Table of Contents
Valentina Server, starting from 2.5 release, is able to make secure SSL connections with Valentina Clients.
Credits: This feature is implemented with the help of OpenSSL library http://www.openssl.org
Server-Side Steps To Use SSL
To enable this feature on the server side you need specify in the INI-file the SLL port which Valentina Server will listen for secure connections. On default this port is zero.
You can allow your VServer to listen to two ports at a time: a secure port and a non-secure port. Or you can specify only one of these ports.
Private Key and Certificate
SSL feature require on server side private key and certificate (can be “self-assigned”). Valentina Server installer installs default demo keys, and the INI-file point them. So as only you have specify SSL port you can start do SSL connections.
But please note, that you should not distribute these keys to your customers. You need generate new keys unique for your application/solution.
Client-Side Steps To Use SSL
On the client side, to establish a SSL connection with the Valentina Server, you need to use the SSL port number that VServer listens as SSL port and you need specify VConnection to be SSL as shown in the following example:
VConnection vconn = new VConnection( "localhost", "sa", "sa", port_ssl ) vconn.UseSSL() vconn.open()
Compare to non-ssl connection
VConnection vconn = new VConnection( host, user, passw, port ) vconn.Open()
Note, that a Valentina Client is able to establish several simultaneous connections to the same Valentina Server or to different Valentina Servers. Some of these connections can be SSL, but some not.
Example: How to create and use self-signed certificate
- Generate RSA private key. Generating a key for the RSA algorithm is quite easy, all you have to do is the following:
openssl genrsa -out privkey.pem 2048
The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is consider insecure or to be insecure pretty soon. So you get privkey.pem in the current folder.
- Creating a self-signed test certificate. If you don't want to deal with another certificate authority, or just want to create a test certificate for yourself:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
So you get cacert.pem in the current folder.
- Copy both certificate and key to the vServer folder and change vServer INI settings:
See: http://www.openssl.org/docs/HOWTO/keys.txt http://www.openssl.org/docs/HOWTO/certificates.txt