rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: nicolaerbacci on March 31, 2020, 01:02:43 PM
-
Hello everyone! I can't understand why I am not accepted the SSL certificate, does anyone understand me more?
NET::ERR_CERT_AUTHORITY_INVALID
(https://drive.google.com/open?id=1whe1xulAmEs14Cjhcwyt1xdLNEH39eey)
(https://drive.google.com/file/d/1T4iDlOYlQUz1AKAQaKwStltVH2zss72c/view?usp=sharing)
-----BEGIN CERTIFICATE-----
MIIEMTCCAxmgAwIBAgIJAJeF9+9BqV54MA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
+G
MB8GA1UdIwQYMBaAFAyIJNN9kOsIZ8TyHqsrotuipt+GMA0GCSqGSIb3DQEBCwUA
A4IBAQAb8CfizhBlm3EAqJ2pZjwUIZ+uE86n98nYAFfAYVZzgv partially removed by silentpliz.
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+Yz+KRIwXBxSK
partially removed by silentpliz.
-
Welcome nicolaerbacci.
Showing the content of the certificate is useless, and forces you to make another one because it can be copied on the forum.
The certificate error is normal, if, you've created this certificate yourself (self-signed).
The important thing is to know if you can to access on your server by forcing the browser to ignore this warning.
Tell us more if you want to be helped more effectively.
-
I thank you for the answer,
if forcing it works, I will have to insert the https links in another process, so unfortunately I cannot force reading the certificate to the program that will read them,
in summary, is it possible to use another type of certificate that work good?
I had done a test with certificate manager (of aws), I had generated one ca, but it was in error, can you tell me if I was on the right track?
Thanks again, Nicola
-
@NicolaErbacci: It would be nice if we could use 'Let's Encrypt', but as far I know, it's not possible at the moment... :-\
@SilentPliz: I haven't investigated enough, but I have this question for you: can be possible to implement a way to generate certificates for 'Let's Encrypt', directly (without external tools) from your TLS version of HFS (https://rejetto.com/forum/index.php?topic=10242.0)?. If you can 'somehow' integrate this, we could generate certificates that would be valid on all browsers. In case you decide someday to implement this, it would be nice to still have both options: generating self-certificates (like it currently does), and also 'Let's Encrypt' certificates.
I've searched on Google (https://www.google.com/search?q=Install+Let%27s+Encrypt+on+custom+HTTP+Server+%22Windows%22&hl=en), and most tutorials (http://woshub.com/howto-install-free-lets-encrypt-ssl-cert-on-iis/) or tools (like this (https://github.com/icing/mod_md), this (https://github.com/win-acme/win-acme) or this (https://github.com/sjkp/letsencrypt-win-simple)) are for 'Windows Server IIS' or 'Apache', but I can't find a universal tool that could be usefull for HFS. The most interesting results from my search on Google, are SSLforFree.com (https://www.sslforfree.com/), CertifyTheWeb.com (https://certifytheweb.com/), GetHTTPSforFree.com (https://gethttpsforfree.com/) and THIS (https://letsencrypt.org/es/docs/client-options/#clients-windows-/-iis) informational page (I don't know if any of those are useful to HFS).
You understand more than me how certificates are generated, but I've read (https://community.letsencrypt.org/t/how-to-use-letsencrypt-on-basic-webhosting-without-ssh-access/4608) that LetsEncrypt.org has (https://www.google.com/search?q=%22HTTP+Server%22+%22Windows%22+%22.api.letsencrypt.org%22&hl=en) an API (https://acme-v01.api.letsencrypt.org/directory), that perhaps it could help you to add this. As a side note, I must say that I don't need this (so, don't take this as a request). :)
Cheers,
Leo.-
-
@Nicola
By reading you, I'm not sure, that your question concerns the configuration of HFS and Stunnel.
If I'm wrong, explain in more details what is wrong: settings etc ...
If it's a question regarding an another program, it's perhaps better to address on a forum dealing with this program.
With the information you give, I don't know if you're on the right track or the wrong one.
@leo
Thanks for the links, I'll watch ... 8)
I'm not currently in a position to do feasibility tests; I don't even know if it's possible with hfs.
The answer will probably not be gived quickly ... but it interests me, and as soon as possible, I study the question.
;)
-
I had done a test with certificate manager (of aws), I had generated one ca, but it was in error, can you tell me if I was on the right track?
@NicolaErbacci: I did a search (https://www.google.com/search?q=%22Certificate+manager%22+%22AWS%22+%22Self-Signed%22&hl=en), and I've found THIS (https://medium.com/@chamilad/adding-a-self-signed-ssl-certificate-to-aws-acm-88a123a04301) guide on how 'Adding a Self-Signed SSL Certificate to AWS Certificate Manager'. I've also found a comment HERE (https://stackoverflow.com/q/53469399/#comment93820384_53469399) on a StackOverFlow question, that perhaps could help you. I haven't tested, so I'm not sure if this will be usefull or not. Are you running HFS on your PC or 'on the cloud' on an Amazon Web Services (AWS) server?...
@SilentPliz: Cool 8) don't worry, take all the time you need to study the documents of 'Let's Encrypt' and see if this can be implemented or not. I know this could be not as easy as it sound (from what I've read, it seems to be very complex). Since you use OpenSSL + Stunnel, I did another search (https://www.google.com/search?q=%22openssl.exe%22+%22Let%27s+Encrypt%22&hl=en) on Google, and found someone HERE (http://wp.xin.at/archives/4462) who was using a similar configuration, but ended using a Perl tool (https://github.com/do-know/Crypt-LE) to handle the ACME v2 protocol, and this looks promising. I also found HERE (https://medium.com/@mcilis/how-to-create-free-ssl-certificates-for-windows-server-using-lets-encrypt-86c929a816ef) another tutorial guide of someone using OpenSSL.exe but only to create a .pfx file, but sadly depends on the website SSLforFree.com (https://www.sslforfree.com/) to do generate the 'private.key' (so, they’ll be issuing your private key for you on their servers, something that's not recommended). Like I've said, all this seems very complex, so, I don't have much hope that it will be possible to implement... :-[ :-\
Cheers,
Leo.-