SSL / HTTP with Servoy Server Question

Questions and Answers on installation, deployment, management, locking, tranasactions of Servoy Application Server

SSL / HTTP with Servoy Server Question

Postby vik.lamp.vl » Thu Oct 13, 2022 4:26 pm

Hey guys,

I have a general question about the topic SSL/HTTPS with Servoy.

What if:
A developer has about 100 legacy Customers which are using a Servoy-App Server and the Smart-Client.
Every customer got his own App-Server at his office. Some are typical Server-Client connections, some use only one PC on which the Client is the Server (localhost:8080/solutions/...).

How does the developer configure the SSL certificate? If i understand it correctly the certificate needs to be signed from a CA with the specific domain of the Server on which the App-Server is running?
That would mean, for every customer the dev needs to get a certificate for his server? That would be a ton of work. Get the domain of the customer, create a certificate, get it signed for a fee, etc... And what about the customers which are using the same PC as server and client? If i remember correctly you cant sign a certificate under "localhost...".

Or can the dev just create a certificate, get it signed by a CA and then roll the same certificate out to every customer? As the domain he would use his company-name/domain for example?

All of that would not matter when he switches to SaaS so every customer connects to the main-server.

Im kinda stuck at this question right now.

---
I hope you can help me with that question, maybe even a quick guide on how you handle that. I already read the guide on servoy.com but this question i cant explain to myself.

Thanks in advance.
-Vik
vik.lamp.vl
 
Posts: 25
Joined: Wed May 26, 2021 3:37 pm
Location: Germany

Re: SSL / HTTP with Servoy Server Question

Postby robert.edelmann » Mon Oct 17, 2022 3:09 pm

When it's only a connection within the same network, why are you even bothering with SSL?

Against what kind of attack do you need a defense? Someone with physical access to the internal switch/server could log the traffic without SSL, but with access to the server the attacker already has the certificate, and the password from the config-files in Tomcat.

We generally deactivate ssl-certificates when running servers on premise / when external access comes only via vpn.

If the customer insists on using certificates they usually use self-signed certificates which are trusted via the internal windows authority which is enough for Smart/Webclient and newer NG Desktop-Clients.
mit freundlichen Grüßen
Robert Stefan Edelmann
User avatar
robert.edelmann
 
Posts: 91
Joined: Wed Aug 14, 2013 6:12 pm


Return to Servoy Server

Who is online

Users browsing this forum: No registered users and 6 guests