Ario.Paxaz Posted October 17, 2023 Share Posted October 17, 2023 Quote create a Self Signed Certificate in 3 secondes. Hi, I created the files with this program , my app works fine on desktop, but for android I have a problem with connection is not secure. Have I made any settings wrong? Regards. Quote Link to comment Share on other sites More sharing options...
Ario.Paxaz Posted October 18, 2023 Share Posted October 18, 2023 @Abaksoft Hi, I made the settings according to your instructions and added the required files to the program. But on the server computer, when I enter the IP address, everything is valid, but on the other client, it is shown as invalid. please guide me. Regards. Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted October 18, 2023 Share Posted October 18, 2023 17 hours ago, Ario.Paxaz said: @Abaksoft Hi, Hello Ario, Good. 1. For PC client ( intranet), you have to export your new certificate from your server with : Win + R MMC Then import it to your PC client. That works fine for me. 2. For Android....Hummm... i did'nt succeed. I gave up. I just say to my customers to continue with this not secure site, when runing the url from mobile browser. 1 Quote Link to comment Share on other sites More sharing options...
erich.wanker Posted November 10, 2023 Share Posted November 10, 2023 Hi Abaksoft, Thanx for your PERFECT work .. i tried a lot! of things and found a solution for the Android Problem 😉 The maion problem is the "-extensions v3_req" 1. change in delphi: //A.2.2 root.pem stDays:=intToStr(365 * upYrears.Position); param:='req -x509 -days ' + stDays + ' -new -nodes -key root.key -out root.pem -config san.cnf -extensions v3_req'; ShellExecute(Application.Handle ,PChar('RunAs'),PChar(Fichier),PChar(param),PChar(Dossier),SW_HIDE); sleep(300); //A.2.3 cert.pem param:='req -x509 -nodes -days ' + stDays + ' -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf -extensions v3_req'; ShellExecute(Application.Handle ,PChar('RunAs'),PChar(Fichier),PChar(param),PChar(Dossier),SW_HIDE); sleep(300); 2. change in san.cnf [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_req x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = XX stateOrProvinceName = N/A localityName = N/A organizationName = Self-signed certificate commonName = Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names basicConstraints = critical,CA:true [alt_names] IP.1 =10.0.0.10 3. Export CA in Windows - and import it as CA in Android .. Works 🙂 3 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted November 13, 2023 Share Posted November 13, 2023 On 11/10/2023 at 3:00 PM, erich.wanker said: Hi Abaksoft, Thanx for your PERFECT work .. i tried a lot! of things and found a solution for the Android Problem 😉 The maion problem is the "-extensions v3_req" 1. change in delphi: //A.2.2 root.pem stDays:=intToStr(365 * upYrears.Position); param:='req -x509 -days ' + stDays + ' -new -nodes -key root.key -out root.pem -config san.cnf -extensions v3_req'; ShellExecute(Application.Handle ,PChar('RunAs'),PChar(Fichier),PChar(param),PChar(Dossier),SW_HIDE); sleep(300); //A.2.3 cert.pem param:='req -x509 -nodes -days ' + stDays + ' -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf -extensions v3_req'; ShellExecute(Application.Handle ,PChar('RunAs'),PChar(Fichier),PChar(param),PChar(Dossier),SW_HIDE); sleep(300); 2. change in san.cnf [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_req x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = XX stateOrProvinceName = N/A localityName = N/A organizationName = Self-signed certificate commonName = Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names basicConstraints = critical,CA:true [alt_names] IP.1 =10.0.0.10 3. Export CA in Windows - and import it as CA in Android .. Works 🙂 Oh...Super ! Many Thx Erich That works fine Just for our friends, when importing the Certificate on Android, depending on your Android ; 1. Go to Parameters 2. Wifi 3. Additional settings 4. Certificates Installation 5. Explore your directory to select your Certificat 5. Using Certificate as : VPN & Application (not Wifi) That' all NB: I will post soon here, the program "Certificate in 3 secondes" updated with your great bring. Thx again Erich 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted November 14, 2023 Share Posted November 14, 2023 Hello, Here is the updated "Certificate in 3 secondes" program, with an embeded Light OpenSSL version. (No need to install on your Customer Server OpenSSL). Thanks to Erich Wanker, with this version, you can use your Mobile with a secure portal. After running the program, you can check the Certificate with : Win + R --> MMC (see the video). Have fun. ice_video_20231114-134145.7z Prg_Certificate_2.7z 1 Quote Link to comment Share on other sites More sharing options...
erich.wanker Posted November 20, 2023 Share Posted November 20, 2023 PS. to install the certificate into Windows Trusted Root Certificates - i use: // Add the cert.pem on the Windows Trusted Root Certificates cert_pem := Dossier + 'cert.pem'; Chemin := ExtractFilePath( Application.ExeName ) + 'Data\OpenSSL\export.ps1'; // prepare the Script MyText := TStringlist.create; try MyText.Add( '$CertificateName = "UNIGUI_All_OS"' ); MyText.Add( '$Certificate = Get-ChildItem "CERT:\" -Recurse | ' ); MyText.Add( ' Where-Object {$_.FriendlyName -eq "UNIGUI_All_OS"} ' ); MyText.Add( 'Export-Certificate -Cert $Certificate -FilePath "'+ ExtractFilePath( Application.ExeName )+'\exportiertes_zertifikat\your_name.cer'+'" ' ); MyText.SaveToFile( Chemin ); finally MyText.Free end; sleep( 300 ); // Execute the Script ch := '/K powershell.exe -executionpolicy bypass -file "' + Chemin + '"'; Dossier := GetEnvironmentVariable( 'SYSTEMROOT' ) + '\System32'; ShellExecute( Application.Handle, 'runas', 'cmd.exe', PChar( ch ), PChar( Dossier ), SW_HIDE ); 1 Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted December 22, 2023 Share Posted December 22, 2023 A good news 😅 Incredible ! When opening the same app protected by our Self Signed Certificat, on a Customer iphone , the secure padlock appears. Without importing certificate ! "Wow...the secure warning did'nt appear... ". I said "Well it's an iphone..." He said. It seems that : extensions v3_req' Is a good recipe. Quote Link to comment Share on other sites More sharing options...
danmur Posted January 14 Share Posted January 14 On 11/14/2023 at 1:53 PM, Abaksoft said: Hello, Here is the updated "Certificate in 3 secondes" program, with an embeded Light OpenSSL version. (No need to install on your Customer Server OpenSSL). Thanks to Erich Wanker, with this version, you can use your Mobile with a secure portal. After running the program, you can check the Certificate with : Win + R --> MMC (see the video). Have fun. ice_video_20231114-134145.7zUnavailable Prg_Certificate_2.7zUnavailable Where can we foun it? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 15 Share Posted January 15 2 hours ago, danmur said: Where can we foun it? Which build and edition of uniGUI are you using? Quote Link to comment Share on other sites More sharing options...
danmur Posted January 15 Share Posted January 15 I'm trying the last trial version 1.95.0.1575 Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 16 Share Posted January 16 12 hours ago, danmur said: I'm trying the last trial version 1.95.0.1575 Thank you for your interest in uniGUI. On 1/15/2024 at 4:06 AM, danmur said: Where can we foun it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.