Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-14 Thread ROQUES Guillaume 
OK, I asked to my customer if he could convert his p7b'scertificate to a 
PEM with the private key included and he accepted : now it WORKS FINE !! ^_^


Thanks to all of you, it helps me to understand these formats by the way ;)

Guillaume ROQUES

Le 20:59, Fastream Technologies a écrit :

Private keys are created during CSR (Certificate Signing Request) creation.
He who ordered the cert should have it.
Best Regards,

Subzero
On Fri, Oct 7, 2011 at 17:43, ROQUES Guillaume
wrote:


So as my customer bought a wildcard certificate, it must include a private
key or do I need to generate one ?

Actually, the problem comes from me or the customer ?


Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :


ROQUES Guillaume wrote:

  And ICS logger says :

15:57:49:896 InitCtx>   OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_**PrivateKey_file:PEM lib


So I checked MyCertificate.pem and I've got 3 blocks :


Without a private key it doesn't work. InitContext raises an exeption
in such case.

The private key has to be converted to PEM format as well, preferably
to a separate PEM file in your case and property SslPrivKeyFile should
point to it.

BTW: If you would not eat exceptions you would have got that error
message sooner and easier.

  --

To unsubscribe or change your settings for TWSocket mailing list
please goto 
http://lists.elists.org/cgi-**bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-10 Thread ROQUES Guillaume 

OK, thanks to all of you.
I'm going to ask it from my customer and find a command line to convert 
p7b with the private key.


Gratefully (at the end ;),

Guillaume ROQUES

Le 20:59, Fastream Technologies a écrit :

Private keys are created during CSR (Certificate Signing Request) creation.
He who ordered the cert should have it.
Best Regards,

Subzero
On Fri, Oct 7, 2011 at 17:43, ROQUES Guillaume
wrote:


So as my customer bought a wildcard certificate, it must include a private
key or do I need to generate one ?

Actually, the problem comes from me or the customer ?


Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :


ROQUES Guillaume wrote:

  And ICS logger says :

15:57:49:896 InitCtx>   OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_**PrivateKey_file:PEM lib


So I checked MyCertificate.pem and I've got 3 blocks :


Without a private key it doesn't work. InitContext raises an exeption
in such case.

The private key has to be converted to PEM format as well, preferably
to a separate PEM file in your case and property SslPrivKeyFile should
point to it.

BTW: If you would not eat exceptions you would have got that error
message sooner and easier.

  --

To unsubscribe or change your settings for TWSocket mailing list
please goto 
http://lists.elists.org/cgi-**bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-08 Thread Arno Garrels 
> Hi Arno,

Hi Paul,

> We also have problems with the new certificates.

What problem exactly?

-- 
Arno Garrels


> Converted to .pem format, it contains only a private key and a single
> certificate section.
> It only works using an ISA server processing the SSL...
> 
> Paul
> 
> 
> 
> 
> - Original Message -
> From: "Arno Garrels" 
> To: "ICS support mailing" 
> Sent: Thursday, October 06, 2011 4:53 PM
> Subject: Re: [twsocket] HTTP SSL Server vs p7b certificate's format
> 
> 
>> ROQUES Guillaume wrote:
>>> And ICS logger says :
>>>> 15:57:49:896 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
>>>> 15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
>>>> error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
>> 
>>> So I checked MyCertificate.pem and I've got 3 blocks :
>> 
>> Without a private key it doesn't work. InitContext raises an exeption
>> in such case.
>> 
>> The private key has to be converted to PEM format as well, preferably
>> to a separate PEM file in your case and property SslPrivKeyFile
>> should point to it.
>> 
>> BTW: If you would not eat exceptions you would have got that error
>> message sooner and easier.
>> 
>> --
>> Arno Garrels
>> --
>> To unsubscribe or change your settings for TWSocket mailing list
>> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
>> Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-07 Thread Fastream Technologies 
Private keys are created during CSR (Certificate Signing Request) creation.
He who ordered the cert should have it.
Best Regards,

Subzero
On Fri, Oct 7, 2011 at 17:43, ROQUES Guillaume
wrote:

> So as my customer bought a wildcard certificate, it must include a private
> key or do I need to generate one ?
>
> Actually, the problem comes from me or the customer ?
>
>
> Gratefully,
>
> Guillaume ROQUES
> 
>
> Le 20:59, Arno Garrels a écrit :
>
>> ROQUES Guillaume wrote:
>>
>>  And ICS logger says :
>>>
 15:57:49:896 InitCtx>  OpenSSL version: OpenSSL 0.9.8h 28 May 2008
 15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
 error:140B0009:SSL routines:SSL_CTX_use_**PrivateKey_file:PEM lib

