Servoy Forum

[adamk]

I bought an ssl certificate from Verisign, but I can't get my browser to trust it.
After I created a keystore file, I imported the root certificate from Verisign, the intermediate certificate from Verisign, and the signed Certificate that I purchased from Verisign (in that order).
I edited my server.xml file to include

<Connector port="443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="absolute_path_to_servoy_folder\server\conf\servoy.ks" keypass="my_keystore_password" />

I put the keystore file in servoy_folder\server\conf\. I went to the Servoy admin page and added the absolute path to the keystore file and the password and restarted Servoy.

Now, when I go to the web site hosted by Servoy, my browser gives me a warning whenever I try to access an https page. IE7 says "The security certificate presented by this website was not issued by a trusted certificate authority."
If I look at the properties of my certificate, my domain name is listed for both Issued to: and Issued by:.
I'm not testing this on my production server, so I edited my hosts file so that my domain name points to the computer I'm testing this on.

Our hosted solution is used by customers all over the country, and we don't want them to have to tell their browser to trust the certificate. How can I get web browsers to trust my certificate by default?

Servoy Developer
Version 3.5.6-build 519
Java version 1.5.0_14-b03 (Windows XP)

[pbakker]

Most likely the import of your certificates into your keystore was not done 100% correctly.

Few pointers from the top of my head:
- When you create the keystore, you supply an alias.
- The root and intermediate certificates that you get from your third party vendor you can import under whatever alias you want.
- But the Signed Certificate, the one holding your domain info, needs to be imported with the same alias as the alias with which you created your keystore
- Then, in the server.xml in the Tomcat installation, you also have to add the alias to the connector. Really from the top of my head: keyAlias="xxxx", where xxx is offcourse your chosen alias.

Hope that helps,

Paul

[adamk]

Thank you, Paul. That was just what I needed. I've been trying to get that to work for a while now. I'm surprised that there is not already a complete guide to getting SSL to work with a website hosted by Servoy. I'll have to amend my own guide with what you just told me.

Now an additional issue. I'm not sure if I should make an additional post about this. I have already submitted a bug report about it.
My website now works properly with my SSL certificate and my browser tells me the connection is secure, but I have a problem with fillable PDFs. When not using SSL, fillable PDFs open and I can fill them out and submit them. But when SSL is enabled, whenever I try to open a fillable PDF, by browser tells me the page cannot be displayed. If I edit the URL and remove the 's' from 'https', the form opens. But then, when I sumbit the form, I get kicked out of the solution and brought back to the login page. Is this a bug with the fillable PDF plugin, or is there some way for me to fix the problem?

[pbakker]

An updated SSL Guide with this information is in the works.

Regarding the PDF issue. I'm not sure how that is supposed to work exactly, but I'll make sure the case you created is addressed.

Paul