Re: problems with SSL cert/SOLVED
Thank you John! Good to know!! Rebecca >>>>>>>>>>> Message: 10 Date: Fri, 10 Jan 2020 08:39:58 -0600 From: John DeSoi To: 4D iNug Technical <4d_tech@lists.4d.com> Subject: Re: problems with SSL cert/SOLVED Message-ID: Content-Type: text/plain; charset=us-ascii Glad to hear you solved it. The initial setup can be a bit complex, but I highly recommend automating the whole SSL certificate thing with Let's Encrypt. The certificate cost goes to zero and you never have to worry about it again unless your logging script says you have an issue. It automatically renews every few months and I have seen zero issues since setting it up about a year and a half ago. There is a 4D tech note about it in the link below. Or you can just script it with Mac or Windows OS tools. https://kb.4d.com/assetid=77671 John DeSoi, Ph.D. On Fri, Jan 10, 2020 at 3:00 PM <4d_tech-requ...@lists.4d.com> wrote: > Send 4D_Tech mailing list submissions to > 4d_tech@lists.4d.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.4d.com/mailman/listinfo/4d_tech > or, via email, send a message with subject or body 'help' to > 4d_tech-requ...@lists.4d.com > > You can reach the person managing the list at > 4d_tech-ow...@lists.4d.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 4D_Tech digest..." > > > Today's Topics: > >1. Re: HTTP Upload file size too low (Jim Labos - infobase) >2. Re: HTTP Upload file size too low (Jim Labos - infobase) > 3. Re: HTTP Upload file size too low (Jim Labos - infobase) >4. Re: problems with SSL cert (Rebecca Bryant) >5. RE: problems with SSL cert (Timothy Penner) >6. Re: problems with SSL cert (Rebecca Bryant) >7. Re: problems with SSL cert/SOLVED (Rebecca Bryant) >8. Re: problems with SSL cert (Sandor Szatmari) >9. Write Pro disable spell checking (Piotr Chabot Stadhouders) > 10. Re: problems with SSL cert/SOLVED (John DeSoi) > > > -- > > Message: 1 > Date: Thu, 9 Jan 2020 13:13:17 -0700 (MST) > From: Jim Labos - infobase > To: 4d_tech@lists.4d.com > Subject: Re: HTTP Upload file size too low > Message-ID: <1578600797672-0.p...@n5.nabble.com> > Content-Type: text/plain; charset=us-ascii > > Ok that's a start if using WEB GET BODY PART will get the "chunks" and I > can > then reconstruct the file (I am assuming that is how it works). > > I'll b echeking for libraries that will allow me to implemnt chuncked > uploads. Thanks for your acknowledgement that you have had success doing > this. > > > > 4D Tech mailing list wrote > > I'm not sure if I understand your environment in which you would do that > > file upload. As I mentioned before, I did some little testing with > chunked > > uploads using a web browser as a client and there a javascript library. > At > > the server side I use WEB GET BODY PART in conjunction with WEB Get body > > part count. I was able to upload file up to 4 GB. > > > > It looks really simple: > > > > For ($index;1;WEB Get body part count) > > > > WEB GET BODY > PART($index;$MimeBody;$name;$mimeType;$filename) > > > > // do something with the chunk received in $MimeBody > > > > End for > > > > If you use another client than a web browser you have to mimic the > > appropriate request. Using 4D as a client shouldn't be a problem. Simply > > use HTTP Request and build appropriate headers and body. > > > > Regards > > Lutz > > > > > > > > > > ** > > 4D Internet Users Group (4D iNUG) > > Archive: http://lists.4d.com/archives.html > > Options: https://lists.4d.com/mailman/options/4d_tech > > Unsub: mailto: > > > 4D_Tech-Unsubscribe@.4D > > > ** > > > > > > - > Jim Labos - infobase > -- > Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html > > > -- > > Message: 2 > Date: Thu, 9 Jan 2020 13:16:56 -0700 (MST) > From: Jim Labos - infobase > To: 4d_tech@lists.4d.com > Subject: Re: HTTP Upload file size too low > Message-ID: <1578601016468-0.p...@n5.nabble.com> > Content-Type: text/plain; charset=us-ascii > > Thanks for link John. I'll give it a look. I knew it needed more than HTML > on > the browser's
Re: problems with SSL cert/SOLVED
