SSL certificate creation for localhost
Locked
 
|
For my development machine as well as other users in the local intranet, I
am using the default SSL certificate that comes with ofbiz. However, this cert is not accepted by IE 11 (giving the very helpful error message "This page can't be displayed". Firefox reports that the certificate "was signed using a certificate algorithm that was disabled...". I can and have made modifications to Firefox and Chrome to accept this certificate and that is all good. However, I am writing a Windows Win32 application that queries an ofbiz https URL and gets json data. I am getting the same error with this application (works fine with http instead of https) that I get with IE11. I have to use Win32 APIs because this app is running on a really low power box that requires some windows services, so I can't use Linux. I can make this app work by running the request through an apache server and using ajp to the ofbiz server where the apache server has a good signed certificate, so I am sure the ofbiz URL is working just fine. I have tried the advise here: https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of biz+self+cert The above ant script generates a cert file that doesnt work at all with Firefox or IE. This link: https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS etup describes a production setup. However, I am interested in multiple dev machine setups and I don't want to wait on a real certificate authority. So, can anyone tell me how to generate a self signed certificate and install it on ofbiz that will be accepted by IE11? A real certificate is $100 and weeks of work. All I care about is getting IE11 to connect on localhost to ofbiz using https. Thanks in advance. Skip |
Re: SSL certificate creation for localhost
|
|
Have you heard of letsencrypt.org and the certbot? Free SSL certs, open
source software. Just saying. On Jan 31, 2017 8:25 PM, "Skip" <[hidden email]> wrote: For my development machine as well as other users in the local intranet, I am using the default SSL certificate that comes with ofbiz. However, this cert is not accepted by IE 11 (giving the very helpful error message "This page can't be displayed". Firefox reports that the certificate "was signed using a certificate algorithm that was disabled...". I can and have made modifications to Firefox and Chrome to accept this certificate and that is all good. However, I am writing a Windows Win32 application that queries an ofbiz https URL and gets json data. I am getting the same error with this application (works fine with http instead of https) that I get with IE11. I have to use Win32 APIs because this app is running on a really low power box that requires some windows services, so I can't use Linux. I can make this app work by running the request through an apache server and using ajp to the ofbiz server where the apache server has a good signed certificate, so I am sure the ofbiz URL is working just fine. I have tried the advise here: https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of biz+self+cert The above ant script generates a cert file that doesnt work at all with Firefox or IE. This link: https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS etup describes a production setup. However, I am interested in multiple dev machine setups and I don't want to wait on a real certificate authority. So, can anyone tell me how to generate a self signed certificate and install it on ofbiz that will be accepted by IE11? A real certificate is $100 and weeks of work. All I care about is getting IE11 to connect on localhost to ofbiz using https. Thanks in advance. Skip |
Re: SSL certificate creation for localhost
Administrator
|
Yes that's the right solution in your case Skip
Thanks Chris Jacques Le 01/02/2017 à 03:32, Chris Clark a écrit : > Have you heard of letsencrypt.org and the certbot? Free SSL certs, open > source software. Just saying. > > On Jan 31, 2017 8:25 PM, "Skip" <[hidden email]> wrote: > > For my development machine as well as other users in the local intranet, I > am using the default SSL certificate that comes with ofbiz. However, this > cert is not accepted by IE 11 (giving the very helpful error message "This > page can't be displayed". Firefox reports that the certificate "was signed > using a certificate algorithm that was disabled...". > > I can and have made modifications to Firefox and Chrome to accept this > certificate and that is all good. > > However, I am writing a Windows Win32 application that queries an ofbiz > https URL and gets json data. I am getting the same error with this > application (works fine with http instead of https) that I get