Skip,
I agree with everyone else that Let's Encrypt is a great source for free
SSL certificates, but we're not really answering your question.
You should be able to follow the Production Setup Guide and generate a
CSR, then use OpenSSL to generate a self-signed certificate in PKCS#7
format, e.g. follow
http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
to get a self-signed cert, and
https://myonlineusb.wordpress.com/2011/06/19/how-to-convert-certificates-between-pem-der-p7bpkcs7-pfxpkcs12/
to convert to PKCS7. Then you can finish up with the steps using
keytool from the guide.
If you choose to spend the time setting up certbot or one of the other
Let's Encrypt clients (I use getssl: https://github.com/srvrco/getssl)
then you skip the CSR generation step and start with the key file the
client generates and the certificate it gets from Let's Encrypt (once
you've gotten the validation working).
I hope that helps.
Richard Siddall
Skip wrote:
For my development machine as well as other users in the local intranet, I
am using the default SSL certificate that comes with ofbiz. However, this
cert is not accepted by IE 11 (giving the very helpful error message "This
page can't be displayed". Firefox reports that the certificate "was signed
using a certificate algorithm that was disabled...".
I can and have made modifications to Firefox and Chrome to accept this
certificate and that is all good.
However, I am writing a Windows Win32 application that queries an ofbiz
https URL and gets json data. I am getting the same error with this
application (works fine with http instead of https) that I get with IE11. I
have to use Win32 APIs because this app is running on a really low power box
that requires some windows services, so I can't use Linux.
I can make this app work by running the request through an apache server and
using ajp to the ofbiz server where the apache server has a good signed
certificate, so I am sure the ofbiz URL is working just fine.
I have tried the advise here:
https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of
biz+self+cert
The above ant script generates a cert file that doesnt work at all with
Firefox or IE.
This link:
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro
duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS
etup
describes a production setup. However, I am interested in multiple dev
machine setups and I don't want to wait on a real certificate authority.
So, can anyone tell me how to generate a self signed certificate and install
it on ofbiz that will be accepted by IE11? A real certificate is $100 and
weeks of work.
All I care about is getting IE11 to connect on localhost to ofbiz using
https.
Thanks in advance.
Skip