Thanks for the tip Sandor. I like hanging on to the old certs too. I usually hide them in a folder so it's good to know that's recommended (as opposed to just renaming). Rebecca >>>>>>>>>>>>>>>>> Message: 8 Date: Fri, 10 Jan 2020 09:01:00 -0500 From: Sandor Szatmari To: 4D iNug Technical <4d_tech@lists.4d.com> Cc: Rebecca Bryant Subject: Re: problems with SSL cert Message-ID: <5b4a0d72-6545-4a9a-8436-e334facb6...@infoplusonline.com> Content-Type: text/plain; charset="utf-8" Rebecca, Don’t know if this is related, but I had a difficult time replacing a cert recently. I found out that 4D server reads all certs in the main directory regardless of if you intent to used them or not. As soon as I removed unused certs everything functioned perfectly. I had simply renamed the old cert to replace the new one. Thinking I don’t want to trash this yet. But keeping it in the same dir gave major problems loading any cert. hope that helps. Sandor On Fri, Jan 10, 2020 at 3:00 PM <4d_tech-requ...@lists.4d.com> wrote: > Send 4D_Tech mailing list submissions to > 4d_tech@lists.4d.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.4d.com/mailman/listinfo/4d_tech > or, via email, send a message with subject or body 'help' to > 4d_tech-requ...@lists.4d.com > > You can reach the person managing the list at > 4d_tech-ow...@lists.4d.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 4D_Tech digest..." > > > Today's Topics: > >1. Re: HTTP Upload file size too low (Jim Labos - infobase) >2. Re: HTTP Upload file size too low (Jim Labos - infobase) > 3. Re: HTTP Upload file size too low (Jim Labos - infobase) > 4. Re: problems with SSL cert (Rebecca Bryant) > 5. RE: problems with SSL cert (Timothy Penner) >6. Re: problems with SSL cert (Rebecca Bryant) > 7. Re: problems with SSL cert/SOLVED (Rebecca Bryant) >8. Re: problems with SSL cert (Sandor Szatmari) >9. Write Pro disable spell checking (Piotr Chabot Stadhouders) > 10. Re: problems with SSL cert/SOLVED (John DeSoi) > > > -- > > Message: 1 > Date: Thu, 9 Jan 2020 13:13:17 -0700 (MST) > From: Jim Labos - infobase > To: 4d_tech@lists.4d.com > Subject: Re: HTTP Upload file size too low > Message-ID: <1578600797672-0.p...@n5.nabble.com> > Content-Type: text/plain; charset=us-ascii > > Ok that's a start if using WEB GET BODY PART will get the "chunks" and I > can > then reconstruct the file (I am assuming that is how it works). > > I'll b echeking for libraries that will allow me to implemnt chuncked > uploads. Thanks for your acknowledgement that you have had success doing > this. > > > > 4D Tech mailing list wrote > > I'm not sure if I understand your environment in which you would do that > > file upload. As I mentioned before, I did some little testing with > chunked > > uploads using a web browser as a client and there a javascript library. > At > > the server side I use WEB GET BODY PART in conjunction with WEB Get body > > part count. I was able to upload file up to 4 GB. > > > > It looks really simple: > > > > For ($index;1;WEB Get body part count) > > > > WEB GET BODY > PART($index;$MimeBody;$name;$mimeType;$filename) > > > > // do something with the chunk received in $MimeBody > > > > End for > > > > If you use another client than a web browser you have to mimic the > > appropriate request. Using 4D as a client shouldn't be a problem. Simply > > use HTTP Request and build appropriate headers and body. > > > > Regards > > Lutz > > > > > > > > > > ** > > 4D Internet Users Group (4D iNUG) > > Archive: http://lists.4d.com/archives.html > > Options: https://lists.4d.com/mailman/options/4d_tech > > Unsub: mailto: > > > 4D_Tech-Unsubscribe@.4D > > > ** > > > > > > - > Jim Labos - infobase > -- > Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html > > > -- > > Message: 2 > Date: Thu, 9 Jan 2020 13:16:56 -0700 (MST) > From: Jim Labos - infobase > To: 4d_tech@lists.4d.com > Subject: Re: HTTP Upload file size too low > Message-ID: <1578601016468-0.p...@n5.nabble.com>
Re: problems with SSL cert/SOLVED
Glad to hear you solved it. The initial setup can be a bit complex, but I highly recommend automating the whole SSL certificate thing with Let's Encrypt. The certificate cost goes to zero and you never have to worry about it again unless your logging script says you have an issue. It automatically renews every few months and I have seen zero issues since setting it up about a year and a half ago. There is a 4D tech note about it in the link below. Or you can just script it with Mac or Windows OS tools. https://kb.4d.com/assetid=77671 John DeSoi, Ph.D. > On Jan 9, 2020, at 11:58 PM, Rebecca Bryant via 4D_Tech > <4d_tech@lists.4d.com> wrote: > > Tada! The URL now resolves to the login page using the new cert.pem and > key.pem files. I'll check in on it periodically to make sure all is well. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