>>> So I checked MyCertificate.pem and I've got 3 blocks :
>>>
>> Without a private key it doesn't work. InitContext raises an exeption
>> in such case.
>>
>> The private key has to be converted to PEM format as well, preferably
>> to a separate PEM file in your case and property SslPrivKeyFile should
>> point to it.
>>
>> BTW: If you would not eat exceptions you would have got that error
>> message sooner and easier.
>>
>>  --
>
> To unsubscribe or change your settings for TWSocket mailing list
> please goto 
> http://lists.elists.org/cgi-**bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-07 Thread Arno Garrels 
ROQUES Guillaume wrote:
> So as my customer bought a wildcard certificate, it must include a
> private key or do I need to generate one ?

When you order a certificate the private key is generated locally by a
browser plugin, JAVA or ActiveX, it's true private and not even the
certificate issuer knows it.
Where the private key can be found depends on the OS and/or browser
used for the order. The matching private key for that certificate has
to be exported whether it's stored in a file or in the system.
When you export a certificate on windows you are asked whether or not
the private key should be exported as well if any is accociated with
the certificate, but only if is was installed as exportable, otherwise
there's no way to get it out of the system again.

> 
> Actually, the problem comes from me or the customer ?

I don't know? If you don't have the matching private key for that
certificate it's useless.

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-07 Thread ROQUES Guillaume 
So as my customer bought a wildcard certificate, it must include a 
private key or do I need to generate one ?


Actually, the problem comes from me or the customer ?

Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

And ICS logger says :

15:57:49:896 InitCtx>  OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

So I checked MyCertificate.pem and I've got 3 blocks :

Without a private key it doesn't work. InitContext raises an exeption
in such case.

The private key has to be converted to PEM format as well, preferably
to a separate PEM file in your case and property SslPrivKeyFile should
point to it.

BTW: If you would not eat exceptions you would have got that error
message sooner and easier.


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-06 Thread Paul 

Hi Arno,

We also have problems with the new certificates.
Converted to .pem format, it contains only a private key and a single 
certificate section.

It only works using an ISA server processing the SSL...

Paul




- Original Message - 
From: "Arno Garrels" 

To: "ICS support mailing" 
Sent: Thursday, October 06, 2011 4:53 PM
Subject: Re: [twsocket] HTTP SSL Server vs p7b certificate's format



ROQUES Guillaume wrote:

And ICS logger says :

15:57:49:896 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib



So I checked MyCertificate.pem and I've got 3 blocks :


Without a private key it doesn't work. InitContext raises an exeption
in such case.

The private key has to be converted to PEM format as well, preferably
to a separate PEM file in your case and property SslPrivKeyFile should
point to it.

BTW: If you would not eat exceptions you would have got that error
message sooner and easier.

--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be 


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-06 Thread Arno Garrels 
ROQUES Guillaume wrote:
> And ICS logger says :
>> 15:57:49:896 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
>> 15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
>> error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

> So I checked MyCertificate.pem and I've got 3 blocks :

Without a private key it doesn't work. InitContext raises an exeption
in such case. 

The private key has to be converted to PEM format as well, preferably
to a separate PEM file in your case and property SslPrivKeyFile should
point to it.

BTW: If you would not eat exceptions you would have got that error
message sooner and easier.

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-06 Thread ROQUES Guillaume 

I tried mycertificate with the OverbyteIcsSslWebServ demo :

 * httpserver responding
 * sslhttpserver not responding
 * sslhandshake failed

_
Configuration :_

 * Write to log file : ON
 * Display header : ON
 * Display SSL info : ON
 * ICS logger.logoptions := [loSslErr,loSslInfo,loSslDump];

If anything help to understand..

Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

   What client is connecting
when that error happens?

IE 7 to 9 or Firefox
But none ask to add certificate, both say that the site is
unreachablesounds weird I know T_T

Have you tried newer OpenSSL libraries?
http://wiki.overbyte.be/wiki/index.php/ICS_Download

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-06 Thread ROQUES Guillaume 

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.

So I tried a few things with ICS logger ON, but no answers.

