SSL for servoy-webclient & servoy-smartclient

Harjo · May 5, 2011, 12:51pm

HI there,

I have succeeded to get my servoy-client / servoy-admin & servoy-webclient to start with SSL (https) with a validated sub-domain certificate for one year, for free :-)
(Will soon post a manual, on how todo that)
For testing purposes I’m now using port 8888

Now I have the following question:
I now, set the keystore file and the passphrase also in the servoy-admin page (useSLL is selected) → restart server.
My servoy.properties file, contains the line:

SocketFactory.rmiServerFactory=com.servoy.j2db.server.rmi.tunnel.ServerTunnelRMISocketFactoryFactory

When I now connect, I can choose out of 2 different connections strings:

https://mydomain:8888/servoy-client/mySolution.jnlp

(connectionMode = http&socket, so rmi port 1099 is needed)

and by using a profile: tunnel

https://mydomain:8888/servoy-client/tunnel/mySolution.jnlp

The profile contains this:

system.property.SocketFactory.tunnelConnectionMode=http
system.property.com.sebster.tunnel.http.client.chunked=false
system.property.com.sebster.tunnel.http.client.closeRequestOnFlush=false

With both Url’s I now get the following error:

avax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
   at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
   at com.sebster.tunnel.impl.qe.a(qe.java:9)
   at com.sebster.tunnel.impl.pe.connect(pe.java:9)
   at com.sebster.tunnel.DelegatingTunnelClient.connect(DelegatingTunnelClient.java:5)
   at com.sebster.tunnel.impl.w.<init>(w.java:8)
   at com.sebster.tunnel.multiplexer.rmi.ClientMultiplexedRmiSocketFactoryProvider$1.<init>(ClientMultiplexedRmiSocketFactoryProvider.java:2)
   at com.sebster.tunnel.multiplexer.rmi.ClientMultiplexedRmiSocketFactoryProvider.<init>(ClientMultiplexedRmiSocketFactoryProvider.java:10)

When I clear both the keystore & keystore passphrase AND useSLL = selected, after restarting server, everything is working fine.
(But now, servoy-admin is complaining, that I did’nt set my own keystore and passphrase: THIS IS NOT SECURE!!)

When I set the useSLL = unselected/false, everything is working fine also, BUT still the smartclient says at the bottom of the screen: SSL encryption is used. :shock:

So I’m a bit confused, do I need to set my own keystore & passphrase in the servoy-admin page, when I have already set the servoy tomcat to SSL?
(remember, I have two connections strings: one with rmi, and one with http tunnel)

Harjo · May 5, 2011, 2:28pm

I have completely removed now the tomcat SSL and just tried setting the keystore file & passphrase into the servoy-admin page, but I’m getting the same error again.

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
	at com.sebster.tunnel.impl.qe.a(qe.java:9)
	at com.sebster.tunnel.impl.pe.connect(pe.java:9)
	at com.sebster.tunnel.DelegatingTunnelClient.connect(DelegatingTunnelClient.java:5)
	at com.sebster.tunnel.impl.w.<init>(w.java:8)
	at com.sebster.tunnel.multiplexer.rmi.ClientMultiplexedRmiSocketFactoryProvider$1.<init>(ClientMultiplexedRmiSocketFactoryProvider.java:2)

I have trusted the certificate, for my domain here: https://www.startssl.com/?app=40
(StartSSL Free, class 1)

imported this into my keystore + two root certificates (2 *.pem files from startssl.com)
SSL with webclient is working great ( I see the green SSL sign, in my URL-bar)

Has it something todo, that this is a class 1??

Harjo · May 6, 2011, 6:31am

Anyone?

ROCLASI · May 6, 2011, 7:23am

Hi Harjo,

I know StartSSL has a page where they explain how to install their certs in specific services. Did you follow the Tomcat guidelines on their site?
In my experience not every cert is installed the same way (at least when using a webserver, not sure about Tomcat)

Harjo · May 6, 2011, 7:27am

Hi Robert,

if you read carefully, I have no trouble at all, with Tomcat SSL!! webclient is working fine…

When I want to use the keystore file, for the smart client, than things go weird!!

ROCLASI · May 6, 2011, 7:33am

Harjo:
if you read carefully…

Reading ? Hey, I am a Mac user…we don’t read anything

Anyway, I think this one is for Johan/Sebastiaan.

Harjo · May 6, 2011, 7:47am

:lol:

yeah, I need a guru!

Westy · May 6, 2011, 10:25pm

Harjo:
I have succeeded to get my servoy-client / servoy-admin & servoy-webclient to start with SSL (https) with a validated sub-domain certificate for one year, for free
(Will soon post a manual, on how todo that)…

Really looking forward to your manual. We need it for https with webclient.

Dean

Harjo · May 7, 2011, 8:50am

HI Dean,

first I want to sort some things out, but there seams to be not so much SSL knowledge here!

jcompagner · May 17, 2011, 2:59pm

that keystore/certificate will not work as far as i can see for java to java communication, because that CA (StartCom i believe) is not (yet) added to the system certificate store of java.

Topic		Replies	Views
Smartclient on https not working Classic Servoy	7	7213	April 2, 2010
SSL Installed --> Servoy fails Classic Servoy	5	2631	July 28, 2010
Recent Success On Using Self-Signed Certificate For SSL? Classic Servoy	3	5715	April 28, 2017
SSL Classic Servoy	35	29285	March 17, 2013
Force Webclient To Use SSL? Classic Servoy	8	6503	December 7, 2012

SSL for servoy-webclient & servoy-smartclient

Related topics