Rebecca, Don’t know if this is related, but I had a difficult time replacing a cert recently. I found out that 4D server reads all certs in the main directory regardless of if you intent to used them or not. As soon as I removed unused certs everything functioned perfectly. I had simply renamed the old cert to replace the new one. Thinking I don’t want to trash this yet. But keeping it in the same dir gave major problems loading any cert. hope that helps. Sandor > On Jan 9, 2020, at 09:14, Rebecca Bryant via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > I am having a problem getting a new SSL certificate to work. This web app > has been running successfully with SSL for several years. The current cert > expires in a few days so I used GENERATE ENCRYPTION KEYPAIR and GENERATE > CERTIFICATE REQUEST to generate a private key, public key, and certificate > request. The request was submitted to DigiCert (by a tech support > co-worker). The resulting file was renamed 'cert.pem' and the private key > was renamed 'key.pem' and placed in the folder with the structure. When I > try to start the app I get an error on the first line of the startup > routine; it lists the 'key.pem' file with the error 'Access denied'. I have > done all of this successfully before so I am stumped as to what is causing > the failure this time. The app works fine if I replace the new cert.pem and > key.pem files with the old ones (from Go Daddy). The app is running via 4D > Server 16R5 on Windows Server 2016. Normally it runs as a service via > FireDaemon. I have several other apps running with the same configuration > and with SSL certs that were generated the same way. > > Any ideas what the problem might be? Any help would be greatly appreciated. > > Thank you and Happy New Year to all, > Rebecca Bryant Williams > becca...@gmail.com > ** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** CONFIDENTIALITY NOTICE: This email (and any related attachments) contains information from InfoPlus (a service of Bristol Capital, Inc.). It is intended only for the addressee and may contain information that is confidential and/or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or are acting as agent for the intended recipient, any use or disclosure of this communication is prohibited. If you have received this communication in error, please notify us immediately to arrange for the appropriate method of returning or disposing of the communication. If our respective Companies have confidentiality provisions in effect, this email and the materials contained herein are deemed CONFIDENTIAL and should be treated accordingly unless expressly provided otherwise. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert/SOLVED
I finally got the application to publish to the web using the new SSL certs. I had to do a couple things: (1) To test whether or not the encryption was causing an issue, I restored the last backup of the application and launched the restored, unencrypted app with the new certs (also made sure the cert files were unencrypted). It launched without the ‘Access denied’ error on the ‘key.pem’ file but I got an SSL protocol error in the browser. So… (2) I created a chained cert.pem file by pasting the intermediate certificate from DigiCert into the root certificate. Tada! The URL now resolves to the login page using the new cert.pem and key.pem files. I'll check in on it periodically to make sure all is well. Thank you Tim and John for your help! Rebecca Rebecca Bryant Williams becca...@gmail.com ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
Thank you for the response Timothy, but when I open the private key in a text editor it is the regular header, not the one indicating encryption. However, the folder containing the database files *is *encrypted. When I ran the routine to create the private and public keys and the CSR, I saved those files to a different folder. I'm wondering if that is causing the issue. Maybe they should have been saved into the folder where the database files reside (i.e., the encrypted folder). Rebecca On Thu, Jan 9, 2020 at 7:05 PM Timothy Penner wrote: > If I had to guess, its that the private key is encrypted and requires a > password. If that’s true you will need to remove the password first. > > Here is a reference for this, from digicert nonetheless: > https://knowledge.digicert.com/solution/SO5292.html > > -Tim > > > Timothy Penner > Senior Technical Services Engineer > > 4D Inc > 95 S. Market Street, Suite #240 > CA 95113 San Jose > United States > > Téléphone : +1-408-557-4600 > Standard : +1-408-557-4600 > Fax : +1-408-271-5080 > Email : tpen...@4d.com > Web : www.4d.com > > > > > > > -- Rebecca Bryant Williams becca...@gmail.com ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: problems with SSL cert
