[SOLVED] Problems with self signed HTTPS certs
Posted: Wed Feb 23, 2011 6:51 am
While researching self signed certificates and Livecode/RunRev, and hitting the wall many times, we finally came up with a MUCH MORE SECURE solution than setting "libURLSetSSLVerification false" in our scripts.
After trying various different methods for using self signed certificates with Livecode, we found the answer we were looking for.
In order to use SSL with any web server (Apache2 with SSL in our case), we had to export the server's self-signed certificate in X509 format. Window's will claim that it can export in the proper format, but it never worked and we tried every option Microsoft had to offer. What we had to do was export the cert from the web server using the built in Microsoft Export utitlity, save it as a X509 .cer file (not base64 encoded), **then convert it with openssl** using:
MY APPOLOGIES FOR THE ".moc" WHICH IS BACKWARDS FOR ". com" (Had to add a space there too) BECAUSE OF FORUMS RULES THINKING I'M POSTING A URL AND THAT BEHAVIOR IS BLOCKED.
Now use the somehost.yourdomain.moc.pem file in your scripts. Example:
You can use this for GET and POST operations as well.
We hope this helps out others in their SSL frustrations since it is not documented anywhere. Good luck!
After trying various different methods for using self signed certificates with Livecode, we found the answer we were looking for.
In order to use SSL with any web server (Apache2 with SSL in our case), we had to export the server's self-signed certificate in X509 format. Window's will claim that it can export in the proper format, but it never worked and we tried every option Microsoft had to offer. What we had to do was export the cert from the web server using the built in Microsoft Export utitlity, save it as a X509 .cer file (not base64 encoded), **then convert it with openssl** using:
MY APPOLOGIES FOR THE ".moc" WHICH IS BACKWARDS FOR ". com" (Had to add a space there too) BECAUSE OF FORUMS RULES THINKING I'M POSTING A URL AND THAT BEHAVIOR IS BLOCKED.
Code: Select all
openssl x509 -in somehost.yourdomain.moc.cer > somehost.yourdomain. com.pem
Code: Select all
libUrlSetSSLVerification true --MAKE SURE THIS IS SET OR BAD MITM CAN HAPPEN
set sslCertificates to "C:\somepath\somehost.yourdomain.moc.pem"
put URL "httpS://somehost.yourdomain.moc/somefile.html" into whatever
We hope this helps out others in their SSL frustrations since it is not documented anywhere. Good luck!