[ACP-1613]  Support SSL on the web server
Type New Feature
Priority High
Severity Minor
Component Web Server and ASP engine
Fixed In Version [8.28.2
Versions Affected [8.1b8.1b
Severity Closed
Resolution Complete
Reported By Bob Denny
Resources Bob Denny
Start Date 7/18/2018

Description 
Add support for SSL/HTTPS connections. The biggest pain will be the management of certificates.

Comments
1/13/2019 5:25:41 PM   Bob Denny 
This is it!
1/13/2019 5:18:58 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1181
 

 

  Affected files
  /trunk/ACP Help/ASP/ASP.chm (Modified)
/trunk/ACP Help/ASP/devdoc/good/iishelp/iis/htm/asp/introbj_5vsj.htm (Modified)
/trunk/ACP Help/ASP.chm (Modified)
/trunk/ASPRequest.cls (Modified)
/trunk/doc/ASP.chm (Modified)

 

 

  Check-in comment
  The ASP.Request.ServerVariables "HTTPS" variable now reports ON for SSL/TLS and OFF for unsecure. Update ASP documentation for this as well.
GEM:1613
8/8/2018 9:15:47 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1117
 

 

  Affected files
  /trunk/regperms.txt (Modified)

 

 

  Check-in comment
  There are two regini input files and both need the new SSLServer section in the registry.
GEM:1613
8/8/2018 8:28:09 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1116
 

 

  Affected files
  /trunk/regperms.txt (Modified)
/trunk/regpermsinst.txt (Modified)

 

 

  Check-in comment
  Registry permissions for new SSLServer key added to both regini input files
GEM:1613
7/22/2018 1:47:15 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1111
 

 

  Affected files
  /trunk/ACP Help/ssl_security.htm (Modified)

 

 

  Check-in comment
  Dang forgot to save this before committing.
GEM:1613
7/22/2018 1:36:48 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1110
 

 

  Affected files
  /trunk/ACP Help/images/ClarityAlertCheckboxes.png (Added)
/trunk/ACP Help/images/How-SSL-Certificates-Work-sm.png (Added)
/trunk/ACP Help/images/How-SSL-Certificates-Work.jpg (Added)
/trunk/ACP Help/images/certpath.png (Added)
/trunk/ACP Help/images/chrome-expired-sm.png (Added)
/trunk/ACP Help/images/chrome-expired.png (Added)
/trunk/ACP Help/images/chrome-untrusted-sm.png (Added)
/trunk/ACP Help/images/chrome-untrusted.png (Added)
/trunk/ACP Help/ssl_security.htm (Modified)

 

 

  Check-in comment
  Continuing SSL documentation. 
GEM:1613
7/21/2018 6:10:03 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1109
 

 

  Affected files
  /trunk/ACP Help/ssl_security.htm (Modified)
/trunk/WebDocs/.well-known (Added)
/trunk/WebDocs/.well-known/acme-challenge (Added)
/trunk/WebDocs/.well-known/acme-challenge/placeholder.txt (Added)

 

 

  Check-in comment
  Continue to document SSL and certificate making. Add the ACME folders to WebDocs for installation.
GEM:1613
7/21/2018 4:39:09 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1108
 

 

  Affected files
  /trunk/ACP Help/ssl_security.htm (Modified)
/trunk/frmWebServer.frm (Modified)
/trunk/main.frm (Modified)

 

 

  Check-in comment
  Checkpoint. Cert can now be in either Local Machine or Current User. Failure to find cert is now "nice", it pops up an error then just starts without SSL. Change the light from SSL to SEC. Start documenting this feature. 
GEM:1613
7/21/2018 3:51:22 PM   Bob Denny 
ACME feature added and tested. Start documentation. Also, add feature where the cert may be in either the Current User or Local Machine store. The latter is correct but the Certificate Manager can't seem to import PFX into Local Machine, only Current User. Yes, you can drag the CA Certs and server cert over to Local Machine, but I'm thinking I'll encounter less pain if Current User is OK too. Too bad if they log off Windows, log in a someone else, and then SSL stops working. Maybe I should show a warning of some sort?
7/20/2018 8:19:34 PM   Bob Denny 
Need to add support for ACME domain verification so that CAs can validate the domain without needing a username/password to get to the ACME verification file.
7/20/2018 6:46:47 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1107
 

 

  Affected files
  /trunk/ACP Help/allsky.htm (Added)
/trunk/ACP Help/fits-fields.htm (Added)
/trunk/ACP Help/relnotes.htm (Modified)
/trunk/ACP Help/ssl_security.htm (Added)
/trunk/Main.bas (Modified)
/trunk/frmPrefs.frm (Modified)
/trunk/frmPrefs.frx (Modified)
/trunk/frmWebServer.frm (Modified)
/trunk/main.frm (Modified)

 

 

  Check-in comment
  More work on SSL, actually this looks complete including the UI. Note that the certificate is now pulled from Local Machine under Personal (local). HELP IS NOT DONE. Also a few stray files from ACP help that I noticed hadn't been committed in the past.

GEM:1613
7/19/2018 7:19:11 PM   Bob Denny
7/19/2018 7:17:11 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1106
 

 

  Affected files
  /trunk/ACP.vbp (Modified)
/trunk/Main.bas (Modified)
/trunk/Weather.cls (Modified)
/trunk/frmPrefs.frm (Modified)
/trunk/frmWebServer.frm (Modified)
/trunk/frmWebServer.frx (Modified)
/trunk/main.frm (Modified)

 

 

  Check-in comment
  SSL Lives! The Preferences dialog and frmMain code is done, including the globals for UI responsiveness. All that's left is the stuff in frmWebServer to wire up to the globals and flash the SSL light when SSL requests are handles. 
GEM:1613
7/19/2018 6:43:49 PM   Bob Denny 
Dart V9 upgrade complete, Tested with hardwired certificate and port 443, IT WORKS!! I had to disable the VMWare_hostD which was using port 443 though.
7/19/2018 3:55:46 PM   Bob Denny 

 

  SVN Comment
 

 

  Author
  rbdenny
 

 

  Repository
  svn+ssh://rbdenny@a2_svn_dc3/home/rbdenny/svn/astro/acp
 

 

  SVN Revision
  1105
 

 

  Affected files
  /trunk/frmWebServer.frm (Modified)

 

 

  Check-in comment
  Changes to web server support logic for SSL. UNTESTED.
GEM:1613
7/19/2018 3:55:02 PM   Bob Denny 
Spent the morning removing the old Dart V8 and preparing for Dart V9 (latest). I also generated a keypair, got a certificate from SSL.COM and installed it into the MS Cert Store. It is showing for "server authentication". I talked to Dart and they told me that the components use the MS CryptoAPI and the certificate store.