Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Stand Alone SSL - Need Help, will hire


This question is answered. Helpful answers available: 0. Correct answers available: 1.


Permlink Replies: 6 - Last Post: Oct 26, 2015 7:11 AM Last Post By: Kevin Morris
Kevin Morris

Posts: 52
Registered: 1/8/13
Stand Alone SSL - Need Help, will hire  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 8:53 AM
This is the part of IntraWeb that causes me grief every time I need to use it. My project progression is that I like to build my IntraWeb app as an SA first, get it entirely working including the SSL, then after about a month of pilot roll out, convert to ISAPI.DLL.

This requires that I deal with OpenSSL's miriad of versions, converting to .pem and all the pitfalls that go with it. Since I only do this about once a year, I have to update/upgrade everything. Of course, this time around, it's not working again.

Anyone out there want to help me out with this? If you can give me a way of contacting you. I'll pay for your time.
Dan Barclay

Posts: 889
Registered: 11/9/03
Re: Stand Alone SSL - Need Help, will hire
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 10:32 AM   in response to: Kevin Morris in response to: Kevin Morris
Kevin Morris wrote:
This is the part of IntraWeb that causes me grief every time I need to use it. My project progression is that I like to build my IntraWeb app as an SA first, get it entirely working including the SSL, then after about a month of pilot roll out, convert to ISAPI.DLL.

This requires that I deal with OpenSSL's miriad of versions, converting to .pem and all the pitfalls that go with it. Since I only do this about once a year, I have to update/upgrade everything. Of course, this time around, it's not working again.

Anyone out there want to help me out with this? If you can give me a way of contacting you. I'll pay for your time

I'm not conversant in this part of the task either. It would be nice if there were a "recipe" that we could follow by rote.

I'm sure it seems straightforward for those who understand it, but even the terminology is not something I'm up on. I've tried following guidance found in some google searches, but I get lost because I don't understand the subject matter well.

Thanks,
Dan

Edited by: Dan Barclay on Oct 23, 2015 12:32 PM
Kevin Morris

Posts: 52
Registered: 1/8/13
Re: Stand Alone SSL - Need Help, will hire  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 10:38 AM   in response to: Dan Barclay in response to: Dan Barclay
I'm not conversant in this part of the task either. It would be nice if there were a "recipe" that we could follow by rote.

I'm sure it seems straightforward for those who understand it, but even the terminology is not something I'm up on. I've tried following guidance found in some google searches, but I get lost because I don't understand the subject matter well.

Thanks,
Dan

Edited by: Dan Barclay on Oct 23, 2015 12:32 PM

Hi Dan,

Every time I get into trouble with this, I email the cert authority (Comodo usually) and ask them to take the 30 minutes or so, to include IntraWeb's needs into account, as an option in the "Web Server" type selection. Those guys are experts. IntraWeb's needs are very similar to Apache. But why should I have to muck around with renaming files and splitting/joining files... all of which have similar and slightly cryptic names (at least to those not in the SSL business).
Daniel Fields

Posts: 622
Registered: 11/29/04
Re: Stand Alone SSL - Need Help, will hire
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 11:24 AM   in response to: Kevin Morris in response to: Kevin Morris
I just completed this process two days ago. I have a Go Daddy certificate, but the process should be the same. Where are you held up in the process?
Kevin Morris

Posts: 52
Registered: 1/8/13
Re: Stand Alone SSL - Need Help, will hire  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 1:52 PM   in response to: Daniel Fields in response to: Daniel Fields
Dear Dan(s)

I think just being able to complain about it to you guys helped. Comodo was kind enough to give me a refund on my first attempt, so I tried again. Now more familiar with the naming conventions, I was able to successfully:

- Generate a CSR, with password, for the correct common name (domain name)
- Submit to Comodo, (got a 3 year this time) and select "Other" as the server type
- Simply rename the .key file generated by OpenSSL along with the CSR. to "key.pem"
- Rename the ".......Root.crt" file from Comodo to "root.pem"
- Rename the ".....<domain named file>.crt" to "cert.pem"

All the .pem files need to be in the same folder as the IntraWeb SA .exe

What was throwing me off was all the old instructions floating around that had me splitting and joining files and converting file types... all unnecessary.

My IntraWeb SA server is now alive and well. Thanks for being there for me in my time of need. :-)
Dan Barclay

Posts: 889
Registered: 11/9/03
Re: Stand Alone SSL - Need Help, will hire  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 23, 2015 4:24 PM   in response to: Kevin Morris in response to: Kevin Morris
Kevin Morris wrote:
Dear Dan(s)

I think just being able to complain about it to you guys helped. Comodo was kind enough to give me a refund on my first attempt, so I tried again. Now more familiar with the naming conventions, I was able to successfully:

- Generate a CSR, with password, for the correct common name (domain name)
- Submit to Comodo, (got a 3 year this time) and select "Other" as the server type
- Simply rename the .key file generated by OpenSSL along with the CSR. to "key.pem"
- Rename the ".......Root.crt" file from Comodo to "root.pem"
- Rename the ".....<domain named file>.crt" to "cert.pem"

All the .pem files need to be in the same folder as the IntraWeb SA .exe

What was throwing me off was all the old instructions floating around that had me splitting and joining files and converting file types... all unnecessary.

My IntraWeb SA server is now alive and well. Thanks for being there for me in my time of need. :-)

Glad to be of help! LOL

Dan (I am saving your comments for the next time I fool with it)
Kevin Morris

Posts: 52
Registered: 1/8/13
Re: Stand Alone SSL - Need Help, will hire  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Oct 26, 2015 7:11 AM   in response to: Dan Barclay in response to: Dan Barclay
First step in more detail: (Always use the latest OpenSSL version)

To generate a CSR using OpenSSL

openssl req -nodes -newkey rsa:2048 -keyout <desired_file_name>.key -out server.csr

Last step in more detail:
To generate the Bag attributes, which allow Java (on mobiles) to see the cert chain and accept the certificate:
This assumes you have renamed your .crt as cert.pem

openssl x509 -in cert.pem -subject -issuer -out certout.pem > bag.txt

Open the file bag.txt and copy the text to the top of the cert.pem, add the extra lines shown, and make it look like this:

Bag Attributes
friendlyName: <your desired friendly name>
localKeyID: 00 ed 19 12 er 1b ef 2f 37 5s ab 52 4u 2y eq f9 13
subject= /OU=Domain Control Validated/OU=COMODO SSL/CN=<your domain name>
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
...

The "localKeyID" is obtained by using Internet Explorer, Tools/Internet Options/ Content/ Certificates/ double click on your cert, look for the "Serial Number" field, copy the number shown.

Last step is to edit the Key file, then put part of the Bag Attributes at the start of the file, as shown :

Bag Attributes
friendlyName: JETLYT
localKeyID:00 ed 19 12 er 1b ef 2f 37 5s ab 52 4u 2y eq f9 13
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
...

This seems to work for me, on desktops and mobiles. Any better suggestions would be appreciated.
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02