Page 1 of 1

How to use SSL certificate for Smart Clients in LANs?

PostPosted: Tue Sep 26, 2017 9:57 am
by LXS
Hi,

we've a Servoy Smart Client solution which is deployed on a customer enterprise server.
The local clients use the internal IP address of the server to start the SmartClient (e.g. http://192.168.1.10:8080).
For external users there's a dyndns url and a NAT rule in the router to work remote. (e.g. http://my.dyndns.org:8080)
At the moment the default SSL encryption is enabled using default testkeys.

Now we want to create a own keystore to make the SSL encryption secure.
The goal is to make the Smart Client SSL encryption secure. The web pages (servoy-admin and servoy smart client start page) are not so important to run with https.
I've already read the documentation how to create a keystore and how to configure it.

The question is what domain/url should be set to the certificate?
Or is it possible to use SSL encryption for SmartClients when the server has two different addresses like in our case?

Or is the solution to create a network profile for external users (which uses a SSL certificate with a public domain) and the internal clients work with the default testkeys?

Thanks!
Alex

Re: How to use SSL certificate for Smart Clients in LANs?

PostPosted: Wed Oct 04, 2017 10:56 am
by LXS
No ideas? Am i the only one with this setup?

Re: How to use SSL certificate for Smart Clients in LANs?

PostPosted: Wed Oct 04, 2017 9:34 pm
by erdione
Usually you should use the same name for inside and outside url and setup the server url in servoy-admin

So if You have mydomain.com and the servoy server is myservoy.mydomain.com
myservoy.mydomain.com Is usually in the certificate and in servoy server url

For your name resolution
create a dns alias myservoy.mydomain.com to my.dyndns.org in your external dns server (usually managed by domain provider )
If you have a fixed internet IP address create an host record from myservoy.mydomain.com to your public fixed up adress

Inside your lan you need an internal dns server that should be able answer to internal lan request for myservoy.mydomain.com

In the internal dns you Create an alias record myservoy.mydomain.com to yourinternaservername or
A host record myservoy.mydomain.com to 192.168.1.10
It’s the idea

Re: How to use SSL certificate for Smart Clients in LANs?

PostPosted: Mon Oct 09, 2017 10:22 am
by LXS
Hi Fabrice,

thank you for your idea!
I'll try this solution!