ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Siddall <richard.sidd...@elirion.net>
Subject Re: SSL certificate creation for localhost
Date Wed, 01 Feb 2017 16:36:40 GMT
Skip,

I agree with everyone else that Let's Encrypt is a great source for free 
SSL certificates, but we're not really answering your question.

You should be able to follow the Production Setup Guide and generate a 
CSR, then use OpenSSL to generate a self-signed certificate in PKCS#7 
format, e.g. follow
http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
to get a self-signed cert, and
https://myonlineusb.wordpress.com/2011/06/19/how-to-convert-certificates-between-pem-der-p7bpkcs7-pfxpkcs12/
to convert to PKCS7.  Then you can finish up with the steps using 
keytool from the guide.

If you choose to spend the time setting up certbot or one of the other 
Let's Encrypt clients (I use getssl: https://github.com/srvrco/getssl) 
then you skip the CSR generation step and start with the key file the 
client generates and the certificate it gets from Let's Encrypt (once 
you've gotten the validation working).

I hope that helps.

	Richard Siddall

Skip wrote:
> For my development machine as well as other users in the local intranet, I
> am using the default SSL certificate that comes with ofbiz.  However, this
> cert is not accepted by IE 11 (giving the very helpful error message "This
> page can't be displayed".  Firefox reports that the certificate "was signed
> using a certificate algorithm that was disabled...".
>
> I can and have made modifications to Firefox and Chrome to accept this
> certificate and that is all good.
>
> However, I am writing a Windows Win32 application that queries an ofbiz
> https URL and gets json data.  I am getting the same error with this
> application (works fine with http instead of https) that I get with IE11.  I
> have to use Win32 APIs because this app is running on a really low power box
> that requires some windows services, so I can't use Linux.
>
> I can make this app work by running the request through an apache server and
> using ajp to the ofbiz server where the apache server has a good signed
> certificate, so I am sure the ofbiz URL is working just fine.
>
> I have tried the advise here:
>
> https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of
> biz+self+cert
>
> The above ant script generates a cert file that doesnt work at all with
> Firefox or IE.
>
>
> This link:
> https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro
> duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS
> etup
> describes a production setup.  However, I am interested in multiple dev
> machine setups and I don't want to wait on a real certificate authority.
>
>
> So, can anyone tell me how to generate a self signed certificate and install
> it on ofbiz that will be accepted by IE11?  A real certificate is $100 and
> weeks of work.
>
> All I care about is getting IE11 to connect on localhost to ofbiz using
> https.
>
> Thanks in advance.
>
> Skip
>
>
>


Mime
View raw message