Author Topic: Creating self-signed certificates for PCS  (Read 14126 times)

Eve

  • EA Administrator
  • EA Guru
  • *****
  • Posts: 7611
  • Karma: +96/-18
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #30 on: October 08, 2021, 09:27:32 am »
1) For PCS, if certificates have to be issued by a certifying authority, it is best to generate the CSR request using OpenSSL. It is not a recommendation, it is the only way to do it.
That would be an insane deficiency for every other TLS/SSL library if that was the case.

But I'm glad you've got it working.
Eve

support@sparxsystems.com

Modesto Vega

  • EA User
  • **
  • Posts: 639
  • Karma: +18/-8
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #31 on: October 11, 2021, 07:01:37 pm »
1) For PCS, if certificates have to be issued by a certifying authority, it is best to generate the CSR request using OpenSSL. It is not a recommendation, it is the only way to do it.
That would be an insane deficiency for every other TLS/SSL library if that was the case.

But I'm glad you've got it working.
I agree, it is insane that the only practical way (please notice the emphasis) to get PCS configured to use https is by using OpenSSL to generate the requests or to generate self-signed certificates. This is why Sparx Systems needs to either improve the documentation or their product offering.

P.S.: There could be other ways to get PCS configured over https but since they are undocumented, it is essentially a painful trial and error process.

timoc

  • EA User
  • **
  • Posts: 176
  • Karma: +11/-0
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #32 on: November 06, 2021, 03:52:48 am »
[SYSTEM]:  Thread 7  SUCCESS Bound and listening on soap port 443 (https)
[SYSTEM]:  Thread 6  SUCCESS Bound and listening on soap port 805 (https)
There is no problem with your server certificate as far as PCS is concerned. That effectively means every attempt at help to this point has been going  in the wrong direction.

I am seeing is this (with PCS 5.x Beta)
Quote
2021-11-05 16:26:45 [DEBUG]:   Thread 5  Created secure server on soap port 1805 (https)
2021-11-05 16:26:45 [DEBUG]:   Thread 5  ATTEMPT Bind and listen on soap port 1805
2021-11-05 16:26:45 [DEBUG]:   Thread 5  WARNING Failed to bind and listen on soap port 1805
2021-11-05 16:26:45 [SYSTEM]:  Thread 5  No longer listening on soap port 1805.

So, just to be clear - if you do not get a SUCCESS message for bind, then there is a problem with the certificate provided in the server.pem?

If so, That is not at all obvious from the trace level log information, or documentation. If not, then how do i diagnose this problem?

Eve

  • EA Administrator
  • EA Guru
  • *****
  • Posts: 7611
  • Karma: +96/-18
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #33 on: November 08, 2021, 08:25:01 am »
No. It could fail for any number of reasons.

I'd try changing the config so that port isn't secure. If it still fails it's nothing to do with the certificate.

The next thing that comes to mind is anything else listening on port 1805 on your system?
Eve

support@sparxsystems.com

timoc

  • EA User
  • **
  • Posts: 176
  • Karma: +11/-0
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #34 on: November 10, 2021, 04:40:07 am »
No. It could fail for any number of reasons.

I'd try changing the config so that port isn't secure. If it still fails it's nothing to do with the certificate.

The next thing that comes to mind is anything else listening on port 1805 on your system?
PCS4 logs an error when it tries to bind to an allocated port, i expect PCS5 to do the same.
Turns out it is not ssl related. Created a new thread for the specifics.



ddrakos

  • EA Novice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Creating self-signed certificates for PCS
« Reply #35 on: November 28, 2021, 08:36:24 pm »
Hi,

I think that lego commad line client could help you to automate certificate issuing.

https://docs.gsd.pl/ssl/letsencrypt/

Another option could be https://certifytheweb.com/

I have been using these tools with PCS, WebEA (Apache) and Prolaborate (IIS) for about 4 years.

Regards
Drakos