Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application
Added by Rene A over 9 years ago
Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with OPENSSL libs. Where do I get the libs for windons buils and what command params to pass in my wt application.
Please help.
Replies (6)
RE: Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application - Added by Wim Dumon over 9 years ago
Hey Rene,
See also our FAQ: http://redmine.emweb.be/projects/wt/wiki/Frequently_Asked_Questions#Q-How-do-I-use-the-built-in-HTTPS-server-in-wthttpd
From the top of my head, ---ssl-certificate requires a file containing all the public certificates of the entire certificate chain of your server. ---ssl-private-key contains your private key. Both should be in PEM format. The third required parameter is ---ssl-tmp-dh=..., which should point to some diffie-hellman parameter file (which you can generate yourself, see FAQ).
Wt requires to be built with openssl support in order to support SSL. The binary wt for windows builds are built with openssl support.
Alternatively, you can configure a reverse proxy in front of your Wt server which terminates the encription, and forward the connection over the loopback interface.
Best regards,
Wim.
RE: Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application - Added by Mark Petryk over 9 years ago
Rene,
I have started to set up a documentation site for Wt and my various projects. I started to document the SSL steps here;
http://wt.lorimarksolutions.com/ssl/howto.html
Not sure if that answers the question you were asking.
RE: Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application - Added by Rene A over 9 years ago
Thanks for the reply Wim.
Certficates files I received from my web hosting support have different extensions. The ones I listed .ca .cer .key.
I am alos trying to generate a .pem file for option ---ssl-tmp-dh. The wt server is throwing an exception as it need the file for ---ssl-tmp-dh ("use_tmp_dh_file: no start line")
RE: Need help setting up SSL - Added by Mark Petryk over 9 years ago
To generate the diffie hellman file, try executing something like this;
openssl dhparam -out dh2048.pem 2048
I got that from this site;
The .ca and .cer files you probably got from your certificate authority, and the .key file should have been something that was generated on your machine only, at the initial step of creating the certificate request. The key to the .key file (pardon the double entendre) is that it is your private key file, and you should generate it on your equipment and never let it fall in to the hands of anyone else.
Try combining your .ca and .cer files in to a single file;
cat file1.ca file2.cer > mysite.com.crt
Then use that .crt file in your start-up.
If you want some support 1-on-1 give me a call;
RE: Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application - Added by Rene A over 9 years ago
Thanks Mark and Wim for taking your precious time to help by answering my question. By the end, following the leads you gave I am now abble to get https working live with my Wt server.
RE: Need help setting up SSL. I have three file .ca .cer .key. I am not even sure my wt app is build with openssl libs. Where do I get the libs for windons buils and what command params to pass in my wt application - Added by Mark Petryk over 9 years ago
That's outstanding.
If you found that you obtained information that we did not provide, would you consider posting your details here? I am trying to accumulate complete documentation notes to help others (and myself) with these seldom executed tasks.
~mark