SSL Issues with self-signed Cert and Website Identification

Q&A regarding installation and issues getting started with Servoy

SSL Issues with self-signed Cert and Website Identification

Postby joe26 » Tue Jul 25, 2017 9:02 pm

Hey guys,

I've been successful using a self-signed certificate in a non-deployed environment.

This past week, we've moved to a CA-certified, self-signed certificate, and have active encryption but no authorization to go to the website.

Both FireFox and Internet Explorer stop the load and display 'This website cannot be displayed.'

Apparently, this is due to the 'This website does not supply ownership information.' error. There appears to no longer be a way to actually permit exceptions in the browsers.

Comodo was the first choice, but seeking a sub-domain (subdomain.domain.com) CA cert, we moved to GoDaddy. Apparently, Comodo DOES provide them, but we were told that they did not by their support in India...

GoDaddy is not in the list of CA providers for JAVA installations. So, four iterations of Certificate Signing Requests later, received confirmation through https://htbridge.com/ssl that there is indeed an SSL handshake, agreement and a lunch date. This is one of few sites which can verify non-standard SSL ports. The website passed all that, except HIIPA certs which require > 2048 bit keys. I could, but won't.

There are (now) a number of certficate stores on the Windows (7.4.8 Servoy) installation, and cacerts, ~/.keystore, mykeystore.ks, keystore2.ks, keystore3.ks... you get the drift. There was a lot of testing. Scratch that, a lot of thrashing.

In the final pass, this last error seems insurmountable for quite a few FireFox and Internet Explorer users. (I don't feel the need to go Chrome, etc) And was unable to return to the self-signed, non-CA-ified SSL cert that worked well enough a few days ago. And this is just testing the https://servoyServer:8443/servoy-admin page.

So have those who have been successful, what works?

Does anyone use GoDaddy?

Having read the wiki.servoy stuff, there is http://www.instantssl.com, etc. Does anyone use these guys?

Did anyone have to revert to port 443 to comply with how the big boys want it done?

Ugh.

Thanks,
--Joe.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm

Re: SSL Issues with self-signed Cert and Website Identificat

Postby Mccourt.cordingley1372837951 » Wed Jul 26, 2017 10:19 am

Hi There

We have had success with lets-encrypt and also Comodo.
But to be honest I use the CloudFlare free tier full SSL option for most deployments now.

I find that when combined with Nginx as a reverse proxy with a self-signed cert it all just works.
I run several nodejs applications and 1 Servoy instance behind this setup all with SSL.

Regards
User avatar
Mccourt.cordingley1372837951
 
Posts: 28
Joined: Wed Jul 03, 2013 9:52 am

Re: SSL Issues with self-signed Cert and Website Identificat

Postby joe26 » Fri Sep 22, 2017 11:33 pm

I did get this working with a GoDaddy SSL cert, but cannot provide further details. Many attempts finally resulted in an SSL connection. I'll post more when the solution presents itself.

It may be the order in which the hierarchy is added to the keystore.ks file. And I did, later, add a self-signed code signing cert that did not seem to destroy prior work.
joe26
 
Posts: 172
Joined: Wed Jun 19, 2013 10:30 pm


Return to I'm just getting started

Who is online

Users browsing this forum: No registered users and 3 guests