Title: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: WilliamY on August 16, 2011, 05:42:00 PM HI,
Since I'm a newbie, and not sure how to make these 2 tools work together, so I'm testing: 1) your App server with StreamSec 2.1, but I got 'The connection is untrusted' message from the Browser, I then used TLSDemoCert to create new cer and pix file, to use them instead, but still got the same message, Is this something that you could help me to figure out or I should ask StreamSec for the help? 2) When I'm testing your RTCWebForumTLS project, and used the new created cer and pix from TLSDemoCert from StreamSec, I got 'Could not open server.pix, Either the file is damaged or not a valid PKCS#12 file or the password is incorrect', BTW, The password I used for creating the new cer and pix is 'abc'. Can you help? Regards, William Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: D.Tkalcec (RTC) on August 16, 2011, 05:49:18 PM As far as I know, for a Web Browser to see an encrypted connection as "trusted", you either need to manually add your SSL Certificate to your Web Browsers list of trusted certificates, or use SSL certificates created by entities trusted by the Web Browser (for example, buy them from VeriSign). Certificates you are creating with free tools are NOT trusted by WebBrowsers by default, but they can be used for communication between RTC Clients and Servers.
If you need more information, please contact the component vendor whose components you are using for SSL encryption (StreamSec?). Best Regards, Danijel Tkalcec Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: WilliamY on August 16, 2011, 06:04:52 PM Hi,
Thanks for the clarification. What if a web application/3rd party websites/softwares send a https URL to my app server? Regards, William Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: Henrick (StreamSec) on August 16, 2011, 06:37:00 PM #1. Danijel is correct, but it should be noted that you don't necessarily have to add the SSL server certificate itself to your browser certificate store, but rather the root CA certificate it chains to. In the case of the TLSDemoCert output, this would be the root.cer file. Either approach will work, and which one is best for you depends on if you want, or don't want, any other certificate you issue using the same root CA to also verify.
#2. The RTCWebForumTLS project uses a hard code PFX password. You find it in unit HTTP_Module_TLS, method THTTPS_Server.DataModuleCreate. SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('123456789012',12)); You may change it to SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('abc',3)); Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: WilliamY on August 16, 2011, 07:06:20 PM Hi, Henrick
#1. ..., but rather the root CA certificate it chains to. In the case of the TLSDemoCert output, this would be the root.cer file. Either approach will work, and which one is best for you depends on if you want, or don't want, any other certificate you issue using the same root CA to also verify. Could you please give me more details about this? I'm really a newbie to this. Are you saying to give the root.cer to the 3rd party web application/software venders? #2. The RTCWebForumTLS project uses a hard code PFX password. You find it in unit HTTP_Module_TLS, method THTTPS_Server.DataModuleCreate. SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('123456789012',12)); You may change it to SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('abc',3)); It worked like charm. BTW, Whats your CertMgr application for? Thanks, William Title: RTCWebForumTLS, not loading root.cer, why? Post by: WilliamY on August 17, 2011, 04:05:26 AM Hi,
Is there any reason for not loading root.cer when RTCWebForumTLS is running? I thought that for any SSL servers, the root.cer must be loaded? Correct me if I'm wrong. Thanks, William Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: D.Tkalcec (RTC) on August 17, 2011, 02:31:47 PM Please note that these forums are NOT monitored by 3rd-party component vendors. Henrick has replied to your last post because I've contacted him yesterday and asked him to check my response. If you have more questions about SSL/TLS encryption, please contact the encryption component vendor directly (StreamSec).
Best Regards, Danijel Tkalcec Title: Re: StreamSec 2.1 with RealThinClient: The connection is untrusted Post by: WilliamY on August 17, 2011, 04:18:41 PM Hi,
I don't see any response from Henrick regarding why not loading root.cer when RTCWebForumTLS is running. I will ask him directly. Thanks William |