NT11 TLS Program Load Error

[David]

NT 11.01, LetsEncrypt

I've installed Visual Studio 2017 (x86) runtime.  In reading the NT documentation Msvcr120.dll has a line through it which makes me believe I no longer need it since I installed VS 2017 runtime.  Note, the installed VS runtime is not in my program folder but wherever the installer put it.  I'm not sure where to go from here.

If I delete Msvcr120.dll then I get the following error:
[st] [netTalk][thread=1] NetSimple.ErrorTrap -73 Unable to Listen on TCP Port 443 NetSimple(Server).Open


With Msvcr120.dll in the program folder I get the following error and my site will not load:
SSL_Our_ServerListen : SSL Error. Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\myapp\certificates\localhost.crt] returns 0

[Bruce]

Hi David,

>> If I delete Msvcr120.dll then I get the following error:
>> [st] [netTalk][thread=1] NetSimple.ErrorTrap -73 Unable to Listen on TCP Port 443 NetSimple(Server).Open

Perhaps you did not deploy the current CLANET.DLL? the error above _suggests_ you are still using MSVCR120 - which it should certainly not need anymore. So either the new CLANET.DLL or perhaps the new libcrypto-1_1.dll / libssl-1_1.dll was not deployed. (the version on both of those should be 1.1.1.0 )

>> SSL_Our_ServerListen : SSL Error.
>> Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\myapp\certificates\localhost.crt] returns 0

You've presumably set your certificates folder to be
C:\myapp\certificates\

I'm also assuming you set a domain to localhost? So as to generate a local certificate (not a LetsEncrypt one?) did it get generated? Is OpenSSL.Exe in your app folder?

There should be 2 files in the C:\myapp\certificates folder - localhost.crt and localhost.key. Are the files there? If you open them in notepad do they look correct?

Cheers
Bruce

[David]

I reinstalled NetTalk 11.01 just to be sure.

Looking at the properties of the files in C:\Clarion11\accessory\bin

OpenSSL.exe - dated 8/14/2018, there is no version number
CLANET.DLL - dated 11/9/2018, there is no version number
libcrypto-1_1.dll - 1.1.0.9
libssl-1_1.dll - 1.1.0.9

So it looks like I don't have the new versions of libcrypto or libssl.  Is there another place the new files are installed other than the accessory\bin folder?

[Bruce]

Hi David,

Indeed the files in the install are old. I've fixed that for the 11.02 build (out later today).

[David]

NT 11.02 fixed the load error with MSVCR120.  However, I'm still getting an error when configuring a secure site.  The error I am getting is:

[4776] SSL_Our_ServerListen : SSL Error. Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\pnpStorage\certificates\localhost.crt] returns 0

My NT settings do not reference localhost anywhere.  I did a text search through the generated files in my code folder and accessories\libsrc & templates and there is no reference to localhost.  The localhost.crt file is not in the Certificates folder.

If I delete all certificate information, check  "Testing", and Click certificates I get a test certificate and I can browse my website on port 443.  I do get a certificate is invalid message which I expect.  If I uncheck "Testing" and restart my web server I get the localhost.crt error.  If I then check "Testing", Certificates I am again able to browse the website with an invalid certificate.  Below are my ServerSettings

-<ServerSettings>
<set.secureport>443</set.secureport>
<set.insecureport>80</set.insecureport>
<set.accountname>pnpStorage.com</set.accountname>
<set.domains>www.pnpStorage.com</set.domains>
<set.certificatesfolder>C:\pnpStorage\certificates</set.certificatesfolder>
<set.lastcertificatecheckdate>79585</set.lastcertificatecheckdate>
<set.staging>1</set.staging>
<set.webfolder>C:\pnpStorage\web</set.webfolder>
<set.acmefolder>C:\pnpStorage\web</set.acmefolder>
<set.bindtoipaddress>192.168.10.211</set.bindtoipaddress>
<set.sessiontimeout>90001</set.sessiontimeout>
<set.xframeoptions>sameorigin</set.xframeoptions>
<set.accesscontrolalloworigin/>
<set.stricttransportsecurity/>
<set.contentsecuritypolicy/>
<set.contentsecuritypolicyreportonly/>
<set.referrerpolicy>strict-origin-when-cross-origin</set.referrerpolicy>
</ServerSettings>

[David]

Figured it out!!

In the ThisWebServer Template the Host Names (CSL) was set to 'localhost'. No idea how that happened but once I changed it back to Set:Domains all was good.