Web Server certificate question

Andrew Stolarz stolarz at gmail.com
Tue Mar 24 11:49:44 EDT 2015


Jim,

Provided the cert is setup correctly, yes. Thats essentially same setup we
do for SSL certificates.

For testing purposes, I would create a basic standalone HTML file and run
it off the https server to ensure all OK before introducing Omnis into the
picture. (https://www.jimsdomain.com/test.html).


On a side note, Im going to assume port 5922 is the port for your omnis
application. Why would you need to expose that port ? We are using the
default Omnis server port 5912 and do not have that opened up on the
firewall. Its an internal port for communication between Omnis and the web
server itself.


Andrew


On 24 March 2015 at 11:40, Jim Pistrang <jim at jpcr.com> wrote:

> Hi Lou, Bruno, Andrew, others,
>
> I already have a trusted SSL certificate for jimsdomain.com installed on
> the server.  If I associate jimsdomain.com with the FIREWALL address will
> it all work?  In other words...
>
> 1) www.jimsdomain.com is mapped to the firewall IP address (12.345.67.89
> in my example below)
> 2) the url for the app is https:www.jimsdomain.com:5922/rfMyApp.htm>
> 3) port 5922 is routed to the server
> 3) the SSL certificate for www.jimsdomain.com is installed on the server
>
> Will this work?
>
> Thanks,
>
> Jim
>
> Lou said:
>
> >This is generally a constraint effected/controlled by the Certificate
> >Authority. Generally speaking, the FQDN must match precisely the CN
> >(Common Name) of the issued (sub-) certificate. You'd likely want to
> >issue a server cert of the format myserver.JimsDomain.com. It's a common
> >that a directly IP-addressed server would get choked on.
> >
> >This is all controlled by the 'rules' your issuing CA builds into its
> >signing process - as well as any you determine, if you're issuing your
> >own certs - as we do.
>
> Bruno said:
> >Server certificates are bound to a single dns name. Thus, ip adresses,
> >localhost or any nickname you might use to call
> >your server wil get you the same warning.
>
> Andrew said:
> >You need to generate a Certificate Signing Request (CSR) from the mac you
> >are going to install on.
> >
> >It will then spit out a file and you need to submit the contents to your
> >SSL provider, which when then send you a file back that you install on the
> >server.
> >
> >
> >It seems like you did not generate the CSR on the machine, and or you do
> >not have a dedicated IP address for a SSL certificate.
>
>
> >
> >----- Original Message -----
> >
> >From: "Jim Pistrang" <jim at jpcr.com>
> >To: "Omnis List Mail" <omnisdev-en at lists.omnis-dev.com>
> >Sent: Tuesday, March 24, 2015 10:50:52 AM
> >Subject: Web Server certificate question
> >
> >Hi all,
> >
> >This isn't exactly an Omnis question, but it is related. Hope someone
> >can help.
> >
> >I have an Omnis Javascript application running on a client site. The app
> >is running on a Mac OS X Server inside their firewall. The app can be
> >run from outside their firewall via a secure port in their firewall.
> >When I do this, the url looks like this:
> ><https://12.345.67.89:5922/rfMyApp.htm>
> >In the above example, 12.345.67.89 is the IP address of the firewall,
> >and port 5922 is a secure port opened to the server. Apache is listening
> >on this port.
> >
> >This all works perfectly well, except that users get a warning saying
> >that the site may not be secure. My client has asked that I purchase a
> >trusted certificate for the site. I have done the following:
> >
> >1) Gave the server a host name of jimsdomain.com
> >2) Registered jimsdomain.com and purchased a trusted certificate. [note:
> >the domain name is not associated with an IP address]
> >3) Added the certificate in Server Manager on the server, and it shows
> >up as valid
> >
> >BUT - I still get warning messages in my browser when I access the app,
> >since the url that I type in <https://12.345.67.89:5922/rfMyApp.htm>
> >does not match the certificate name 'jimsdomain.com'
> >
> >Is there a way to do this? Do I need to install a certificate on the
> >firewall?
> >
> >Jim
> >
> >--
> >Jim Pistrang
> >JP Computer Resources
> >413-256-4569
> ><http://www.jpcr.com>
> >
> >
> >_____________________________________________________________
> >Manage your list subscriptions at http://lists.omnis-dev.com
> >
> >_____________________________________________________________
> >Manage your list subscriptions at http://lists.omnis-dev.com
> >
>
> --
> Jim Pistrang
> JP Computer Resources
> 413-256-4569
> <http://www.jpcr.com>
>
>
> _____________________________________________________________
> Manage your list subscriptions at http://lists.omnis-dev.com
>



More information about the omnisdev-en mailing list