SSL Setup Not Available

[webwilcox]

Using Clarion 10 and NetTalk 10 Server.  Trying to deploy a secure web server but the options aren't available on the security tab of the web server extension.  Is there something I need to do to make sure these are available to set up?

[Bruce]

Hi Brad,

you'll need to be more specific - what settings do you have in mind?

cheers
Bruce

[webwilcox]

Trying to find where I specify SSL/TLS and the certificate name.  Attached is a screenshot of the security tab of my web server extension.  According to the documentation, I believe I'm looking for a checkbox labeled "Use TLS to make the server secure" and I can't find it anywhere.

[frankacosta]

In NT10 it has been moved to the 'General' tab.  I believe the certificate and key names have to be renamed to 'mywebsitename.com.crt' &  'mywebsitename.com.key' in the certificates folder.  on the General tab you put in 'mywebsitename.com' in the Host Names field then put in your secure port and insecure port (443 & 80).  worked great for me
Frank

[Bruce]

Frank is correct.

The settings have been moved to the General tab (or removed).

The Cert and key options have been removed leaving just the Host names list.
Cert and Key files are now named with the host name plus .crt and .key)

I recommend checking out the upgrade documentation, especially this part;
http://www.capesoft.com/docs/NetTalk10/NetTalk10Upgrade.htm#WebServer

cheers
Bruce

[DonRidley]

Bruce did a couple of excellent webinars on the new features of NT10:


http://clarionlive.wikispaces.com

Check out numbers 422 and 424.  I think it was in webinar 424 where he gave an in depth look at the new SSL/TLS features and a walk through of the automated certificate system via Let's Encrypt.

Once I had my domain and DNS settings in place, getting my certificates was extremely easy.  Bruce has also included some warnings in the certificate process that will steer you in the right direction if you leave something out.

Anyway, good luck.

Don
 

[Jim A]

Don't have time to watch them right now, but what if this is an intranet and we don't have a domain name for it but just the ip address?

Thanks.

Jim

[Bruce]

Hi Jim,

>>  what if this is an intranet and we don't have a domain name for it but just the ip address?

Even on an internet you should have a "name" - typically the name of the server. So, for example, on my server "donald" I can run a web server, and then access it from a browser as

http://donald

In this case "donald" is a "local domain", you can use it inside your lan, but not, of course, on the internet.

NetTalk will still generate a certificate for you to use in this case. When you click on the certificates button then donald.crt and donald.key files will be created.

Of course these certificates are "not trusted" (because they are "self signed") so will cause a warning to appear in the browser. This is "normal" for SSL Intranet servers - there is unfortunately no way around this at this time (for LAN networking in general, nothing to do with NetTalk.)

Using an untrusted cert is still _waaay_ better than insecure HTTP traffic on the LAN though.

cheers
Bruce

[Jim A]

Thanks Bruce.  Exactly what I wanted to know.