Need help in changing my app to SSL

[sukhendu]

1) Following AlwaysSSL(9) app, I changed my apps's settings to port 443 and turned ON use ssl and certificates to 'certificates\settings'.  Compiled and run

2) NT webserver created an empty certificates folder.  So the https://127.0.0.1:443 did not work.

3) Exited the webserver.  Copied the certificates folder from AlwaysSSL(9) to my program folder and over written the empty certificates folder.

4) Started the webserver.  Now https://127.0.0.1:443 does nothing, keeps spinning and times out.

5) changed  'certificates\settings' to  'certificates\settings.crt'.  Now getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What am I missing? Do I need to create a new certificate?

Thanks - Sukhendu

[Robert Iliuta]

did you deploy all dll?
http://www.capesoft.com/docs/NetTalk9/NetTalkWebSecure.htm#DeployingSecureWebServer

also check manual for understand how ssl works. Following the examples doesn't make to understand the concept of ssl ;-)
http://www.capesoft.com/docs/NetTalk9/NetTalkWebSecure.htm#Introduction

/Robert

[sukhendu]

Robert,

Thank you for your reply.  I have complied and ran the NT Example app AlwaysSSL(9) and BasicSS(6) in my computer. Both work (https://127.0.0.1:443) fine.  On the same computer my app shows the error I had mentioned.  All the NT related dlls are present.

After changing the port number to 443 and copying the certificate from NT example what else do I have to tweak in my app to make it run on the same computer as the NT examples apps?

-Sukhendu

[Flint G]

Sukhendu,

I would make certain that you copy the following DLLs from your clarion/accessory/bin directory to your working directory (the directory where your EXE is running from):

• libeay32.dll
• libssl32.dll
• msvcr90.dll
• ssleay32.dll

Then make sure you copied both the .crt (public key, or "certificate") AND .key (private key) to your working certificates directory.  You should now have two files in your certificates directory:

• settings.crt
• settings.key

If either one is missing, then your app can't load it into memory, and the handshakes will fail.

Then make sure you change the 'certificates\settings.crt' back to 'certificates\settings', in your app.  If you have copied the code from the example, chances are it is appending the extensions automatically.

Do I need to create a new certificate?

When you deploy, definitely, yes.  But for local testing, there's no need.

[Bruce]

>> After changing the port number to 443 and copying the certificate from NT example what else do I have to tweak in my app to make it run on the same computer as the NT examples apps?

make sure you ticked on the Text box to make your app "secure".
In NT9 it's on the Securiry tab as we saw in the webinar yesterday - it's an expression now, but I think in NT8 it was still a checkbox.

>> Then make sure you change the 'certificates\settings.crt' back to 'certificates\settings', in your app.

yes. You are in NT8 so this is important. In NT9 and later you would add the extensions.

cheers
Bruce

[sukhendu]

Thank you Flint and Bruce.
I found my problem, wrong path. I had a setpath(glo:myvariable) statement.  That was causing the certificates folder in a different location.  Using '\certificates\setting' and now it is working.