SSL application and COMODO certificate-help

[hectorp]

Hi

Does anyone has experience installing a COMODO security certificate for a NetTalk application?

Appreciate any advice on this as I setup everything as BasicSSL (6) example suggest bust have no succes.

TIA

Hector

[JohanR]

Hello Hector

The help is quite good for this,
just follow the steps carefully.

I am no expert, but just following the steps works like a charm.

Do not forget to actually install the certificate once you have copied it into the "certificates" folder.
right click on the crt file and click install.


Johan

[hectorp]

Hi JohanR,

I just missed the Install part!

ITOH, what help is you referring to?

Appreciate your help.

[JohanR]

Hi Hector

I had exactly the same problem over the weekend and went round and round in circles for awhile <g>

Here is a link to the help.
http://capesoft.com/docs/NetTalk9/NetTalkWebSecure.htm

cheers,

Johan

[hectorp]

JohanR,

The whole day I'm pulling my hair trying to figure out this nonsense.

I'll go to sleep and look if I have success with a fresh mind in the morning.

Thanks
 

[hectorp]

Hello,

I think I'm having some progress here.

I'm getting the following message:

Your connection is not secure

The owner of 127.0.0.1 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

127.0.0.1 uses an invalid security certificate. The certificate is only valid for the following names: xxxxxxxxual.com, www.xxxxxxxual.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

It offer to add exception. If I add exception, then my application appears in the web browser.

Does the machine name has to be the same as the certificate name?

Using NetTalk 8.59.

Thanks for any help

[JohanR]

Hi Hector

I am hoping one of the pros can jump in here and help, I am strictly an amateur.
but I think the problem is....

The domain in the url must match the domain in the certificate.
Is the server outside of your own lan?
If inside then the url won't match the certificate as you are using localhost to connect to the server.
Your users that are connecting from outside would be using the domain to connect and then it would match the certificate and they should be fine.

HTH

Johan

[hectorp]

Johan,

Thanks for taking of your time to reply to my posts.

I have a domain which is forwarding the domain name to the secure server which is at my offices. The forwarding points to my public ip and port 443 (xxx.xxx.xxx.xxx:443).

I created a rout in the firewall so all incoming HTTPS traffic will be redirected to my secure web application.

I'm still having issues with the "Your connection is not secure". If I add the exception the I can see my web app.

Maybe I will have to request no signing to COMODO as there could be a problem with the cert signing.

Comodo sent me the following files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
mysitevirtual.com.crt

But I'm installing only mysitevirtual.com.crt which is my secure site.

Maybe I have to merge the first three with mysitevirtual.crt or maybe I have to install all crt.
 

Thanks for any clue.

[JohanR]

Hi Hector

I think you need to install all the CRT's they sent you.
and you need to test it from outside of your network.

If you send me a private mail with complete domain url test to johan_att_vineyardconnection.co.za and I can test


regards

Johan

[hectorp]

Hi,

Do I need to create the CertificateSigningRequest from within the same computer where the certificate will be installed?

[Bruce]

Hi Hector,

>> Do I need to create the CertificateSigningRequest from within the same computer where the certificate will be installed?

no.

>> I have a domain which is forwarding the domain name to the secure server which is at my offices. The forwarding points to my public ip and port 443 (xxx.xxx.xxx.xxx:443).

This is likely the root of the problem.

The key is this. the domain, in the address bar of the browser, must match the domain specified inside your certificate. In other words, if you got a certificate for www.capesoft.com then the DNS record for www.capesoft.com points to the IP address of the server.

Your description of your setup is a little incomplete, but it _sounds_ like you do not have a DNS entry set to your IP address, You are using the word "redirect". If your browser is indeed _redirected_ to an IP address then this setup will fail. Because then the browser address bar will show the redirected address (1.2.3.4) rather than the web site name (www.capesoft.com).

DNS is about _direction_ - resolving a name to an IP address. _REDirection_ is different and won't work with SSL.

If you post the URL you are experimenting with, then I can be more specific about what is happening.

Cheers
Bruce

[hectorp]

Hello Bruce,

I manage to make it works.

The URL is www.coopacvirtual.com.

But it only works if you enter https://www.coopacvirtual.com.

[Bruce]

if you leave the "protocol" part off then it defaults to http. your site is https, so that would be wrong.

You can make a second server if you like, running http, running on port 80, which just redirects to the secure server. That's easy to do (I can show you in the next user group webinar if you ask.)

cheers
Bruce

[hectorp]

Hi Bruce,

This morning I could no access the application from the web. Neither using one of the following:
www.coopacvirtual.com
coopacvirtual.com
https://www.coopacvirtual.com
https://coopacvirtual.com

But if I use https://67.xxx.xxx.xxx then I can access the secure site.

I attached some screen of how the application is configured to listen on port 80,443.
I confirmed the ports 80 and 443 are open in the firewall and traffic is pointing to the web server.

Could it be some wrong configuration in the Goddady Domain name forwarding?

Thanks

[hectorp]

Bruce,

This morning I noticed that the host (A) record which point to the public IP of the secure application
was somehow changed and is pointing to a different IP address.  

I will investigate with Goddady and see why this is happening.