Hi All,
I'm trying to get my webservices secure, but can't get it to work in my test environment (locally, so I guess there is no firewall is involved ...)
I want all traffic with this server to be secure, so my documentation should only be visible when accessed over https and my methods too.
I created my CA certificate (see post last week: I did a OpenSSL (re-)install, it is now running version 1.1.0b, dated 26 sept 2016, but I don't think this is the culprit right now ...)
I added my CA-root certificate to both browsers (I use FF, but also tried IE), but both don't show my documentation, when I type "
https://localhost:443/myservicename".
- Firefox then shows the message something like "Unable to connect to localhost ... errorcode: SSL_ERROR_NO_CYPHER_OVERLAP"
- IE says I should activate TLS1.0 through 1.2 in my browser settings (which are activated ...)
I also tried calling a method from my (Clarion) webclient testing procedure (over port 443 and using the https "prefix"), but this gives "The error number was -53 which menas Open Timeout or Failure error - [SSL Error = 16].
The last error lead me to nettalk central (<g>) so I checked the netsimple code but it says "self.SSLMethod = NET:SSLMethodTLS" in the init method (and as far as I know, I'm not changing it ...)
the following is the code to activate ssl serverside (both files are present in the \certificates folder):
ThisWebserver.SSL = 1 ! Use SSL to make a Secure Web Server
ThisWebserver.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
ThisWebserver.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
ThisWebserver.SSLCertificateOptions.CertificateFile = 'certificates\webservice.crt'
ThisWebserver.SSLCertificateOptions.PrivateKeyFile = 'certificates\webservice.key'
ThisWebserver.SSLCertificateOptions.ServerName = '
www.tvdb.nl.crt'
ThisWebserver.MoveFolder(clip('web') & '\certificates','certificates')
I'm not sure what the "ServerName" property should contain in my test environment (I also tried "webservice.crt" ...).
I'm out of ideas right now ... Is there a way to somehow trace where this stuff stops working. I don't see any request coming in at the NT server, but I don't now wether https request show up there at all ?
Any help is really appreciated!
TIA,
Ton