Re: problems with SSL cert/SOLVED
I finally got the application to publish to the web using the new SSL certs. I had to do a couple things: (1) To test whether or not the encryption was causing an issue, I restored the last backup of the application and launched the restored, unencrypted app with the new certs (also made sure the cert files were unencrypted). It launched without the ‘Access denied’ error on the ‘key.pem’ file but I got an SSL protocol error in the browser. So… (2) I created a chained cert.pem file by pasting the intermediate certificate from DigiCert into the root certificate. Tada! The URL now resolves to the login page using the new cert.pem and key.pem files. I'll check in on it periodically to make sure all is well. Thank you Tim and John for your help! Rebecca Rebecca Bryant Williams becca...@gmail.com ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
Thank you for the response Timothy, but when I open the private key in a text editor it is the regular header, not the one indicating encryption. However, the folder containing the database files *is *encrypted. When I ran the routine to create the private and public keys and the CSR, I saved those files to a different folder. I'm wondering if that is causing the issue. Maybe they should have been saved into the folder where the database files reside (i.e., the encrypted folder). Rebecca On Thu, Jan 9, 2020 at 7:05 PM Timothy Penner wrote: > If I had to guess, its that the private key is encrypted and requires a > password. If that’s true you will need to remove the password first. > > Here is a reference for this, from digicert nonetheless: > https://knowledge.digicert.com/solution/SO5292.html > > -Tim > > > Timothy Penner > Senior Technical Services Engineer > > 4D Inc > 95 S. Market Street, Suite #240 > CA 95113 San Jose > United States > > Téléphone : +1-408-557-4600 > Standard : +1-408-557-4600 > Fax : +1-408-271-5080 > Email : tpen...@4d.com > Web : www.4d.com > > > > > > > -- Rebecca Bryant Williams becca...@gmail.com ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: problems with SSL cert
If I had to guess, its that the private key is encrypted and requires a password. If that’s true you will need to remove the password first. Here is a reference for this, from digicert nonetheless: https://knowledge.digicert.com/solution/SO5292.html -Tim ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
Thanks John. The permissions are the same except the old files have an additional group, "Authenticated users", that was not listed for the new files. We added that group for the new files but they are still not working. Maybe we should try removing all groups except "Authenticated users"... The old files are from Go Daddy and the new files are from DigiCert but I'm told that should not make a difference. Plus we have at least two other sites running fine with DigiCert certificates. Thanks again for the reply. -- Rebecca Bryant Williams becca...@gmail.com > > -- > > Message: 1 > Date: Thu, 9 Jan 2020 09:14:10 -0500 > From: Rebecca Bryant > To: 4d_tech@lists.4d.com > Subject: problems with SSL cert > Message-ID: > fvvs3degbckja06imy++knwmabga8-qge...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > I am having a problem getting a new SSL certificate to work. This web app > has been running successfully with SSL for several years. The current cert > expires in a few days so I used GENERATE ENCRYPTION KEYPAIR and GENERATE > CERTIFICATE REQUEST to generate a private key, public key, and certificate > request. The request was submitted to DigiCert (by a tech support > co-worker). The resulting file was renamed 'cert.pem' and the private key > was renamed 'key.pem' and placed in the folder with the structure. When I > try to start the app I get an error on the first line of the startup > routine; it lists the 'key.pem' file with the error 'Access denied'. I have > done all of this successfully before so I am stumped as to what is causing > the failure this time. The app works fine if I replace the new cert.pem and > key.pem files with the old ones (from Go Daddy). The app is running via 4D > Server 16R5 on Windows Server 2016. Normally it runs as a service via > FireDaemon. I have several other apps running with the same configuration > and with SSL certs that were generated the same way. > > Any ideas what the problem might be? Any help would be greatly appreciated. > > Thank you and Happy New Year to all, > Rebecca Bryant Williams > becca...@gmail.com > > > -- > Message: 3 > Date: Thu, 9 Jan 2020 08:46:53 -0600 > From: John DeSoi > To: 4D iNug Technical <4d_tech@lists.4d.com> > Subject: Re: problems with SSL cert > Message-ID: <2f4f5618-6c73-4455-9222-ff8c2ced3...@pgedit.com> > Content-Type: text/plain; charset=us-ascii > > > > On Jan 9, 2020, at 8:14 AM, Rebecca Bryant via 4D_Tech < > 4d_tech@lists.4d.com> wrote: > > > > When I > > try to start the app I get an error on the first line of the startup > > routine; it lists the 'key.pem' file with the error 'Access denied'. > > Compare the file permissions on the old key to the new key and make sure > they are the same. Not sure about Windows, but with Linux things sometimes > fail if file access is too permissive. Keys should generally be user only > access but maybe that is not the case here to run as a service. > > John DeSoi, Ph.D. > ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
