fabiorov Posted May 16, 2020 Posted May 16, 2020 Hi everybody I bought a SSL certificate from godaddy: - They automatically generated the files "generated-csr.txt" and "generated-private-key.txt" and allowed me to download them. - Later, they sent me an email, and I was able to download the files "af6d14e9d.......crt", "af6d14e9d........pem" and "gd_bundle-g2-g1.crt" - I cannot follow the exact steps that unigui suggests with godaddy because the already generated the key and csr files Could anyone help me? Thanks in advance! Quote
Mehmet Emin Posted May 17, 2020 Posted May 17, 2020 Match those files like this: SSL.SSLOptions.RootCertFile := 'gd_bundle-g2-g1.crt'; SSL.SSLOptions.CertFile := 'af6d14e9d.......crt'; SSL.SSLOptions.KeyFile := 'generated-private-key.txt'; or af6d14e9d........pem keyfile should contain -----BEGIN PRIVATE KEY----- (keep it secure) RootCertFile should contain one or more -----BEGIN CERTIFICATE----- (incase of bundle) CertFile contains single -----BEGIN CERTIFICATE----- (this is your certificate) Some thing like this inside UniGUIServerModuleBeforeInit LSSLDir := TPath.Combine(TPath.Combine(TPath.GetPublicPath, PROGRAM_DATA_DIR), 'SSL'); LRoot := TPath.Combine(LSSLDir, 'gd_bundle-g2-g1.crt';); LCert := TPath.Combine(LSSLDir, ''af6d14e9d.......crt'); LKey := TPath.Combine(LSSLDir, ''generated-private-key.txt'; or af6d14e9d........pem'); if FileExists(LRoot) and FileExists(LCert) and FileExists(LKey) then begin SSL.SSLOptions.RootCertFile := LRoot; SSL.SSLOptions.CertFile := LCert; SSL.SSLOptions.KeyFile := LKey; SSL.SSLOptions.Method := sslvTLSv1_2; SSL.SSLOptions.Mode := sslmServer; SSL.SSLOptions.SSLVersions := [sslvTLSv1_2]; SSL.Enabled := True; Log.Info('SSL.Enabled listening Port[' + IntToStr(SSL.SSLPort) + ']', LOG_MAIN); end; 1 Quote
Mehmet Emin Posted May 18, 2020 Posted May 18, 2020 If you set a password (not mandatory but good thing) when generating your certificate at godaddy. Then I think you have to set this password to SSL.SSLPassword before enabling ssl. .... SSL.SSLOptions.Mode := sslmServer; SSL.SSLOptions.SSLVersions := [sslvTLSv1_2]; SSL.SSLPassword := 'the password you used during certificate generation'; SSL.Enabled := True; 1 Quote
fabiorov Posted May 18, 2020 Author Posted May 18, 2020 they didn't ask for password when generating the certtificates Quote
Mehmet Emin Posted May 18, 2020 Posted May 18, 2020 I recommend you go to https://zerossl.com/ and generate a new free certificate (dont set password for certificate) and test with that one. And follow the steps above. Make sure to load files into correct properties. Your private key, your certificate and root certificate(may be with bundle). Good luck 1 Quote
Administrators Farshad Mohajeri Posted May 18, 2020 Administrators Posted May 18, 2020 On 5/17/2020 at 1:21 AM, fabiorov said: Hi everybody I bought a SSL certificate from godaddy: - They automatically generated the files "generated-csr.txt" and "generated-private-key.txt" and allowed me to download them. - Later, they sent me an email, and I was able to download the files "af6d14e9d.......crt", "af6d14e9d........pem" and "gd_bundle-g2-g1.crt" - I cannot follow the exact steps that unigui suggests with godaddy because the already generated the key and csr files Could anyone help me? Thanks in advance! generated-csr.txt This is your key.pem. Quote If you open your key file, it must look like this: -----BEGIN PRIVATE KEY----- MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC5I4QtWEREyDJM ltWdd/2UL4j/s+wZj81fFRJQkDn1X293VHwlIXuIgXI5v0ao3vYJupHaRR3YUm7y H6+aGvhVI13fR7/M6QBJVO9RHmOFThBzHUYcIObT2CR4BSGkfmgJPX+b45n8TIJf NoX50WrXH0X9w8dBV0SX2dIT67caW/uVvjvGfKC62uPY71mWu+ttRPwMeMbv0Kx1 BmqNAAtYVUiB2ZcpMfESaePX3vpAS9VS7i8NnRT/cPXsdNUcRbt2zp+ooN22lNb+ oRES8A65hyvwPBsfAUwKPnscqDZKJV4WsoAVYXkPIyglGglWq8hx7npC0nKNtEnX aBex6XDVAgMBAAECggEBAKqFBdbl92sKoRldy75PqCV2as5pH0qj4lpzA/1j+Z4A mp/kFrv0TN17rIN3o1MimKZ5SqEpC8YUls83U/uyX4u7GVjvsr6+1F62df3W6X78 . . 69efJH4sd0GO58FyFtN202FllBL9BCvTu6WWCC7SbMYsSe4GjuRvWTQuwloyrdwu 5HbTE0TYbQ1HkwqSASZvVF+UgSg= -----END PRIVATE KEY----- Quote
Administrators Farshad Mohajeri Posted May 18, 2020 Administrators Posted May 18, 2020 Quote root.pem is your root certificate and must be obtained from your SSL provider. For our GoDaddy example, it is in file gd_bundle-g2-g1.crt file. You can open the file in editor and check its format. It must start with -----BEGIN CERTIFICATE----- . Just rename it to root.pem. -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE . . . 91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2 RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB -----END CERTIFICATE----- cert.pem is your site certificate. You received it from GoDaddy with a file name like 98d81da6dfe2095b.crt. Rename this file to cert.pem and you are done. Quote
fabiorov Posted May 18, 2020 Author Posted May 18, 2020 I've done all of that without sucess. Is there any chance that I give access by teamvier to my machine, to allow you to check? Quote
fabiorov Posted May 18, 2020 Author Posted May 18, 2020 I tried with ZeroSSL, I got my certificate , downloaded the 3 files, but I get this error: Quote
Mehmet Emin Posted May 18, 2020 Posted May 18, 2020 Do you have correct ssl dll available check unigui framework installation folders for those and put them some where you process can find Quote
epos4u Posted May 18, 2020 Posted May 18, 2020 5 hours ago, Mehmet Emin said: I recommend you go to https://zerossl.com/ and generate a new free certificate (dont set password for certificate) and test with that one. And follow the steps above. Make sure to load files into correct properties. Your private key, your certificate and root certificate(may be with bundle). Good luck Hi Mehmet, can you get free ssl for vpn which i only have IP address and no domain name Quote
Mehmet Emin Posted May 18, 2020 Posted May 18, 2020 1 minute ago, epos4u said: Hi Mehmet, can you get free ssl for vpn which i only have IP address and no domain name I never used ssl in that way. I dont now. Just buy a domain an do dynamic dns. so that you will have the domain name 1 Quote
fabiorov Posted May 18, 2020 Author Posted May 18, 2020 I checked the DLL files, I re-copied from unigui folder. They're fine Quote
Mehmet Emin Posted May 18, 2020 Posted May 18, 2020 You are getting this error message SSL.SSLOptions.Method := sslvTLSv1_2; SSL.SSLOptions.SSLVersions := [sslvTLSv1_2]; Although I recommend above dont set them for now. They are more secure but you may get some errors while debugging and client connects. just ignore of this exception type. Quote
fabiorov Posted May 18, 2020 Author Posted May 18, 2020 If I ignore them, the page finally doens't work .... Copuld you access my pc to check? Quote
Administrators Farshad Mohajeri Posted May 18, 2020 Administrators Posted May 18, 2020 Your uniGUI version? Quote
Administrators Farshad Mohajeri Posted May 19, 2020 Administrators Posted May 19, 2020 Do you have access to recent builds? Quote
fabiorov Posted May 19, 2020 Author Posted May 19, 2020 No, we are planning to buy updates to latest releases, but in about 3 months Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.