Author Topic: Cloud Services over SSL / HTTPS (Read 10727 times)

TBowersox · « **on:** May 28, 2015, 05:57:53 am »

I'm trying to set up the Could Services over SSL, and keep running into a problem. I'm not 100% certain where I'm running into it. I know the service is running because access over unsecure HTTP (okay within the office) works. If I visit localhost:804 in a web browser, I get the "Sparx Systems Cloud Server" page.
However, I'm unable to get anything if I visit https://localhost:805
I've tried generating a server.pem using the instructions at http://dst.lbl.gov/~boverhof/openssl_certs.html, replacing the provided cacert.pem with the generated ca.pem
I'm running on a Windows 2012 server, with IIS 8 (don't think that is relevant, but it might be?). I have verified that port 805 is open.
Has anyone managed to get this to work and kept notes as to what you did?

Eve · « **Reply #1 on:** May 28, 2015, 09:10:55 am »

Have you looked at the log file to see what it says?

Dermot · « **Reply #2 on:** May 28, 2015, 03:17:24 pm »

What error message are you getting back?
Do you have a copy of the PDF instructions - if so, see the appendix on setting up the security.pem. Otherwise contact Support on the links at the bottom of this page.

TBowersox · « **Reply #3 on:** May 28, 2015, 11:48:22 pm »

Client side, I'm getting "Unable to connect to service: HTTP status: 500\nThe operation timed out"

Server side, I'm getting "[WARNING]: Unable to create secure server on port 805."

I must have missed the PDF instructions. I'll see if I can find those, and update if I'm still unable to make everything play nice.

Thanks!

Eve · « **Reply #4 on:** May 29, 2015, 09:09:31 am »

The reasons I can think of for "Unable to create secure server on port 805":

Missing/invalid server.pem. You need to create one yourself.
Missing/invalid cacert.pem. The install comes with one, it's needed but not really used.
Something else listening on that port.

TBowersox · « **Reply #5 on:** May 29, 2015, 11:58:42 pm »

Still running into problems getting the SSL to work. I know nothing else is listening on the port - restarting the service with the not-secure listening on port 805 works.
I reverted to the original cacert.pem file provided with the cloud installation.
It isn't a missing file because the logs will indicate when a file is missing.

I performed the following to generate the server.pem - do I need to follow a different procedure to generate it?

1) openssl req -out ca.pem -new -x509
2) openssl genrsa -out server.key 1024
3) openssl req -key server.key -new -out server.req
4) openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem
5) openssl genrsa -out client.key 1024
6) openssl req -key client.key -new -out client.req
7) openssl x509 -req -in client.req -CA CA.pem -CAkey privkey.pem

What is the PDF that Dermot referenced?

Thanks again,
Tom

Eve · « **Reply #6 on:** June 01, 2015, 09:38:41 am »

I'm going to guess that the issue is that server.pem only contains the certificate.

To confirm, open it in a text editor. You should see:
-----BEGIN CERTIFICATE-----
base64 content
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
base64 content
-----END RSA PRIVATE KEY-----

You can either manually paste it in, or run the following commands.

Code: [Select]

move server.pem server-public.pem
copy /b server-public.pem+server.key server.pem

Dermot · « **Reply #7 on:** June 01, 2015, 10:07:16 am »

As stated above, if you do not have a copy of the PDF please contact support via email.

TBowersox · « **Reply #8 on:** June 01, 2015, 11:41:43 pm »

Simon M:
Thanks! That did the trick.

Tom

Sparx Systems Forum

News: