] DNS.1 = mywebsite1.dev DNS.2 = mywebsite2.dev On a local network, without internet, mywebsite1.dev should be defined on C:\Windows\System32\drivers\etc\hosts file : 192.168.1.11 mywebsite1.dev 3. Create your 3 .pem files (like Unigui doc) but with this conf : 3.1. cmd as admin cd C:\Program Files\OpenSSL-Win64\bin openssl genrsa -out root.key 2048 openssl req -x509 -days 3650 -new -nodes -key root.key -out root.pem -config san.cnf openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf 4. Copy the 3 .pem files C:\Program Files\OpenSSL-Win64\bin : root.pem cert.pem Key.pem near your Unigui Project.exe 5. Add the cert.pem on the Windows Trusted Root Certificates (in case of a windows server). The most important step here, wich is not indicated on the Unigui doc : (FmSoft Team, could you please add it ) Copy your cert.pem on a temporary location, example C:\cert.pem Open PowerShell as admin Type these commands : $certPath = "C:\cert.pem" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath) $cert.Import($certPath) $certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList "Root", "LocalMachine" $certStore.Open("ReadWrite") $certStore.Add($cert) $certStore.Close() This will automatically add the certificat cert.pem on the trusted root certificats zone. If you want to do it in a single ligne (1 command ), just add ; between commands line1; line2; line3;....;line7 You can verify the new certificat, by openin win + R : mmc and go to the trusted root certificates zone 6. Run your Unigui SSL Project, and you will see the black padlock protected site. Have fun 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted June 27, 2023 Share Posted June 27, 2023 I compiled all above in program wich create a Self Signed Certificate in 3 secondes. Best Regards... See the updated program here : http://forums.unigui.com/index.php?/topic/18951-help-with-ssl-intranet/&do=findComment&comment=141667 Prg.7z 2 4 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.