NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: David on November 14, 2018, 12:22:10 PM
-
NT 11.01, LetsEncrypt
I've installed Visual Studio 2017 (x86) runtime. In reading the NT documentation Msvcr120.dll has a line through it which makes me believe I no longer need it since I installed VS 2017 runtime. Note, the installed VS runtime is not in my program folder but wherever the installer put it. I'm not sure where to go from here.
If I delete Msvcr120.dll then I get the following error:
[st] [netTalk][thread=1] NetSimple.ErrorTrap -73 Unable to Listen on TCP Port 443 NetSimple(Server).Open
With Msvcr120.dll in the program folder I get the following error and my site will not load:
SSL_Our_ServerListen : SSL Error. Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\myapp\certificates\localhost.crt] returns 0
-
Hi David,
>> If I delete Msvcr120.dll then I get the following error:
>> [st] [netTalk][thread=1] NetSimple.ErrorTrap -73 Unable to Listen on TCP Port 443 NetSimple(Server).Open
Perhaps you did not deploy the current CLANET.DLL? the error above _suggests_ you are still using MSVCR120 - which it should certainly not need anymore. So either the new CLANET.DLL or perhaps the new libcrypto-1_1.dll / libssl-1_1.dll was not deployed. (the version on both of those should be 1.1.1.0 )
>> SSL_Our_ServerListen : SSL Error.
>> Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\myapp\certificates\localhost.crt] returns 0
You've presumably set your certificates folder to be
C:\myapp\certificates\
I'm also assuming you set a domain to localhost? So as to generate a local certificate (not a LetsEncrypt one?) did it get generated? Is OpenSSL.Exe in your app folder?
There should be 2 files in the C:\myapp\certificates folder - localhost.crt and localhost.key. Are the files there? If you open them in notepad do they look correct?
Cheers
Bruce
-
I reinstalled NetTalk 11.01 just to be sure.
Looking at the properties of the files in C:\Clarion11\accessory\bin
OpenSSL.exe - dated 8/14/2018, there is no version number
CLANET.DLL - dated 11/9/2018, there is no version number
libcrypto-1_1.dll - 1.1.0.9
libssl-1_1.dll - 1.1.0.9
So it looks like I don't have the new versions of libcrypto or libssl. Is there another place the new files are installed other than the accessory\bin folder?
-
Hi David,
Indeed the files in the install are old. I've fixed that for the 11.02 build (out later today).
-
NT 11.02 fixed the load error with MSVCR120. However, I'm still getting an error when configuring a secure site. The error I am getting is:
[4776] SSL_Our_ServerListen : SSL Error. Could not load Certificate File. rl_SSL_CTX_use_certificate_chain_file [C:\pnpStorage\certificates\localhost.crt] returns 0
My NT settings do not reference localhost anywhere. I did a text search through the generated files in my code folder and accessories\libsrc & templates and there is no reference to localhost. The localhost.crt file is not in the Certificates folder.
If I delete all certificate information, check "Testing", and Click certificates I get a test certificate and I can browse my website on port 443. I do get a certificate is invalid message which I expect. If I uncheck "Testing" and restart my web server I get the localhost.crt error. If I then check "Testing", Certificates I am again able to browse the website with an invalid certificate. Below are my ServerSettings
-<ServerSettings>
<set.secureport>443</set.secureport>
<set.insecureport>80</set.insecureport>
<set.accountname>pnpStorage.com</set.accountname>
<set.domains>www.pnpStorage.com</set.domains>
<set.certificatesfolder>C:\pnpStorage\certificates</set.certificatesfolder>
<set.lastcertificatecheckdate>79585</set.lastcertificatecheckdate>
<set.staging>1</set.staging>
<set.webfolder>C:\pnpStorage\web</set.webfolder>
<set.acmefolder>C:\pnpStorage\web</set.acmefolder>
<set.bindtoipaddress>192.168.10.211</set.bindtoipaddress>
<set.sessiontimeout>90001</set.sessiontimeout>
<set.xframeoptions>sameorigin</set.xframeoptions>
<set.accesscontrolalloworigin/>
<set.stricttransportsecurity/>
<set.contentsecuritypolicy/>
<set.contentsecuritypolicyreportonly/>
<set.referrerpolicy>strict-origin-when-cross-origin</set.referrerpolicy>
</ServerSettings>
-
Figured it out!!
In the ThisWebServer Template the Host Names (CSL) was set to 'localhost'. No idea how that happened but once I changed it back to Set:Domains all was good.