This is something that will be needed for an upcoming project. I'm thinking more and more to outsource this part to leave me concentrating on the rest. Let me know if you would be interested in doing this. It does not look like a huge job but there are other specs I'd need to be implemented. Please contact me directly at j...@infobase.biz to let me know if you are interested. Thanks - Jim Labos - infobase -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
Ok that's a start if using WEB GET BODY PART will get the "chunks" and I can then reconstruct the file (I am assuming that is how it works). I'll b echeking for libraries that will allow me to implemnt chuncked uploads. Thanks for your acknowledgement that you have had success doing this. 4D Tech mailing list wrote > I'm not sure if I understand your environment in which you would do that > file upload. As I mentioned before, I did some little testing with chunked > uploads using a web browser as a client and there a javascript library. At > the server side I use WEB GET BODY PART in conjunction with WEB Get body > part count. I was able to upload file up to 4 GB. > > It looks really simple: > > For ($index;1;WEB Get body part count) > > WEB GET BODY PART($index;$MimeBody;$name;$mimeType;$filename) > > // do something with the chunk received in $MimeBody > > End for > > If you use another client than a web browser you have to mimic the > appropriate request. Using 4D as a client shouldn't be a problem. Simply > use HTTP Request and build appropriate headers and body. > > Regards > Lutz > > > > > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto: > 4D_Tech-Unsubscribe@.4D > ** - Jim Labos - infobase -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
Thanks for link John. I'll give it a look. I knew it needed more than HTML on the browser's side just wasn't sure if 4D was then able to receive the chunks. Cheers 4D Tech mailing list wrote > This is what I was trying to get at a few messages ago. Maybe WEB GET BODY > PART does support chunked encoding, but that is irrelevant if the client > side does not support it. As best I can tell from Jim's description is he > is using a standard HTML multipart form with a file input. Javascript is > not involved, so having this work depends on the browser's support for > switching to chunked encoding. I don't know if web browsers directly > support it or if there is some magic you can add to the form to request > it. If not, there seem to be plenty of Javascript libraries that can do > it. So then the task becomes redoing the form with the Javascript library > instead of relying on the standard HTML form implementation. > > I found this Javascript example, which looks simple to implement. > > https://gist.github.com/shiawuen/1534477 > > > John DeSoi, Ph.D. > > >> On Jan 9, 2020, at 3:38 AM, Epperlein, Lutz (agendo) via 4D_Tech < > 4d_tech@.4d >> wrote: >> >> I'm not sure if I understand your environment in which you would do that >> file upload. As I mentioned before, I did some little testing with >> chunked uploads using a web browser as a client and there a javascript >> library. At the server side I use WEB GET BODY PART in conjunction with >> WEB Get body part count. I was able to upload file up to 4 GB. >> >> It looks really simple: >> >> For ($index;1;WEB Get body part count) >> >> WEB GET BODY PART($index;$MimeBody;$name;$mimeType;$filename) >> >> // do something with the chunk received in $MimeBody >> >> End for >> >> If you use another client than a web browser you have to mimic the >> appropriate request. Using 4D as a client shouldn't be a problem. Simply >> use HTTP Request and build appropriate headers and body. > > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto: > 4D_Tech-Unsubscribe@.4D > ** - Jim Labos - infobase -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: HTTP Upload file size too low
Hi, S3 is using HTTP to do large upload. I have uploaded files over 6 Gb. 1. call mpUploadInitiate (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) you will get an multipartUploadId (a unique id, could be a uuid if you create your api) 2. Then send the parts (minimal size 5 Mb for S3), specifying the part number (sequence of the part) and the multipartUploadId. For each part, you will get an "etag" in the response headers (the tag is a sort of hash, it is standardized) 3. When the upload is complete (all parts have been send successfully), you call the api to with the multipartUploadId and the list of part numbers and etags. Then S3 rebuilds the file for you... I haven't coded the amazon S3 server side in 4D (of course), but i did implement the client side api and it gives a good idea on how to do it ;-). Bruno LEGAY A Consulting ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
