Sparx Systems Forum
Enterprise Architect => Automation Interface, Add-Ins and Tools => Topic started by: TBowersox on May 28, 2015, 05:57:53 am
-
I'm trying to set up the Could Services over SSL, and keep running into a problem. I'm not 100% certain where I'm running into it. I know the service is running because access over unsecure HTTP (okay within the office) works. If I visit localhost:804 in a web browser, I get the "Sparx Systems Cloud Server" page.
However, I'm unable to get anything if I visit https://localhost:805
I've tried generating a server.pem using the instructions at http://dst.lbl.gov/~boverhof/openssl_certs.html, replacing the provided cacert.pem with the generated ca.pem
I'm running on a Windows 2012 server, with IIS 8 (don't think that is relevant, but it might be?). I have verified that port 805 is open.
Has anyone managed to get this to work and kept notes as to what you did?
-
Have you looked at the log file to see what it says?
-
What error message are you getting back?
Do you have a copy of the PDF instructions - if so, see the appendix on setting up the security.pem. Otherwise contact Support on the links at the bottom of this page.
-
Client side, I'm getting "Unable to connect to service: HTTP status: 500\nThe operation timed out"
Server side, I'm getting "[WARNING]: Unable to create secure server on port 805."
I must have missed the PDF instructions. I'll see if I can find those, and update if I'm still unable to make everything play nice.
Thanks!
-
The reasons I can think of for "Unable to create secure server on port 805":
- Missing/invalid server.pem. You need to create one yourself.
- Missing/invalid cacert.pem. The install comes with one, it's needed but not really used.
- Something else listening on that port.
-
Still running into problems getting the SSL to work. I know nothing else is listening on the port - restarting the service with the not-secure listening on port 805 works.
I reverted to the original cacert.pem file provided with the cloud installation.
It isn't a missing file because the logs will indicate when a file is missing.
I performed the following to generate the server.pem - do I need to follow a different procedure to generate it?
1) openssl req -out ca.pem -new -x509
2) openssl genrsa -out server.key 1024
3) openssl req -key server.key -new -out server.req
4) openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem
5) openssl genrsa -out client.key 1024
6) openssl req -key client.key -new -out client.req
7) openssl x509 -req -in client.req -CA CA.pem -CAkey privkey.pem
What is the PDF that Dermot referenced?
Thanks again,
Tom
-
I'm going to guess that the issue is that server.pem only contains the certificate.
To confirm, open it in a text editor. You should see:
-----BEGIN CERTIFICATE-----
base64 content
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
base64 content
-----END RSA PRIVATE KEY-----
You can either manually paste it in, or run the following commands.
move server.pem server-public.pem
copy /b server-public.pem+server.key server.pem
-
As stated above, if you do not have a copy of the PDF please contact support via email.
-
Simon M:
Thanks! That did the trick.
Tom