Alpha Video Training
Results 1 to 6 of 6

Thread: SSL and Always Up

  1. #1
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,699

    Default SSL and Always Up

    I have a client using AlwaysUp with the v8 server. Site has been working fine. They just bought a Verisign certificate and are having a problem.

    They open a second copy of AS and install the cert files, which includes a chain file. When they cycle AlwaysUp, or start a second copy from the desktop again, an error is displayed
    "Unable to read certificate file for SSL".

    When the CSR was generated a blank password was used. Is this a problem?

    Any issues to be aware of with AlwaysUp?

    Bill.

  2. #2
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,699

    Default Re: SSL and Always Up

    Lenny showed me a trick - make sure the extension is CRT, then double click the certificate file to get a description of the certificate. In my case a message said this was not a valid certificate.

    So now we go back to Verisign.

    Bill.

  3. #3
    Moderator Steve Wood's Avatar
    Real Name
    Steve Wood
    Join Date
    Nov 2003
    Location
    Bay Area, California
    Posts
    8,827

    Default Re: SSL and Always Up

    Could you document your process in this case. I have a somewhat incomplete document on my website regarding ssl. I'd like to compare your process to what I have listed, redraft the document and then put up here for public use.
    Steve Wood
    Join the ALPHA DEVELOPERS NETWORK
    There is no Cloud. It's just someone else's computer.
    Web - Mobile - Hosting - Products - Frameworks - Developer Resources
    AlphaToGo | IADN (100% Alpha Anywhere Websites)

  4. #4
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,699

    Default Re: SSL and Always Up

    Got some more testing code from Lenny, but have not reached a solution yet. I am sure we will get it working. I just hope we ultimately know what the problem was. Will post again.

    My previous uses of SSL were deceivingly simple.

    Bill.

  5. #5
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: SSL and Always Up

    I gave Bill some Xbasic that can be used to validate a certificate, but that's actually the hard way. There is a test function as part of Alpha Five - ssl_test_cert()

    Code:
    'for a certificate with no password or chain file
    ?SSL_test_cert("c:\ssl_certificates\test.cert", "c:\ssl_certificates\test.key")
    = Canceled = .F.
    Code = 0
    Error = .F.
    NativeCode = 0
    NativeText = ""
    Success = .T.
    Text = "Success"
    
    'with a password
    ?SSL_test_cert("c:\ssl_certificates\test2.cert", "c:\ssl_certificates\test2.key", "password")
    = Canceled = .F.
    Code = 0
    Error = .F.
    NativeCode = 0
    NativeText = ""
    Success = .T.
    Text = "Success"
    
    'with a chain file
    ?SSL_test_cert("c:\ssl_certificates\test3.crt", "c:\ssl_certificates\test3.key", "password", "c:\ssl_certificates\test3_chain.crt")
    = Canceled = .F.
    Code = 0
    Error = .F.
    NativeCode = 0
    NativeText = ""
    Success = .T.
    Text = "Success"

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  6. #6
    VAR
    Real Name
    Bill Parker
    Join Date
    Apr 2000
    Location
    Dallas, TX
    Posts
    1,699

    Default Re: SSL and Always Up

    The problem turned out to be that the cert file was in IIS format, and needed to be in Apache format. The message we got in this case was
    "Unable to read certificate file for Secure Sockets Layer" (attached)

    Does not point you straight to a solution, so take note.

    I had done a Godaddy cert before and had no problem, so maybe they default to Apache format (can't remember). Verisign has a long pick list.

    I don't fully understand the double click trick. Seems that if the cert is in apache format then info about the cert is correctly displayed. If the cert is in IIS format, then you get a message that says it is not valid. However, if you are actually using the cert for IIS, not Alpha, the cert does work correctly. The fact that you only get a good display if it is Apache is good for us, but be mindful if you are in a mixed environment. The Verisign chain file always displayed correctly with a double click, so maybe that is always Apache format.

    Bill.

Similar Threads

  1. POST or GET via SSL
    By gcaplan in forum Alpha Five Version 6
    Replies: 7
    Last Post: 10-19-2007, 10:05 PM
  2. Can you explain the use of SSL with WAS ??
    By Chris.Tanti in forum Web Application Server v7
    Replies: 6
    Last Post: 10-12-2006, 03:05 PM
  3. Still a confused about SSL in V7 WAS? (HELP!)
    By Hansolo in forum Web Application Server v7
    Replies: 3
    Last Post: 11-15-2005, 05:00 PM
  4. SSL
    By Gregory R. Zilliox in forum Web Application Server v6
    Replies: 2
    Last Post: 09-28-2004, 11:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •