Hi Jorge,
to best test this it might be useful for you to edit your HOSTS file, so that your actual domain points to 127.0.0.1
that way you can test locally still using the actual site address.
Also, it's probably worth you mentioning what version of NetTalk you are using. From your explanation of what you did it sounds like an old one.
>> I generated the crt and key certificates with the latest openssl - (both for localhost and 127.0.0.1).
this is what makes me think you're on old. Typically you can generate certificates just adding one, or both, of these to your domain list.
>> * I tried from the browser, that was one of the latest things that worked, but not anymore.
what does your browser say?
>> * It is not locked by any antivirus or firewall. I made a small Clarion testing program, to send a GET to the server, and when I try locally (for example, to
https://localhost:1741 or to
https://127.0.0.1:1741) it says the error was -69 which means the SSL remote certificate failed verification.
Of course it will fail. It will fail in your browser too. generating your own certificates locally (for IP addresses, or localhost) means those certificates are not signed by a CA, and so are "untrusted". This will cause most clients to fail. In aNetTalk web client you need to turn off the test for the certificate so it "doesn't check against CARoot.Pem."
<< * The server starts successfully, it says it loaded the certificates, 0 errors.
sure.
>> * The server shows there -was- a connection attempt. But it gives no error, nothing.
sure. The server doesn't care if the client failed to connect.
>> * If i started the server for localhost I tried calling localhost and used localhost named certificates, same for 127.0.0.1 - all matching)
yes but not _trusted_ certificates. (It is not possible to get a trusted certificate for localhost or 127.0.0.1. Which is why setting your local HOSTS file is probably your best bet for this sort of testing.
>> * The problem seems to be in the side of the server... But I'm not sure what else to try.
>> ** Do the openssl certificates are no longer valid for a local test??
They're valid, but they're not trusted. So your browser / client needs to bypass the trustworthy test.
>> ** What I need to test is the server response under certain conditions and performance related LOCALLY, the connection over the web works perfect!!! What am I missing for testing the server locally?
You're missing an understanding of the limitations of self-signed certificates.
>> So later, I tried connecting to the non-secure port. From Postman, succeed! It indeed connected locally.
It succeeded because it's ignoring the trustworthiness of the certificate, because it likely knows you can't trust certs on that address.
Connecting to the insecure port simply returns a redirect (assuming you are on NT10 or later) and it is following that redirect.
>> What else should I change to get the same result as Postman?
net.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = true
Cheers
Bruce
Topic: Help connecting with rest server locally? Get error -69 (Read 2332 times)