| View previous topic :: View next topic |
| Author |
Message |
dapaintballer331
-
Joined: 21 Sep 2004
Posts: 1
|
 Posted: Thu Aug 04, 2005 4:08 pm Post subject: ssl connections? |
 |
|
| I want a ssl connection for my store. What is required for this? Is it available in abyss or other webserver programs or is it something else you configure or download? |
|
| Back to top |
  |
 |
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Aug 04, 2005 4:21 pm Post subject: |
|
|
Abyss doesn't yet support SSL directly.
I wrote a tutorial for using a self generated certificate and STunnel to make SSL available for sites, but I don't know how well this would work with a store. You certainly couldn't use a self generated certificate if you want any level of trust from the people who will be using it - you would need to purchase a genuine SSL cert to use. As I don't have one, I can't tell you how well this would work with the STunnel/Abyss combination.
Background reading :
http://www.webopedia.com/DidYouKnow/Internet/2005/ssl.asp
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Aug 04, 2005 7:22 pm Post subject: |
|
|
If you guy's want to know, Aprelium is already working on the SSL version.
They told me in an e-mail when I asked when SSL will be ready. lateR! :-)
Sincerely , TRUSTpunk |
|
| Back to top |
 |
|
wagonerf
-
Joined: 05 Aug 2005
Posts: 2
Location: Tampa, FL
|
| Posted: Fri Aug 05, 2005 8:25 pm Post subject: I really need SSL support now. I'll pay for it! |
|
|
I have set up STunnel and copied the OpenDLL library files and established my own certificate. My site now provides SSL encryption; however, it keeps prompting users with a security window which requires them to indicate Yes in order to view my site.
I am trying to obtain an official certificate (through GoDaddy), but I need to generate a CSR before GoDaddy will finalize the process. I've tried generating the CSR through OpenDLL, but I need to know how to set up the openssl.cnf file with Abyss Web Server references before it'll allow me to create the cert.csr file. I already have the private key created in the privkey.pem file.
I will keep trying until I either get instructions on how to set up the openssl.cnf file, Abyss Web Server begins to offer SSL support, or decide to give up and go with IIS, Apache, etc. (which I don't want to do).
If anyone has any solutions, please let me know.
Thank you. Frank |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Aug 05, 2005 9:04 pm Post subject: |
|
|
Because your certificate is self signed, users will receive a prompt to accept the certificate regardless of what server you choose to use - until a proper certificate from a recognised signing authority is provided to the browser, your site is untrusted (although traffic to/from it is still encrypted)
I haven't looked into the process of installing a proper SSL certificate or what's required to purchase one, but if I get chance this weekend I'll have a play and see what I can find out.
Edit: Although these instructions are for Apache, skip to the 2nd part of step 3 ("You could also create a private key without file encryption") and the process should be the same for Abyss and OpenSSL.
http://www.geotrusteurope.com/support/csr/csr_apache.htm
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
wagonerf
-
Joined: 05 Aug 2005
Posts: 2
Location: Tampa, FL
|
| Posted: Fri Aug 05, 2005 10:27 pm Post subject: Thanks Anonymoose |
|
|
Thanks for the quick response Anonymoose. I'd sure appreciate any assistance you can give after you've had time to check it out.
For now, you're correct in that my site is still encrypting traffic back and forth, so that covers the main need for now. However, my users may have concerns about my site if I can't get a proper SSL certificate, so I desperately want to get the SSL turbo certificate from GoDaddy to alleviate their concerns.
Here's the steps I made so far:
* installed Abyss Web Server
* transferred web pages to server
* went to stunnel.org and downloaded stunnel.zip (win32)
* in the same folder, I downloaded the OpenSSL files also on their site
* created the stunnel.conf file to redirect html:
contents of stunnel.conf: [web] accept=443 connect=80
* launched OpenSSL.exe and created the RSA private key by typing:
OPENSSL> genrsa -out privkey.pem 2048
* this created a file named privkey.pem in the stunnel/openssl folder
* the next step was to create a certificate signing request (CSR)
* tried to execute the following command from OpenSSL:
OPENSSL> req -new -key privkey.pem -out cert.csr
* it errors and indicates it needs a openssl.cnf file in the same folder
* upon researching the net, I found an example openssl.cnf file for Apach,
but it looks like it requires information I'm not familiar with like the
dir path, database index path, etc.
* i'm already familiar with the state, city, dept, site name, co name, etc.
but am concerned that having the paths wrong will either prevent the
creation of the cert.csr file or will create a cert.csr file that will not be
authenticated by the signing authority (GoDaddy in my case)
This is where I'm at now. Creating an internal certificate using the web page (http://stunnel.org/pem) allowed me to encrypt traffic with users as long as they indicate yes or view/install the certificate on their PCs.
Good luck (for us both)! Frank |
|
| Back to top |
|
|
|
