Return-Path: <user-return-50817-archive-asf-public=cust-asf.ponee.io@ofbiz.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 886FE200C1C
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  1 Feb 2017 03:25:32 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 871C7160B5F; Wed,  1 Feb 2017 02:25:32 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D27D7160B52
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  1 Feb 2017 03:25:31 +0100 (CET)
Received: (qmail 49920 invoked by uid 500); 1 Feb 2017 02:25:30 -0000
Mailing-List: contact user-help@ofbiz.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@ofbiz.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@ofbiz.apache.org>
List-Post: <mailto:user@ofbiz.apache.org>
List-Id: <user.ofbiz.apache.org>
Reply-To: user@ofbiz.apache.org
Delivered-To: mailing list user@ofbiz.apache.org
Received: (qmail 49908 invoked by uid 99); 1 Feb 2017 02:25:30 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2017 02:25:30 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 3B8701A028B
	for <user@ofbiz.apache.org>; Wed,  1 Feb 2017 02:25:30 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.021
X-Spam-Level: 
X-Spam-Status: No, score=-0.021 tagged_above=-999 required=6.31
	tests=[RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id PXUAfyC61OmS for <user@ofbiz.apache.org>;
	Wed,  1 Feb 2017 02:25:29 +0000 (UTC)
Received: from p3plsmtpa12-02.prod.phx3.secureserver.net (p3plsmtpa12-02.prod.phx3.secureserver.net [68.178.252.231])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 459295F253
	for <user@ofbiz.apache.org>; Wed,  1 Feb 2017 02:25:28 +0000 (UTC)
Received: from skipXP ([96.93.114.201])
	by :SMTPAUTH: with SMTP
	id YkUEcm8YFtIgqYkUFcF32q; Tue, 31 Jan 2017 19:17:31 -0700
From: "Skip" <skip@thedevers.org>
To: "OfbizUser" <user@ofbiz.apache.org>
Subject: SSL certificate creation for localhost
Date: Tue, 31 Jan 2017 18:14:56 -0800
Message-ID: <NIEHIAPGFLPDLIACIOBOAEICEAAA.skip@thedevers.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-CMAE-Envelope: MS4wfN1xRff05zq84VpqBMuASZrJrGF6af9tOrheEib2kkt6QgBnGTitQpqhh2BcFWZw1hb9d1sVppmv0ioXODIP+5y3CIKEy6HYBipMTfCrFf/Sbkxb4Xxe
 7qMWAWXw1/ZcrlVJ60J75fKuSsnNx3N4ZZgCE/qlt5ZTPZPZR9clJQPA
archived-at: Wed, 01 Feb 2017 02:25:32 -0000

For my development machine as well as other users in the local intranet, I
am using the default SSL certificate that comes with ofbiz.  However, this
cert is not accepted by IE 11 (giving the very helpful error message "This
page can't be displayed".  Firefox reports that the certificate "was signed
using a certificate algorithm that was disabled...".

I can and have made modifications to Firefox and Chrome to accept this
certificate and that is all good.

However, I am writing a Windows Win32 application that queries an ofbiz
https URL and gets json data.  I am getting the same error with this
application (works fine with http instead of https) that I get with IE11.  I
have to use Win32 APIs because this app is running on a really low power box
that requires some windows services, so I can't use Linux.

I can make this app work by running the request through an apache server and
using ajp to the ofbiz server where the apache server has a good signed
certificate, so I am sure the ofbiz URL is working just fine.

I have tried the advise here:

https://cwiki.apache.org/confluence/display/OFBIZ/Ant+Script+to+build+new+of
biz+self+cert

The above ant script generates a cert file that doesnt work at all with
Firefox or IE.


This link:
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Pro
duction+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateS
etup
describes a production setup.  However, I am interested in multiple dev
machine setups and I don't want to wait on a real certificate authority.


So, can anyone tell me how to generate a self signed certificate and install
it on ofbiz that will be accepted by IE11?  A real certificate is $100 and
weeks of work.

All I care about is getting IE11 to connect on localhost to ofbiz using
https.

Thanks in advance.

Skip