I've tried a couple of ways to start MobiLink with a certificate from LetsEncrypt, but so far with no success. First I tried getting a certificate using this method: .\wacs.exe --store centralssl --centralsslstore C:\CentralSSL\which creates the certificate and stores it as C:\CentralSSL\mycertificate.pfx . Then I tried starting MobiLink with the -x option set to
-x HTTPS(host=172.254.35.101;port=443;identity=C:\CentralSSL\mycertificate.pfx)However, mlsrv17 fails to start, and gives the error
SQLANYm_balanceML: <main> [-10117] Stream Error: Error parsing certificate file, error code 0x00000000 So I tried converting the SQLANYm_balanceML: <main> [-10117] Stream Error: Error parsing certificate file, error code 0x0d0680a8 Then I tried another way, to get and install the certificate using this method .\wacs.exe --store certificatestore --certificatestore Mywhich creates the certificate in the Windows Certificate Store. However, I don't know how to tell MobiLink to use that version of the certificate. Is there a way to point the identity option to the Windows Certificate Store?
Has anyone ever tried this? Any advice? EDIT:
A bit more information - I discovered that the asked 31 May '19, 11:03 Terry Wilkinson |
Can you describe what you mean by "use a certificate from LetsEncrypt" ? LetsEncrypt is a Certificate Authority (CA). What is typically stored in the certificate store for a CA is the public certificate for that CA, which is used by clients connecting to a server, not the server itself. Typically, you'll create a certificate request, which consists of a public and private portion. The private portion is password protected, and you typically don't let anyone else see that. You send the public portion of your certificate request to a CA, they sign it, then return the signed certificate request to you. This signed public certificate request along with the private portion of your certificate request make up your identity file, which is what you need to provide to the ML Server, along with the password for your private certificate. Now, any MobiLink Client that wants to connect to the ML Server can do so as long as they have the public certificate for the CA that signed your request. I don't think exporting the LetsEncrypt certificate from the certificate store will get you a server-side certificate that you can use when starting the MobiLink Server. Reg answered 31 May '19, 13:36 Reg Domaratzki Thanks for your reply. I've been using LetsEncrypt for a number of years to create certificates for https with nginx under linux. Also, I have previously been able to use them with IIS under Windows. However, there is a new way to get them for Windows using the
(31 May '19, 15:56)
Terry Wilkinson
|
I don't know, either, but for secure web client procedures, you can specify "file=*" to access certificates from the OS store, as documented here. I don't know whether the same applies to MobiLink servers or SQL Anywhere web servers.
Following that suggestion, I tried
and got the error