If I had to guess, its that the private key is encrypted and requires a password. If that’s true you will need to remove the password first. Here is a reference for this, from digicert nonetheless: https://knowledge.digicert.com/solution/SO5292.html -Tim ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
Thanks John. The permissions are the same except the old files have an additional group, "Authenticated users", that was not listed for the new files. We added that group for the new files but they are still not working. Maybe we should try removing all groups except "Authenticated users"... The old files are from Go Daddy and the new files are from DigiCert but I'm told that should not make a difference. Plus we have at least two other sites running fine with DigiCert certificates. Thanks again for the reply. -- Rebecca Bryant Williams becca...@gmail.com > > -- > > Message: 1 > Date: Thu, 9 Jan 2020 09:14:10 -0500 > From: Rebecca Bryant > To: 4d_tech@lists.4d.com > Subject: problems with SSL cert > Message-ID: > fvvs3degbckja06imy++knwmabga8-qge...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > I am having a problem getting a new SSL certificate to work. This web app > has been running successfully with SSL for several years. The current cert > expires in a few days so I used GENERATE ENCRYPTION KEYPAIR and GENERATE > CERTIFICATE REQUEST to generate a private key, public key, and certificate > request. The request was submitted to DigiCert (by a tech support > co-worker). The resulting file was renamed 'cert.pem' and the private key > was renamed 'key.pem' and placed in the folder with the structure. When I > try to start the app I get an error on the first line of the startup > routine; it lists the 'key.pem' file with the error 'Access denied'. I have > done all of this successfully before so I am stumped as to what is causing > the failure this time. The app works fine if I replace the new cert.pem and > key.pem files with the old ones (from Go Daddy). The app is running via 4D > Server 16R5 on Windows Server 2016. Normally it runs as a service via > FireDaemon. I have several other apps running with the same configuration > and with SSL certs that were generated the same way. > > Any ideas what the problem might be? Any help would be greatly appreciated. > > Thank you and Happy New Year to all, > Rebecca Bryant Williams > becca...@gmail.com > > > -- > Message: 3 > Date: Thu, 9 Jan 2020 08:46:53 -0600 > From: John DeSoi > To: 4D iNug Technical <4d_tech@lists.4d.com> > Subject: Re: problems with SSL cert > Message-ID: <2f4f5618-6c73-4455-9222-ff8c2ced3...@pgedit.com> > Content-Type: text/plain; charset=us-ascii > > > > On Jan 9, 2020, at 8:14 AM, Rebecca Bryant via 4D_Tech < > 4d_tech@lists.4d.com> wrote: > > > > When I > > try to start the app I get an error on the first line of the startup > > routine; it lists the 'key.pem' file with the error 'Access denied'. > > Compare the file permissions on the old key to the new key and make sure > they are the same. Not sure about Windows, but with Linux things sometimes > fail if file access is too permissive. Keys should generally be user only > access but maybe that is not the case here to run as a service. > > John DeSoi, Ph.D. > ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: problems with SSL cert
> On Jan 9, 2020, at 8:14 AM, Rebecca Bryant via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > When I > try to start the app I get an error on the first line of the startup > routine; it lists the 'key.pem' file with the error 'Access denied'. Compare the file permissions on the old key to the new key and make sure they are the same. Not sure about Windows, but with Linux things sometimes fail if file access is too permissive. Keys should generally be user only access but maybe that is not the case here to run as a service. John DeSoi, Ph.D. ** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