> On Jan 9, 2020, at 8:14 AM, Rebecca Bryant via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > When I > try to start the app I get an error on the first line of the startup > routine; it lists the 'key.pem' file with the error 'Access denied'. Compare the file permissions on the old key to the new key and make sure they are the same. Not sure about Windows, but with Linux things sometimes fail if file access is too permissive. Keys should generally be user only access but maybe that is not the case here to run as a service. John DeSoi, Ph.D. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
> I wish. However as someone else pointed out some IT departments will not > allow FTP. Chuck, FTP is not secure and is prohibited for data that needs to be secure. Back in the day when Mac had servers they removed from the FTP server, my guess is that it was for this reason. Do NOT use FTP unless the data is public. SFTP is acceptable for sensitive date. Neil ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
problems with SSL cert
I am having a problem getting a new SSL certificate to work. This web app has been running successfully with SSL for several years. The current cert expires in a few days so I used GENERATE ENCRYPTION KEYPAIR and GENERATE CERTIFICATE REQUEST to generate a private key, public key, and certificate request. The request was submitted to DigiCert (by a tech support co-worker). The resulting file was renamed 'cert.pem' and the private key was renamed 'key.pem' and placed in the folder with the structure. When I try to start the app I get an error on the first line of the startup routine; it lists the 'key.pem' file with the error 'Access denied'. I have done all of this successfully before so I am stumped as to what is causing the failure this time. The app works fine if I replace the new cert.pem and key.pem files with the old ones (from Go Daddy). The app is running via 4D Server 16R5 on Windows Server 2016. Normally it runs as a service via FireDaemon. I have several other apps running with the same configuration and with SSL certs that were generated the same way. Any ideas what the problem might be? Any help would be greatly appreciated. Thank you and Happy New Year to all, Rebecca Bryant Williams becca...@gmail.com ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
This is what I was trying to get at a few messages ago. Maybe WEB GET BODY PART does support chunked encoding, but that is irrelevant if the client side does not support it. As best I can tell from Jim's description is he is using a standard HTML multipart form with a file input. Javascript is not involved, so having this work depends on the browser's support for switching to chunked encoding. I don't know if web browsers directly support it or if there is some magic you can add to the form to request it. If not, there seem to be plenty of Javascript libraries that can do it. So then the task becomes redoing the form with the Javascript library instead of relying on the standard HTML form implementation. I found this Javascript example, which looks simple to implement. https://gist.github.com/shiawuen/1534477 John DeSoi, Ph.D. > On Jan 9, 2020, at 3:38 AM, Epperlein, Lutz (agendo) via 4D_Tech > <4d_tech@lists.4d.com> wrote: > > I'm not sure if I understand your environment in which you would do that file > upload. As I mentioned before, I did some little testing with chunked uploads > using a web browser as a client and there a javascript library. At the server > side I use WEB GET BODY PART in conjunction with WEB Get body part count. I > was able to upload file up to 4 GB. > > It looks really simple: > > For ($index;1;WEB Get body part count) > > WEB GET BODY PART($index;$MimeBody;$name;$mimeType;$filename) > > // do something with the chunk received in $MimeBody > > End for > > If you use another client than a web browser you have to mimic the > appropriate request. Using 4D as a client shouldn't be a problem. Simply use > HTTP Request and build appropriate headers and body. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: HTTP Upload file size too low
I'm not sure if I understand your environment in which you would do that file upload. As I mentioned before, I did some little testing with chunked uploads using a web browser as a client and there a javascript library. At the server side I use WEB GET BODY PART in conjunction with WEB Get body part count. I was able to upload file up to 4 GB. It looks really simple: For ($index;1;WEB Get body part count) WEB GET BODY PART($index;$MimeBody;$name;$mimeType;$filename) // do something with the chunk received in $MimeBody End for If you use another client than a web browser you have to mimic the appropriate request. Using 4D as a client shouldn't be a problem. Simply use HTTP Request and build appropriate headers and body. Regards Lutz ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **