Erron on register app with https - Web Server *PRO* Questions and Bug Reports

Welcome Guest! To enable all features please Login or Register.

Notification

Error

UltiDev Forum » UltiDev Web Server Pro » Web Server *PRO* Questions and Bug Reports » Erron on register app with https

Erron on register app with https

Options

Previous Topic Next Topic

Guest		#1 Posted : Thursday, October 4, 2012 3:46:00 PM(UTC)
Groups: Joined: 11/1/2005(UTC) Posts: 278		Hello UltiDev Team, I tried to register an app by command line with one https endpoint. the registration fails and the error message says: If 'sslipaddress' is not specified, then the endpoint can not be 'https'. Is there a way to specify the sslipaddress?
Back to top

Ultidev Team		#2 Posted : Friday, October 5, 2012 10:36:20 AM(UTC)
Groups: Administration Joined: 11/3/2005(UTC) Posts: 2,253 Thanks: 28 times Was thanked: 60 time(s) in 59 post(s)		Hi! SSL endpoints cannot be registered programmatically. We are sorry for the confusing error message. Were you also trying to install SSL certificate along with your application when it registers itself with UWS? The reason for not allowing automatic SSL installation is because it also involves specifying SSL certificate, and if certificate is installed along with a web application, it probably means that this certificate is not really secure as it probably was imported, or self-signed. Best regards, UltiDev Team. Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top		WWW

User Profile View All Posts by User View Thanks

Guest		#4 Posted : Monday, October 8, 2012 2:13:19 AM(UTC)
Groups: Joined: 11/1/2005(UTC) Posts: 278		Thanks, yes i tried to install a certificate with the application. I also modified successfully the UWS.Configuration.xml after registration. Now the endpoint is shown in the HTTPS/SSL Listen Addresses list of the installed application. But the binding is still missing. Is there a workaround to bind a certificate to this endpoint after register the app?
Back to top

Ultidev Team		#5 Posted : Monday, October 8, 2012 9:43:44 AM(UTC)
Groups: Administration Joined: 11/3/2005(UTC) Posts: 2,253 Thanks: 28 times Was thanked: 60 time(s) in 59 post(s)		Hi there! The short answer is not really. There is a lot more to application registration than modifying UWS.Configuration.xml and bindings. We have not exposed programmatic way of adding SSL endpoints on purpose: because doing so invariably leaves application installers deploying non-secure (self-signed or private-key replicated) server certificates, thus making our product vulnerable to being black-listed and a security threat. Since our web server is used by hundreds of thousands of users, we can't expose ourselves to these charges. Also, please note that a security audit is likely to fail your practice of installing a certificate during installation, unless there is a process of generating a non-exportable private key locally, and then signing the cert automatically via public Certification Authority. In short, having SSL does not make anything secure unless there are sound practices ensuring that cert's private key stays private and is reliably linked to the identity of its owner. Best regards, UltiDev Team. Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top		WWW \| Edit by user

User Profile View All Posts by User View Thanks

Guest		#6 Posted : Monday, October 15, 2012 1:37:36 AM(UTC)
Groups: Joined: 11/1/2005(UTC) Posts: 278		Hi, can you tell me what is "a lot more" in detail. The https endpoint and the binding to a certificate works great and the App Explorer recognizes it automatically. But the application is still not online after registration. It is very important for our customers to register that application without any user action.
Back to top

Ultidev Team		#7 Posted : Monday, October 15, 2012 9:51:23 AM(UTC)
Groups: Administration Joined: 11/3/2005(UTC) Posts: 2,253 Thanks: 28 times Was thanked: 60 time(s) in 59 post(s)		Hello, We are sorry, but we won't be able to help you here. We don't facilitate automatic registration of SSL endpoints because they are inherently not secure if bound to an imported certificate or a self-signed certificate. In both cases server's identity cannot be guaranteed, rendering encryption pointless. If you could present a flow where server certificate can be placed on the server machine during automated application installation in the way that the cert represents server's true identity, we will be happy to implement programmatic SSL endpoint registration in the next build of UWS. Best regards, UltiDev Team. Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top		WWW \| Edit by user

User Profile View All Posts by User View Thanks

Rss Feed

Atom Feed

Users browsing this topic
Guest (6)

UltiDev Forum » UltiDev Web Server Pro » Web Server *PRO* Questions and Bug Reports » Erron on register app with https

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.