with IE11. I > have to use Win32 APIs because this app is running on a really low power box > that requires some windows services, so I can't use Linux. > > I can make this app work by running the request through an apache server and > using ajp to the ofbiz server where the apache server has a good signed > certificate, so I am sure the ofbiz URL is working just fine. > > I have tried the advise here: > > https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of > biz+self+cert > > The above ant script generates a cert file that doesnt work at all with > Firefox or IE. > > > This link: > https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro > duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS > etup > describes a production setup. However, I am interested in multiple dev > machine setups and I don't want to wait on a real certificate authority. > > > So, can anyone tell me how to generate a self signed certificate and install > it on ofbiz that will be accepted by IE11? A real certificate is $100 and > weeks of work. > > All I care about is getting IE11 to connect on localhost to ofbiz using > https. > > Thanks in advance. > > Skip > |
|
|
In reply to this post by Chris Clark
+1 on letsencrypt.org
Free ssl certificates, as many as you want, costs zero. They are not self-signed that cause browser errors... These are from a REAL certificate authority. They are great from test environments. On Tue, Jan 31, 2017 at 6:32 PM, Chris Clark <[hidden email]> wrote: > Have you heard of letsencrypt.org and the certbot? Free SSL certs, open > source software. Just saying. > > On Jan 31, 2017 8:25 PM, "Skip" <[hidden email]> wrote: > > For my development machine as well as other users in the local intranet, I > am using the default SSL certificate that comes with ofbiz. However, this > cert is not accepted by IE 11 (giving the very helpful error message "This > page can't be displayed". Firefox reports that the certificate "was signed > using a certificate algorithm that was disabled...". > > I can and have made modifications to Firefox and Chrome to accept this > certificate and that is all good. > > However, I am writing a Windows Win32 application that queries an ofbiz > https URL and gets json data. I am getting the same error with this > application (works fine with http instead of https) that I get with IE11. > I > have to use Win32 APIs because this app is running on a really low power > box > that requires some windows services, so I can't use Linux. > > I can make this app work by running the request through an apache server > and > using ajp to the ofbiz server where the apache server has a good signed > certificate, so I am sure the ofbiz URL is working just fine. > > I have tried the advise here: > > https://cwiki.apache.org/confluence/display/OFBIZ/Ant+ > Script+to+build+new+of > biz+self+cert > > The above ant script generates a cert file that doesnt work at all with > Firefox or IE. > > > This link: > https://cwiki.apache.org/confluence/display/OFBIZ/ > Apache+OFBiz+Technical+Pro > duction+Setup+Guide#ApacheOFBizTechnicalProduction > SetupGuide-SSLCertificateS > etup > describes a production setup. However, I am interested in multiple dev > machine setups and I don't want to wait on a real certificate authority. > > > So, can anyone tell me how to generate a self signed certificate and > install > it on ofbiz that will be accepted by IE11? A real certificate is $100 and > weeks of work. > > All I care about is getting IE11 to connect on localhost to ofbiz using > https. > > Thanks in advance. > > Skip > |
Re: SSL certificate creation for localhost
|
|
Yeah definitely the way it should be anyways. I know my site doesnt have
the EV bar, but honestly who really wants to pay 100 dollars a year to GoDaddy for a single SSL cert? Not this broke entrepreneur. On Jan 31, 2017 11:27 PM, "Mike" <[hidden email]> wrote: > +1 on letsencrypt.org > > Free ssl certificates, as many as you want, costs zero. They are not > self-signed that cause browser errors... These are from a REAL certificate > authority. They are great from test environments. > > On Tue, Jan 31, 2017 at 6:32 PM, Chris Clark <[hidden email]> wrote: > > > Have you heard of letsencrypt.org and the certbot? Free SSL certs, open > > source software. Just saying. > > > > On Jan 31, 2017 8:25 PM, "Skip" <[hidden email]> wrote: > > > > For my development machine as well as other users in the local intranet, > I > > am using the default SSL certificate that comes with ofbiz. However, > this > > cert is not accepted by IE 11 (giving the very helpful error message > "This > > page can't be displayed". Firefox reports that the certificate "was > signed > > using a certificate algorithm that was disabled...". > > > > I can and have made modifications to Firefox and Chrome to accept this > > certificate and that is all good. > > > > However, I am writing a Windows Win32 application that queries an ofbiz > > https URL and gets json data. I am getting the same error with this > > application (works fine with http instead of https) that I get with IE11. > > I > > have to use Win32 APIs because this app is running on a really low power > > box > > that requires some windows services, so I can't use Linux. > > > > I can make this app work by running the request through an apache server > > and > > using ajp to the ofbiz server where the apache server has a good signed > > certificate, so I am sure the ofbiz URL is working just fine. > > > > I have tried the advise here: > > > > https://cwiki.apache.org/confluence/display/OFBIZ/Ant+ > > Script+to+build+new+of > > biz+self+cert > > > > The above ant script generates a cert file that doesnt work at all with > > Firefox or IE. > > > > > > This link: > > https://cwiki.apache.org/confluence/display/OFBIZ/ > > Apache+OFBiz+Technical+Pro > > duction+Setup+Guide#ApacheOFBizTechnicalProduction > > SetupGuide-SSLCertificateS > > etup > > describes a production setup. However, I am interested in multiple dev > > machine setups and I don't want to wait on a real certificate authority. > > > > > > So, can anyone tell me how to generate a self signed certificate and > > install > > it on ofbiz that will be accepted by IE11? A real certificate is $100 > and > > weeks of work. > > > > All I care about is getting IE11 to connect on localhost to ofbiz using > > https. > > > > Thanks in advance. > > > > Skip > > > |
Re: SSL certificate creation for localhost
|
|
In reply to this post by SkipDever
Skip,
I agree with everyone else that Let's Encrypt is a great source for free SSL certificates, but we're not really answering your question. You should be able to follow the Production Setup Guide and generate a CSR, then use OpenSSL to generate a self-signed certificate in PKCS#7 format, e.g. follow http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685 to get a self-signed cert, and https://myonlineusb.wordpress.com/2011/06/19/how-to-convert-certificates-between-pem-der-p7bpkcs7-pfxpkcs12/ to convert to PKCS7. Then you can finish up with the steps using keytool from the guide. If you choose to spend the time setting up certbot or one of the other Let's Encrypt clients (I use getssl: https://github.com/srvrco/getssl) then you skip the CSR generation step and start with the key file the client generates and the certificate it gets from Let's Encrypt (once you've gotten the validation working). I hope that helps. Richard Siddall Skip wrote: > For my development machine as well as other users in the local intranet, I > am using the default SSL certificate that comes with ofbiz. However, this > cert is not accepted by IE 11 (giving the very helpful error message "This > page can't be displayed". Firefox reports that the certificate "was signed > using a certificate algorithm that was disabled...". > > I can and have made modifications to Firefox and Chrome to accept this > certificate and that is all good. > > However, I am writing a Windows Win32 application that queries an ofbiz > https URL and gets json data. I am getting the same error with this > application (works fine with http instead of https) that I get with IE11. I > have to use Win32 APIs because this app is running on a really low power box > that requires some windows services, so I can't use Linux. > > I can make this app work by running the request through an apache server and > using ajp to the ofbiz server where the apache server has a good signed > certificate, so I am sure the ofbiz URL is working just fine. > > I have tried the advise here: > > https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of > biz+self+cert > > The above ant script generates a cert file that doesnt work at all with > Firefox or IE. > > > This link: > https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro > duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS > etup > describes a production setup. However, I am interested in multiple dev > machine setups and I don't want to wait on a real certificate authority. > > > So, can anyone tell me how to generate a self signed certificate and install > it on ofbiz that will be accepted by IE11? A real certificate is $100 and > weeks of work. > > All I care about is getting IE11 to connect on localhost to ofbiz using > https. > > Thanks in advance. > > Skip > > > |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |