ROQUES Guillaume wrote: >> Do you ask for how to get a ICS TSslHttpServer working with a bought >> server certificate? > Yes, and if I need to convert p7b's certificate or not ? >> Open the MyCertificate.pem in a text editor that understands UNIX >> line breaks. Does MyCertificate.pem include multiple certificates? >> With a bought commercial certificate there should be at least 2 >> certificates included in MyCertificate.pem. >> Make sure that the order of these certificates is correct. >> First has to be the server certificate followed by possible >> intermediate certificates followed by the root CA certificate.
> That's right, I found 3 certificates : 1 for the domain name > *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for > GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- Arno Garrels > > Gratefully, > > Guillaume ROQUES > <http://www.canyon.fr/> > > Le 20:59, Arno Garrels a écrit : >> ROQUES Guillaume wrote: >>>> That's confusing description. Did he buy a SSL server certificate >>>> in order to access your server? Or are you talking about client >>>> certificates? >> >>> The customer already have a SSL certificate on his domain, so he >>> want that my HttpServer use SSL with this certificate. >> Do you ask for how to get a ICS TSslHttpServer working with a bought >> server certificate? >> >>>> Please provide more details about how you setup the component to >>>> use your the certificates. What HTTP client application is used? >>> Here is my initialization : >>>> interface >>>> [...] >>>> >>>> TMyService =lass(TService) >>>> SslHttpServer: TSslHttpServer; >>>> TWSslAvlSessionCache: TSslAvlSessionCache; >>>> TWSslContext: TSslContext; >>>> [...] >>>> end; >>>> >>>> implementation >>>> [...] >>>> >>>> procedure TMyService.ServiceStart(Sender: TService; var Started: >>>> Boolean); begin >>>> [...] >>>> >>>> SslCertFile :=Path + 'MyCertificate.pem'; >>>> SslPassPhrase :='; >>>> SslPrivKeyFile :=Path + 'MyCertificate.pem'; >>>> SslCAFile :=Path + 'MyCertificate.pem'; >>>> SslCAPath :=Path; >>>> SslVerifyPeer :=alse; >>>> >>>> // Pre-loads OpenSSL DLL's >>>> TWSslContext.InitContext; >>>> DoLog('OpenSslVersion : ' + OpenSslVersion); >>>> DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn >>>> + #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir); >>>> SslHttpServer.Start; >>>> end; >> >> Open the MyCertificate.pem in a text editor that understands UNIX >> line breaks. Does MyCertificate.pem include multiple certificates? >> With a bought commercial certificate there should be at least 2 >> certificates included in MyCertificate.pem. >> Make sure that the order of these certificates is correct. >> First has to be the server certificate followed by possible >> intermediate certificates followed by the root CA certificate. >> >> -- >> Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
