RTC Forums
November 24, 2024, 11:55:24 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: StreamSec 2.1 with RealThinClient: The connection is untrusted  (Read 7515 times)
WilliamY
RTC License++
*****
Posts: 23


« on: August 16, 2011, 05:42:00 PM »

HI,

Since I'm a newbie, and not sure how to make these 2 tools work together, so I'm testing:

1) your App server with StreamSec 2.1, but I got 'The connection is untrusted' message from the Browser,  I then used TLSDemoCert to create new cer and pix file, to use them instead, but still got the same message, Is this something that you could help me to figure out or I should ask StreamSec for the help?

2) When I'm testing your RTCWebForumTLS project, and used the new created cer and pix from TLSDemoCert from StreamSec, I got 'Could not open server.pix, Either the file is damaged or not a valid PKCS#12 file or the password is incorrect',  BTW, The password I used for creating the new cer and pix is 'abc'.  Can you help?

Regards,

William
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #1 on: August 16, 2011, 05:49:18 PM »

As far as I know, for a Web Browser to see an encrypted connection as "trusted", you either need to manually add your SSL Certificate to your Web Browsers list of trusted certificates, or use SSL certificates created by entities trusted by the Web Browser (for example, buy them from VeriSign). Certificates you are creating with free tools are NOT trusted by WebBrowsers by default, but they can be used for communication between RTC Clients and Servers.

If you need more information, please contact the component vendor whose components you are using for SSL encryption (StreamSec?).

Best Regards,
Danijel Tkalcec
Logged
WilliamY
RTC License++
*****
Posts: 23


« Reply #2 on: August 16, 2011, 06:04:52 PM »

Hi,

Thanks for the clarification. What if a web application/3rd party websites/softwares send a https URL to my app server?

Regards,

William
Logged
Henrick (StreamSec)
RTC Partner
*****
Posts: 32


« Reply #3 on: August 16, 2011, 06:37:00 PM »

#1. Danijel is correct, but it should be noted that you don't necessarily have to add the SSL server certificate itself to your browser certificate store, but rather the root CA certificate it chains to. In the case of the TLSDemoCert output, this would be the root.cer file. Either approach will work, and which one is best for you depends on if you want, or don't want, any other certificate you issue using the same root CA to also verify.

#2. The RTCWebForumTLS project uses a hard code PFX password. You find it in unit HTTP_Module_TLS, method THTTPS_Server.DataModuleCreate.

  SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('123456789012',12));

You may change it to

  SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('abc',3));
Logged
WilliamY
RTC License++
*****
Posts: 23


« Reply #4 on: August 16, 2011, 07:06:20 PM »

Hi, Henrick

#1. ..., but rather the root CA certificate it chains to. In the case of the TLSDemoCert output, this would be the root.cer file. Either approach will work, and which one is best for you depends on if you want, or don't want, any other certificate you issue using the same root CA to also verify.

Could you please give me more details about this? I'm really a newbie to this. Are you saying to give the root.cer to the 3rd party web application/software venders?


#2. The RTCWebForumTLS project uses a hard code PFX password. You find it in unit HTTP_Module_TLS, method THTTPS_Server.DataModuleCreate.

  SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('123456789012',12));

You may change it to

  SimpleTLSInternalServer1.ImportFromPFX('Server.pfx',TSecretKey.CreateBMPStr('abc',3));


It worked like charm. BTW, Whats your CertMgr application for?

Thanks,

William
Logged
WilliamY
RTC License++
*****
Posts: 23


« Reply #5 on: August 17, 2011, 04:05:26 AM »

Hi,

Is there any reason for not loading root.cer when RTCWebForumTLS is running?  I thought that for any SSL servers, the root.cer must be loaded?  Correct me if I'm wrong.

Thanks,

William
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #6 on: August 17, 2011, 02:31:47 PM »

Please note that these forums are NOT monitored by 3rd-party component vendors. Henrick has replied to your last post because I've contacted him yesterday and asked him to check my response. If you have more questions about SSL/TLS encryption, please contact the encryption component vendor directly (StreamSec).

Best Regards,
Danijel Tkalcec
Logged
WilliamY
RTC License++
*****
Posts: 23


« Reply #7 on: August 17, 2011, 04:18:41 PM »

Hi,

I don't see any response from Henrick regarding why not loading root.cer when RTCWebForumTLS is running. I will ask him directly.

Thanks

William
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.027 seconds with 17 queries.