First Delphi code to intialize TSSLContext :

with MySslContext do
begin
SslCertFile:= APath + 'MyCertificate.pem';
SslPassPhrase := '';
SslPrivKeyFile := APath + 'MyCertificate.pem';
SslCAFile := APath + 'MyCertificate.pem';
SslCAPath := APath;
SslVerifyPeer := False;
end;

And ICS logger says :

15:57:49:896 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008
15:57:49:897 error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

So I checked MyCertificate.pem and I've got 3 blocks :

subject=/C=FR/OU=Domain Control Validated/CN=*.mydomain.fr
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-

subject=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
issuer=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-

subject=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
issuer=/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-BEGIN CERTIFICATE-
[...]
-END CERTIFICATE-


Then I changed my Delphi code to :

with TWSslContext do
begin
SslCertFile:= APath + 'CanyonCA.pem';
SslPassPhrase := '';
//SslPrivKeyFile := APath + 'CanyonCA.pem';
SslCAFile := APath + 'CanyonCA.pem';
SslCAPath := APath;
SslVerifyPeer := False;
end;

And ICS logger says :

15:59:00:703 InitCtx> OpenSSL version: OpenSSL 0.9.8h 28 May 2008


In my self generated certificate, I'd got a RSA Priv key included, but 
none here. Did I configure my SSLcontext in the right way ?


Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

   What client is connecting
when that error happens?

IE 7 to 9 or Firefox
But none ask to add certificate, both say that the site is
unreachablesounds weird I know T_T

Have you tried newer OpenSSL libraries?
http://wiki.overbyte.be/wiki/index.php/ICS_Download

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-05 Thread Arno Garrels 
ROQUES Guillaume wrote:
>>   What client is connecting
>> when that error happens?
> IE 7 to 9 or Firefox
> But none ask to add certificate, both say that the site is
> unreachablesounds weird I know T_T

Have you tried newer OpenSSL libraries?
http://wiki.overbyte.be/wiki/index.php/ICS_Download

If that doesn't help, use a TIcsLogger to get a full debug log
and send that to me if you don't find the error yourself.

-- 
Arno Garrels


> 
> Cordialement,
> 
> Guillaume ROQUES
> 
> 
> Le 20:59, Arno Garrels a écrit :
>> ROQUES Guillaume wrote:
 Do you ask for how to get a ICS TSslHttpServer working with a
 bought server certificate?
>>> Yes, and if I need to convert p7b's certificate or not ?
 Open the MyCertificate.pem in a text editor that understands UNIX
 line breaks. Does MyCertificate.pem include multiple certificates?
 With a bought commercial certificate there should be at least 2
 certificates included in MyCertificate.pem.
 Make sure that the order of these certificates is correct.
 First has to be the server certificate followed by possible
 intermediate certificates followed by the root CA certificate.
>>> That's right, I found 3 certificates : 1 for the domain name
>>> *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for
>>> GlobalSign root CA.
>> So that looks correct, the handshake error may happen due to the
>> client closes the connection, so I ask again: What client is
>> connecting when that error happens? Common browsers should have the
>> GlobalSign root CA in there trusted certificate store, TSslHttpCli
>> clients not (by default).
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-05 Thread ROQUES Guillaume 

  What client is connecting
when that error happens?

IE 7 to 9 or Firefox
But none ask to add certificate, both say that the site is 
unreachablesounds weird I know T_T


Cordialement,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?

Yes, and if I need to convert p7b's certificate or not ?

Open the MyCertificate.pem in a text editor that understands UNIX
line breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2
certificates included in MyCertificate.pem.
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible
intermediate certificates followed by the root CA certificate.

That's right, I found 3 certificates : 1 for the domain name
*.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for
GlobalSign root CA.

So that looks correct, the handshake error may happen due to the
client closes the connection, so I ask again: What client is connecting
when that error happens? Common browsers should have the GlobalSign root
CA in there trusted certificate store, TSslHttpCli clients not
(by default).


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-05 Thread Arno Garrels 
ROQUES Guillaume wrote:
>> Do you ask for how to get a ICS TSslHttpServer working with a bought
>> server certificate?
> Yes, and if I need to convert p7b's certificate or not ?
>> Open the MyCertificate.pem in a text editor that understands UNIX
>> line breaks. Does MyCertificate.pem include multiple certificates?
>> With a bought commercial certificate there should be at least 2
>> certificates included in MyCertificate.pem.
>> Make sure that the order of these certificates is correct.
>> First has to be the server certificate followed by possible
>> intermediate certificates followed by the root CA certificate.

> That's right, I found 3 certificates : 1 for the domain name
> *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for
> GlobalSign root CA.

