How to configure Self-Signed SSL certificates with tsNet?

Bringing the internet highway into your project? Building FTP, HTTP, email, chat or other client solutions?

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Post Reply
Monox18
Posts: 118
Joined: Tue Nov 25, 2014 9:48 pm
Location: Deggendorf, Germany

How to configure Self-Signed SSL certificates with tsNet?

Post by Monox18 » Wed Jan 20, 2021 7:13 pm

Hello all,

Recently I have been communicating with a server via http with a LC client in an anonymous mode. I can both read and write data using tsNet external. Now I'm trying to set up the security issues, switch to HTTPS instead and start Authentication.

First I'm testing the HTTPS connection without authentication. It seems to work but I'm having certificate issues. If I set

Code: Select all

tsNetVerifySSLPeer false 
then it works. So that means the https connection is working and the server is responding. When I turn it back to true (default) then I get this error: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

If I understand correctly, the server must trust the client and the client must trust the server. Therefore, I need to put the server's certificate in my LC client. And also put the LC client's certificate into the server's.

I placed the server's certificated into LC client with

Code: Select all

tsNetCABundle specialFolderPath("resources") & "/certificates/MyCertificate.der"
then I get the error: CERT_TRUST_IS_UNTRUSTED_ROOT. Which I suppose is the other part of placing my client certificate into the servers. Is this correct, if so, where is such certificate? And will it work when distributing the client, or does every client need a specific certificate which then I put into the servers?

And also when I'm making connections with databases middleware, also using tsNet but another URL then I get CERT_TRUST_IS_PARTIAL_CHAIN error. I need to do

Code: Select all

tsNetCABundle empty
to make it work

Any help here? I do not understand much of SSL certificates. Thanks!
Monox
Developing a Cyber Physical System.
https://www.monoxware.com/

Monox18
Posts: 118
Joined: Tue Nov 25, 2014 9:48 pm
Location: Deggendorf, Germany

Re: How to configure Self-Signed SSL certificates with tsNet?

Post by Monox18 » Tue Jan 26, 2021 11:40 pm

Problem solved. I was using another program that was generating the SSL license for me, so I didn't need to manually create it with OpenSSL. However, the generated license was using the PC's name as the Common Name (CN) in the license. I ended changing the server PC name to reflect the domain name I wanted, the program created the SSL license, I installed this license in my client PC root store, and now the self signed certificate works.

No need to use tsNetCABundle. And more important I can keep tsNetVerifySSLPeer true (which is the default) so that all tsNet SSL connections are verified. Later on will replace the self-signed certificated with a proper registered certificate once I buy it.
Monox
Developing a Cyber Physical System.
https://www.monoxware.com/

Post Reply

Return to “Internet”