SSL

Forum to discuss the Web client version of Servoy.

SSL

Postby aalonzo » Fri Jul 20, 2007 12:30 am

Is it possible to use SSL with webclient and if so can you tell what needs to be done to do so.

Thanks in advance for your help
Armando Alonzo
Senior Developer
Waves in Motion/
WorqSmart
User avatar
aalonzo
 
Posts: 36
Joined: Thu Nov 09, 2006 9:06 pm
Location: Phoenix, AZ

Postby Dexadrine » Fri Jul 20, 2007 12:46 pm

Good question, I have a requirement for this also...
Paul
Edgeward Digital Design & Development
Servoy Developer - London
Dexadrine
 
Posts: 96
Joined: Wed Jun 07, 2006 12:25 pm
Location: London

Postby ngervasi » Fri Jul 20, 2007 12:54 pm

I guess you should edit Tomcat settings for SSL but a nice HowTo from the Servoy team would be really appreciated... ;)
Nicola Gervasi
sintpro.com
SAN Partner
ngervasi
 
Posts: 1485
Joined: Tue Dec 21, 2004 12:47 pm
Location: Arezzo, Italy

Postby aalonzo » Sat Jul 28, 2007 9:43 pm

I would llike to repost this issue. Is there anyone out there that has experience with using SSL and Webclient. I could really use some help!
Armando Alonzo
Senior Developer
Waves in Motion/
WorqSmart
User avatar
aalonzo
 
Posts: 36
Joined: Thu Nov 09, 2006 9:06 pm
Location: Phoenix, AZ

Postby pbakker » Mon Jul 30, 2007 5:07 pm

You need to add the following to <servoy_dir>/server/conf/server.xml:
Code: Select all
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" >
           </Connector>


Secondly, you need to create a keystore: run the following in the bin-directory of your java directory, while connected to the system under the same user Servoy runs under:
Code: Select all
keytool -genkey -alias tomcat -keyalg RSA


Now restart Servoy Server and you should be up and running under HTTPS.

Offcourse, you most likely want to use a third party certificate, but this should get you going.

Paul
pbakker
 
Posts: 2822
Joined: Wed Oct 01, 2003 8:12 pm
Location: Amsterdam, the Netherlands

thank you

Postby aalonzo » Mon Jul 30, 2007 5:16 pm

Thank you very mauch Paul. I owe you :D
Armando Alonzo
Senior Developer
Waves in Motion/
WorqSmart
User avatar
aalonzo
 
Posts: 36
Joined: Thu Nov 09, 2006 9:06 pm
Location: Phoenix, AZ

Postby pbakker » Mon Jul 30, 2007 6:59 pm

BTW: full details on SLL config within Tomcat 6 (used by Servoy 3.5) can be found here:http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Paul
pbakker
 
Posts: 2822
Joined: Wed Oct 01, 2003 8:12 pm
Location: Amsterdam, the Netherlands

Postby sbutler » Tue Aug 07, 2007 4:52 pm

You may also need to add in the path to the keystore file.

Code: Select all
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
             maxThreads="150" scheme="https" secure="true"
             clientAuth="false" sslProtocol="TLS"
             keystoreFile="/Users/admin/Documents/ssl_certs/servoy.ks" keystorePass="myPass" />


where keystoreFile=... is the path to your keystore. and keystorePass=... is the password for that keystore.
Last edited by sbutler on Thu Aug 16, 2007 6:06 pm, edited 2 times in total.
Scott Butler
iTech Professionals, Inc.
SAN Partner

Servoy Consulting & Development
Servoy University- Training Videos
Servoy Components- Plugins, Beans, and Web Components
Servoy Guy- Tips & Resources
ServoyForge- Open Source Components
User avatar
sbutler
Servoy Expert
 
Posts: 759
Joined: Sun Jan 08, 2006 7:15 am
Location: Cincinnati, OH

Postby ngervasi » Thu Aug 16, 2007 5:58 pm

Paul hint is ok for Servoy developer but if you are configuring Servoy Server on Windows keep in mind that Windows run service as the Default User and so you have to place your keystore in /Users and Settings/Default User or specify the location in the tomcat config file otherwise it won't work.
Nicola Gervasi
sintpro.com
SAN Partner
ngervasi
 
Posts: 1485
Joined: Tue Dec 21, 2004 12:47 pm
Location: Arezzo, Italy

Re: SSL

Postby dpearce » Mon Mar 07, 2011 12:53 am

Sorry, this is a very late addition to this post.

If using the Sebster tunnel, would you then need to install the ssl on apache and then add an apache prox to forward the https port to the tomcat server https defines port?

or could you just forward port 80 to the ssl port defined in tomcat?

David
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby sebster » Mon Mar 07, 2011 7:09 pm

You don't need to use apache to use the tunnel.

For the tunnel you have 2 options:
1- Use plain http but turn on SSL in the servoy admin pages. This will use SSL over port 80. This is not 100% secure because somebody could use DNS spoofing to make you start the client from a different server.
2- Use tomcat to provide SSL and start the client via HTTPS. Turn off SSL in the admin pages. Now the tunnel just works over https and this is secure.

If you are using an apache proxy, or want to use an apache proxy for whatever reason, that is perfectly fine. In that case apache should provide the SSL (SSL termination) and send the requests to the backend tomcat server on the regular http port.
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby dpearce » Mon Mar 07, 2011 7:36 pm

Thanks Seb,

I am using the apache proxy as I have multiple instances of servoy server running :) you cannot forget it!! Anyway it has been working great!

So I will just proxy the SSL port to the same port and i guess I leave the AJP as it it, just configure a proxy but on the SSL port instead of 80.
Thanks

David
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby sebster » Mon Mar 07, 2011 7:39 pm

Yes, everything is exactly the same except you create a virtual host on port 443 with ssl enabled.
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby dpearce » Sat Mar 12, 2011 12:22 pm

Thanks Seb,

Its odd I have the proxy working on https, but which take to me webclient solution chooser in https,

as soon as I click on the solution then it reverts back to http.
Code: Select all
        ProxyPreserveHost On
        ProxyPass /tunnel ajp://localhost:8014/tunnel flushpackets=on
        ProxyPass / http://localhost:8085/
        ProxyPassReverse / http://localhost:8085/


So could that be i need to change the servoy.jnlpCodebaseOverride from http to https?

I assume what I am saying in the proxy is take the packets from https and forward them to http 8045 and then back again to http 8045 and then back through the https port to my user.

Hence that looks OK and servoy itself doesnt need to be secured as apache is doing the https.

So is it that line in the server settings, which reverts traffic back to the http port?

Thanks

David
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby sebster » Sat Mar 12, 2011 1:31 pm

You need to change the jnlp codebase override to https, that should be all. That's the URL the client uses to connect.
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Next

Return to Servoy Web Client

Who is online

Users browsing this forum: No registered users and 6 guests