So that looks correct, the handshake error may happen due to the
client closes the connection, so I ask again: What client is connecting
when that error happens? Common browsers should have the GlobalSign root
CA in there trusted certificate store, TSslHttpCli clients not 
(by default).

-- 
Arno Garrels  

> 
> Gratefully,
> 
> Guillaume ROQUES
> 
> 
> Le 20:59, Arno Garrels a écrit :
>> ROQUES Guillaume wrote:
 That's confusing description. Did he buy a SSL server certificate
 in order to access your server? Or are you talking about client
 certificates?
>> 
>>> The customer already have a SSL certificate on his domain, so he
>>> want that my HttpServer use SSL with this certificate.
>> Do you ask for how to get a ICS TSslHttpServer working with a bought
>> server certificate?
>> 
 Please provide more details about how you setup the component to
 use your the certificates. What HTTP client application is used?
>>> Here is my initialization :
 interface
 [...]
 
  TMyService =lass(TService)
  SslHttpServer: TSslHttpServer;
  TWSslAvlSessionCache: TSslAvlSessionCache;
  TWSslContext: TSslContext;
  [...]
  end;
 
 implementation
 [...]
 
 procedure TMyService.ServiceStart(Sender: TService; var Started:
 Boolean); begin
  [...]
 
  SslCertFile :=Path + 'MyCertificate.pem';
  SslPassPhrase :=';
  SslPrivKeyFile :=Path + 'MyCertificate.pem';
  SslCAFile :=Path + 'MyCertificate.pem';
  SslCAPath :=Path;
  SslVerifyPeer :=alse;
 
  // Pre-loads OpenSSL DLL's
  TWSslContext.InitContext;
  DoLog('OpenSslVersion : ' + OpenSslVersion);
  DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn
  + #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir);
  SslHttpServer.Start;
 end;
>> 
>> Open the MyCertificate.pem in a text editor that understands UNIX
>> line breaks. Does MyCertificate.pem include multiple certificates?
>> With a bought commercial certificate there should be at least 2
>> certificates included in MyCertificate.pem.
>> Make sure that the order of these certificates is correct.
>> First has to be the server certificate followed by possible
>> intermediate certificates followed by the root CA certificate.
>> 
>> --
>> Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-04 Thread ROQUES Guillaume 

Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?

Yes, and if I need to convert p7b's certificate or not ?

Open the MyCertificate.pem in a text editor that understands UNIX line
breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2 certificates
included in MyCertificate.pem.
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible intermediate
certificates followed by the root CA certificate.
That's right, I found 3 certificates : 1 for the domain name 
*.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for 
GlobalSign root CA.


Gratefully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

That's confusing description. Did he buy a SSL server certificate in
order to access your server? Or are you talking about client
certificates?



The customer already have a SSL certificate on his domain, so he want
that my HttpServer use SSL with this certificate.

Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?


Please provide more details about how you setup the component to
use your the certificates. What HTTP client application is used?

Here is my initialization :

interface
[...]

 TMyService =lass(TService)
 SslHttpServer: TSslHttpServer;
 TWSslAvlSessionCache: TSslAvlSessionCache;
 TWSslContext: TSslContext;
 [...]
 end;

implementation
[...]

procedure TMyService.ServiceStart(Sender: TService; var Started:
Boolean); begin
 [...]

 SslCertFile :=Path + 'MyCertificate.pem';
 SslPassPhrase :=';
 SslPrivKeyFile :=Path + 'MyCertificate.pem';
 SslCAFile :=Path + 'MyCertificate.pem';
 SslCAPath :=Path;
 SslVerifyPeer :=alse;

 // Pre-loads OpenSSL DLL's
 TWSslContext.InitContext;
 DoLog('OpenSslVersion : ' + OpenSslVersion);
 DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn
 + #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir);
 SslHttpServer.Start;
end;


Open the MyCertificate.pem in a text editor that understands UNIX line
breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2 certificates
included in MyCertificate.pem.
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible intermediate
certificates followed by the root CA certificate.

--
Arno Garrels



--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-04 Thread Arno Garrels 
ROQUES Guillaume wrote:
>> That's confusing description. Did he buy a SSL server certificate in
>> order to access your server? Or are you talking about client
>> certificates?
 
> The customer already have a SSL certificate on his domain, so he want
> that my HttpServer use SSL with this certificate.

Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?

