Icon View Thread

The following is the text of the current message along with any replies.
Messages 11 to 16 of 16 total
Thread EWB server / SSL & PHP..
Tue, Mar 17 2015 9:55 AMPermanent Link

Matthew Jones

Raul wrote:

> For the duration of the testing i would suggest you add your
> self-signing CA to your browser/OS trusted CA list so you do not get
> prompted. This way you know it's not self-signed cert issues (and you
> can then remove it once it all works and if issue reappears you know
> what it is).
>
> The other suggestion is to use the use the debugging tools in the
> browser to see what actually happens underneath. All major browsers
> have very powerful debugging/developer tools built-in

Good suggestions. I shall also mention something that I do, if you have
a wildcard certificate (or indeed any I suppose). I have a certificate
for *.mydomain.com, so I set up a DNS entry for my own PC as localhost.
So devpc.mydomain.com takes me to 127.0.0.1, but that means that the
certificate is fully valid for the browser while I'm developing. Once I
did this, a lot of little things just went away. For the additional
cost, being able to have the same certificate in development, staging
and live is worth it.

--

Matthew Jones
Sun, Mar 22 2015 1:32 AMPermanent Link

Bruno Larochelle

Fellas.. I finally got around to fiddling some more with this, with some success! Smile

1. By running both the 'HTML server' and the 'Data server' on httpS .. I was able to have my web application work properly. (one EWB server dishing out the html on port 442->8080, the other EWB server dishing out the data on port 443->8088). Since I'm using a self-signed CA.. I get warned when I start the application, and then once again when I load the dataset. CORS did not need to be enabled on either one (I was pleasantly surprised at that).

2. I was impressed/happy that sTunnel allowed 2 httpS re-directs, simply by adding a second [https] section with the appropriate 'accept/connect' pair in the config file.

3. Now that I know that works, I will try to use IIS on the HTML (httpS), and ewb (httpS) for the data. That will give me some of the IIS features I want for HTML.

4. For whatever reason, this mix of http (for html) with httpS (for data) on the same web app was causing me trouble (permission denied when connecting to dataset). Maybe that can be done, but I was unable to find it.

So, for now, I have all I really need to proceed. Still lots to learn to ensure secure data/sessions, but it's moving along! And I'm digging deeper into the debug tools that the browsers provided (albeit just starting).

Thanks again to you gentlemen for the assistance and recommendations.

off topic.. next is to purchase a wildcard certificate.. any recommendations for a vendor? I find the prices vary enormously..!


.. Bruno

"Matthew Jones" wrote:

Raul wrote:

> For the duration of the testing i would suggest you add your
> self-signing CA to your browser/OS trusted CA list so you do not get
> prompted. This way you know it's not self-signed cert issues (and you
> can then remove it once it all works and if issue reappears you know
> what it is).
>
> The other suggestion is to use the use the debugging tools in the
> browser to see what actually happens underneath. All major browsers
> have very powerful debugging/developer tools built-in

Good suggestions. I shall also mention something that I do, if you have
a wildcard certificate (or indeed any I suppose). I have a certificate
for *.mydomain.com, so I set up a DNS entry for my own PC as localhost.
So devpc.mydomain.com takes me to 127.0.0.1, but that means that the
certificate is fully valid for the browser while I'm developing. Once I
did this, a lot of little things just went away. For the additional
cost, being able to have the same certificate in development, staging
and live is worth it.

--

Matthew Jones
Logiciels Bitwise Software
Edmonton, AB, Canada
Sun, Mar 22 2015 7:22 AMPermanent Link

Walter Matte

Tactical Business Corporation

Bruno:

This is direct help to you but I just mention it as a solution for anyone to consider.  I use RealThinClient components and built my own web server.  The product comes with a complete demo web server from which I drew upon to do the serving of files (web pages) from disk.  I added all the backend database connectivity via a database pool modules I wrote that create JSON and parse JSON to the specifications required for EWB + I can have any code need to solve specific project requirements.  I have 3 interchangeable database pool modules - DBISAM, ElevateDB and UniDAC components (MSSQL in my case).

RealThinClient has a plugin for SteamSec components - so adding them to the mix gave me HTTPS by dropping 2 components into the project and hooking up a couple of properties.

I have two version of each server - a Standalone exe and a Service version.  This allows easy debugging of code, before deploying the Service Web Server.

BTW the RealThinClient Demo Web Server handles PHP pages - you need to download the latest PHP from www.php.net.

Walter
Sun, Mar 22 2015 9:46 AMPermanent Link

Matthew Jones

Bruno Larochelle wrote:

> off topic.. next is to purchase a wildcard certificate.. any
> recommendations for a vendor? I find the prices vary enormously..!

Not sure how they do on price, but I bought mine from
http://www.trustsign.co.uk/ and they seem okay. I went for the
organisation one this time, but the domain SSL was fine.

The only thing is to not make the mistake I did, and buy the Domain SSL
when you want the Domain SSL Wildcard (I actually chose the
Organisation ones this time). Fortunately they spotted it as I'd put in
*.mydomain.com as the common name, called me within a minute, and had
me correct it (by cancelling on the system, then buying the right one).

--

Matthew Jones
Mon, Mar 23 2015 8:26 AMPermanent Link

Raul

Team Elevate Team Elevate

On 3/22/2015 1:32 AM, Bruno Larochelle wrote:
> off topic.. next is to purchase a wildcard certificate.. any recommendations for a vendor? I find the prices vary enormously..!

You will likely end up with one of the Comodo certs as they tend to be
most reasonable.

I know we got ours from kSoftware last time we needed one:
https://secure.ksoftware.net/ssl_certs.html

And make sure you default to SHA-2 at this point in time (i think
everybody has stopped issuing certs with SHA-1 hashing but check just in
case).

Raul


Mon, Mar 23 2015 1:57 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Raul,

<< I know we got ours from kSoftware last time we needed one:
https://secure.ksoftware.net/ssl_certs.html >>

I second kSoftware - very inexpensive and responds promptly to any issues.
We use them exclusively for our certs, both code-signing and web server.

Tim Young
Elevate Software
www.elevatesoft.com
« Previous PagePage 2 of 2
Jump to Page:  1 2
Image