Many thanks to Bruce and others that have guided me through the process. I have learned a lot and thought I would document my experience......
Introduction:
As standard, Nettalk provide a “self certified” SSL certificate which is fine for testing purposes, but any user accessing the site will get warnings from their browser to the effect that the site is not trusted – this is obviously unacceptable for end users.
The certificate comprises two files:
xxxxx.crt
and xxxxx.key
By default xxxxx is “Settings”, so we have Settings.crt and Settings.key
The solution to avoid these warnings is to get an official SSL certificate from one of a number of suppliers. The cost of these varies enormously from about $8 per year to several hundred dollars per year. I have successfully purchased a 1 year certificate for a single domain (actually a sub domain) for $8.90 from
www.globessl.com The following steps were needed to create the certificate files:
1. Go to C:\Clarionx\3rdparty\bin\MakeCertificates folder
2. Run batch file CreateCertificateSigningRequest.bat which will ask for various information about the domain (or sub domain) and its owners etc. See "Create Certificate Signing Request" at
http://www.capesoft.com/docs/nettalk/NetTalkWebSecure.htm#Getting_a_Paid-For_certificate 3. The process in 2. above will generate two files:
a) C:\Clarionx\3rdparty\bin\MakeCertificates\YourCARoot\certs\ForRealCSR.crt
This contains the text of the Cert. Signing Request which you will need to copy in its entirety into clipboard ready to paste into the SSL provider's website when asked. NB. You can test the copied code by pasting into
https://www.networking4all.com/en/support/tools/csr+check/ b) C:\Clarionx\3rdparty\bin\MakeCertificates\YourCARoot\private\ForReal.key
This is a private key file which you should copy to the \Web\Certificates folder of your webserver and rename as appropriate, eg. Settings.key
4. After you have registered and paid and clicked on verification email etc. from GlobeSSL, they will email you a .crt file which will be named as "your domain.crt". You need to copy this to the \Web\Certificates folder of your webserver and rename as appropriate, eg. Settings.crt
5. Ensure that your domain or subdomain is pointing to the correct folder that the nettalk webserver is installed in and that the webserver app is running and set to port 443 and SSL is enabled. It should then just work and the browser will not issue any warnings and will verify that there is a valid certificate!
It has been a bit of a learning experience for me, but if you follow the above steps, you should be able to do everything in a very little time.
Some things I have learned along the way.....
- SSL certificates can only generally be issued to domain names or sub-domains and not to an IP address
- Shop around for SSL providers as the costs vary enormously
- A SSL certificate can be set up and working in minutes
- The SSL provider can be completely independant of the domain name registrar and independant also of the host of the webserver
- You can easily "point" a domain or sub-domain at any IP address by simply editing the "A" record's IP address by logging into the domain name registrar's website. I have just pointed the "A" record at the IP address of my own office and set Port redirection of Port 443 on my router to point at the internal IP address of the PC running the webserver app. The effect of this repointing could take a number of hours to become live.
Cheers
Ian
Topic: Hosting A Nettalk app / SSL (Read 12509 times)