Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 10 of 15 total
Thread Setting up a https connection to EWB
Tue, Nov 1 2016 6:30 PMPermanent Link

KimHJ

Comca Systems, Inc

I have a Windows 2012 R2 server hosted on 1and1 and I have a SSL certificate which I installed using MMC.
I search and search but it can't find anything about how to make a https connection to EWB. I have created a webservice for our phone app that returns json. Later I need to make a website where we can access the data.
Right now I can access it using http://web.mywebsite.com:8080/modules/testapp?

Have anyone made this work?
I appreciate any help, thanks.

Kim Jensen
Tue, Nov 1 2016 8:04 PMPermanent Link

KimHJ

Comca Systems, Inc

I found a post where Tim said to use stunnel, just installed it and pointed to the pfk file and it worked, very easy to setup.

Kim
Tue, Nov 1 2016 8:49 PMPermanent Link

Raul

Team Elevate Team Elevate

On 11/1/2016 8:04 PM, KimHJ wrote:
> I found a post where Tim said to use stunnel, just installed it and pointed to the pfk file and it worked, very easy to setup.

Yes - stunnel is the current suggested solution as EWB server natively
does not yet do SSL.

Make sure your EWB server is only listening on the 127.0.0.1 ip  - so
it's not accessible directly and any connections must go thru stunnel to
reach it

Raul
Tue, Nov 1 2016 11:30 PMPermanent Link

KimHJ

Comca Systems, Inc

Raul wrote:

>>Make sure your EWB server is only listening on the 127.0.0.1 ip  - so
>>it's not accessible directly and any connections must go thru stunnel to
>>reach it

I did, and the incoming port is redirected so http will not work.

Kim
Wed, May 2 2018 2:42 AMPermanent Link

Paul Waegemans

IMS bvba

Avatar

Kim,

Do you have a step by step procedure to install stunnel.

How did you do the pointing to the pfk file?

Paul Waegemans.


KimHJ wrote:

I found a post where Tim said to use stunnel, just installed it and pointed to the pfk file and it worked, very easy to setup.

Kim
Wed, May 2 2018 2:13 PMPermanent Link

jdforce

Avatar

Paul,
Check this link: https://www.techwalla.com/articles/how-to-configure-stunnel-windows

I have a Dedicated Windows server with live IIS, secured with a comodo SSL.  I don't think sTunnel will work along with IIS actively listening on the same port (443). If that is your case you will have to use another port for incoming connections and redirect to your EWS port.

JD
Mon, May 7 2018 8:18 PMPermanent Link

KimHJ

Comca Systems, Inc

Paul Waegemans wrote:

>>Kim,

Do you have a step by step procedure to install stunnel.

How did you do the pointing to the pfk file?

Paul Waegemans. <<

I copied my pfx (not pfk) into a folder on my server.
I installed the setup file and then I change HTTPS setting by open Tunnel ( Double click) click Configuration / Edit configuration
Scroll down to HTTPS

[https]
accept = 8088
connect = 8099
cert = C:\myfolder\mysite.com.pfx

Save an restart tunnel. Look in the log if any errors when it starts.

That is all.
Now I can Https;//app.mysite.com:8088 and it will go to the database port 8099

Kim
Thu, May 17 2018 3:27 PMPermanent Link

jdforce

Avatar

I found that even though stunnel works with our server, using the same Comodo SSL certificate,  and receives a connection from one port and redirects to another, the browsers are complaining about the redirect. I could connect with and old firefox and an older IE version, but all the updated browsers deny connecting because of the port redirection over https. It seems it is a rule that must be enforced.
Am not sure it if is a certificate rule or a browser security rule in general, but anyway  opening a js application fails unless it is over plain http or the connection is directly without port redirect on the server.

So, while it is maybe possible to lower the browser security settings, it surely will put a computer on risk.

The best solution will be to make EWB server use SSL certificates without intermediaries.
Thu, May 17 2018 8:37 PMPermanent Link

Raul

Team Elevate Team Elevate

On 5/17/2018 3:27 PM, jdforce wrote:
> I found that even though stunnel works with our server, using the same Comodo SSL certificate,  and receives a connection from one port and redirects to another, the browsers are complaining about the redirect. I could connect with and old firefox and an older IE version, but all the updated browsers deny connecting because of the port redirection over https. It seems it is a rule that must be enforced.

Why would there be a redirect - stunnel should be totally transparent.

How did you set it up exactly.

Stunnel works fine for me with modern browsers over ssl : tried Chrome
66.0.3359.139 and Firefox 60.0.1 (64-bit)

> The best solution will be to make EWB server use SSL certificates without intermediaries.

Sure but in this case looks like issue with your config.

Basic config in my case here's what i'm doing

1. ewb web server configured to listen on 127.0.0.1 and port 8888

2. stunnel configured as follows

[https]
accept  = 443
connect = 127.0.0.1:8888
CAfile = <path to CA cert file>
cert = <path to server cert>
key = <path to cert private key>
TIMEOUTclose = 0

3. connecting to https://<my domain>/<ewb app path> works fine for me

Raul
Fri, May 18 2018 12:54 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

<< I found that even though stunnel works with our server, using the same Comodo SSL certificate,  and receives a connection from one port and redirects to another, the browsers are complaining about the redirect.>>

Raul is correct - there is no redirect occurring and the browser should not even know that Stunnel is involved.  This is how reverse proxies work:

https://en.wikipedia.org/wiki/Reverse_proxy

Tim Young
Elevate Software
www.elevatesoft.com
Page 1 of 2Next Page »
Jump to Page:  1 2
Image