> 
>> Please provide more details about how you setup the component to
>> use your the certificates. What HTTP client application is used?
> Here is my initialization :
>> interface
>> [...]
>> 
>> TMyService = class(TService)
>> SslHttpServer: TSslHttpServer;
>> TWSslAvlSessionCache: TSslAvlSessionCache;
>> TWSslContext: TSslContext;
>> [...]
>> end;
>> 
>> implementation
>> [...]
>> 
>> procedure TMyService.ServiceStart(Sender: TService; var Started:
>> Boolean); begin
>> [...]
>> 
>> SslCertFile := APath + 'MyCertificate.pem';
>> SslPassPhrase := '';
>> SslPrivKeyFile := APath + 'MyCertificate.pem';
>> SslCAFile := APath + 'MyCertificate.pem';
>> SslCAPath := APath;
>> SslVerifyPeer := False;
>> 
>> // Pre-loads OpenSSL DLL's
>> TWSslContext.InitContext;
>> DoLog('OpenSslVersion : ' + OpenSslVersion);
>> DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn
>> + #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir);
>> SslHttpServer.Start;
>> end;
>
 
Open the MyCertificate.pem in a text editor that understands UNIX line
breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2 certificates
included in MyCertificate.pem. 
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible intermediate
certificates followed by the root CA certificate.

--
Arno Garrels

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-04 Thread ROQUES Guillaume 

That's confusing description. Did he buy a SSL server certificate in
order to access your server? Or are you talking about client certificates?
The customer already have a SSL certificate on his domain, so he want 
that my HttpServer use SSL with this certificate.



Please provide more details about how you setup the component to
use your the certificates. What HTTP client application is used?

Here is my initialization :

interface
[...]

TMyService = class(TService)
SslHttpServer: TSslHttpServer;
TWSslAvlSessionCache: TSslAvlSessionCache;
TWSslContext: TSslContext;
[...]
end;

implementation
[...]

procedure TMyService.ServiceStart(Sender: TService; var Started: Boolean);
begin
[...]

SslCertFile := APath + 'MyCertificate.pem';
SslPassPhrase := '';
SslPrivKeyFile := APath + 'MyCertificate.pem';
SslCAFile := APath + 'MyCertificate.pem';
SslCAPath := APath;
SslVerifyPeer := False;

// Pre-loads OpenSSL DLL's
TWSslContext.InitContext;
DoLog('OpenSslVersion : ' + OpenSslVersion);
DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn
+ #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir);
SslHttpServer.Start;
end;


GrateFully,

Guillaume ROQUES


Le 20:59, Arno Garrels a écrit :

ROQUES Guillaume wrote:

Hi everyone,

I use ICS HTTPServer via SSL and a Self-Signed certificate (It is OK
for an internal use). One of my customer had to access our Web server
from outside and bought a ceritificate to a Certificate Authority
(GlobalSign) in p7b format.

That's confusing description. Did he buy a SSL server certificate in
order to access your server? Or are you talking about client certificates?


Could you explain me if I have to convert this format into PEM format
OR is there a way to configure ICS server SSL to handle this kind of
format ?

Yes, you have to convert it to PEM format. p7b is a bundle format that
usually contains multiple certificates, that is the certificate chain
up to the root certificate in most cases.

I tried to convert this p7b format with openssl command line

:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem|

I don't know whether or not that command line is correct from top of my
head. However openssl is capable to convert p7b to PEM nicely.


But I got a "SslHandshake failed" from ICS HTTPserver..

Please provide more details about how you setup the component to
use your the certificates. What HTTP client application is used?


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Re: [twsocket] HTTP SSL Server vs p7b certificate's format

2011-10-03 Thread Arno Garrels 
ROQUES Guillaume wrote:
> Hi everyone,
> 
> I use ICS HTTPServer via SSL and a Self-Signed certificate (It is OK
> for an internal use). One of my customer had to access our Web server
> from outside and bought a ceritificate to a Certificate Authority
> (GlobalSign) in p7b format.

That's confusing description. Did he buy a SSL server certificate in 
order to access your server? Or are you talking about client certificates?

> Could you explain me if I have to convert this format into PEM format
> OR is there a way to configure ICS server SSL to handle this kind of
> format ? 

Yes, you have to convert it to PEM format. p7b is a bundle format that
usually contains multiple certificates, that is the certificate chain
up to the root certificate in most cases. 

I tried to convert this p7b format with openssl command line
> : 
>>> openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem|

I don't know whether or not that command line is correct from top of my
head. However openssl is capable to convert p7b to PEM nicely. 

> But I got a "SslHandshake failed" from ICS HTTPserver..

Please provide more details about how you setup the component to 
use your the certificates. What HTTP client application is used? 

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be