SSL Certificate Issues

[Sean]

Hi,

It looks like the SSL certificate that gets generated is only for a local domain.

In my case, the certificate being generated is for test.local.com. I need to access plastic over test.MyDomainName.com.

Is there a way to change the SSL certificate to have the correct name? Or is there a way to obtain the password so I can perhaps install the certificate on the local client machine?

Regards,

Sean

[dave]

Hi Sean,

the Plastic SCM server reads the hostname of the machine to generate the default certificate, but you can generate your own certificate with the domain you want.

This doc explains the process to get and install a certificate from a certificate authority in the Plastic SCM server:

http://www.plasticscm.com/releases/4.0/PlasticSCM_CA_Certificates.pdf

It means that you can also use the certificate of a web server for that domain with Plastic SCM.

Of course, if you don't want to buy a commercial certificate, you can always generate it yourself. This site may be a good resource:

http://www.flatmtn.com/article/setting-openssl-create-certificates

Hope it helps!

Cheers,

David

[Sean]

HI David,

Thanks for your help. Do you happen to know if the .pfx certificate is the only format that Plastic 4 will take? I noticed that Plastic 3 can be configured to use a .cert file which is what i've tried by the server kept crashing on startup after I modified the remoting.conf file.

Regards,

Sean

[Sean]

OK so don't worry about the post above. I got it working.

Now i'm getting an error though saying "the authentication or decryption has faled.: myserveraddress:443"

Any idea's?

[dave]

Hi,

I think you are using the makecert format from 3.0, right? In 4.0, the officially supported certificate format is PKCS#12 (normally .pfx files).

That said, the makecert format is still there. This old post details how to configure it:

http://www.plasticscm.com/infocenter/technical-articles/kb-how-to-configure-plastic-scm-with-ssl-connectivity.aspx

My recommendation, anyway, would be to move to PKCS#12 certificates, since this is a widely used standard and the future of SSL in Plastic SCM, versus the makecert format because it is meant mainly for development environments (SSL was not officially supported in 3.0)

If you are using already the .pfx file as described in the guide I posted above, can you please post here your remoting.conf file in the client and server folders?

Cheers,

David

[Sean]

Hi Dave,

Sorry I have taken so long to reply. I haven't had time to look into this issue again until now.

Yes I was using the old method but I was converting it to PKCS#12 via the method outlined here http://www.source-code.biz/snippets/vbasic/3.htm. Using this method I get the authentication or decryption has failed error.

I've also just tried creating a certificate via Linux but I can't seem to get it working either.

Do you happen to have the commands to create the certificate via Linux using openssl so I can make sure I'm doing the right thing?

Regards,

Sean

[Sean]

Hi There,

Not to worry. It's all fixed up now.

For future reference to anyone else who might need to do this. I used openssl on Ubuntu to run the following which gave me my .pfx file.

To make certificate

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout cert-name.pem -out cert-name.pem

Convert to PKCS#12

openssl pkcs12 -export -out cert-name.pfx -in cert-name.pem -name "My Cert File"

Regards,

Sean

[manu]

Thank you for post your solution!