Switch to: V9V8V7V6V5

Using SSL

Valentina Server, starting from 2.5 release, is able to make secure SSL connections with Valentina Clients.

Credits: This feature is implemented with the help of OpenSSL library http://www.openssl.org

Server-Side Steps To Use SSL

SSL Port

To enable this feature on the server side you need specify in the INI-file the SLL port which Valentina Server will listen for secure connections. On default this port is zero.

You can allow your VServer to listen to two ports at a time: a secure port and a non-secure port. Or you can specify only one of these ports.

Private Key and Certificate

SSL feature require on server side private key and certificate (can be “self-assigned”). Valentina Server installer installs default demo keys, and the INI-file point them. So as only you have specify SSL port you can start do SSL connections.

But please note, that you should not distribute these keys to your customers. You need generate new keys unique for your application/solution.

Client-Side Steps To Use SSL

On the client side, to establish a SSL connection with the Valentina Server, you need to use the SSL port number that VServer listens as SSL port and you need specify VConnection to be SSL as shown in the following example:

VConnection vconn = new VConnection( "localhost", "sa", "sa", port_ssl )
vconn.UseSSL()
vconn.open() 

Compare to non-ssl connection

VConnection vconn = new VConnection( host, user, passw, port )
vconn.Open()

Note, that a Valentina Client is able to establish several simultaneous connections to the same Valentina Server or to different Valentina Servers. Some of these connections can be SSL, but some not.

Example: How to create and use self-signed certificate

  1. Generate RSA private key. Generating a key for the RSA algorithm is quite easy, all you have to do is the following:
    openssl genrsa -out privkey.pem 2048

    The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is consider insecure or to be insecure pretty soon. So you get privkey.pem in the current folder.

  2. Creating a self-signed test certificate. If you don't want to deal with another certificate authority, or just want to create a test certificate for yourself:
    openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

    So you get cacert.pem in the current folder.

  3. Copy both certificate and key to the vServer folder and change vServer INI settings:
    SSL_Certificate=cacert.pem;
    SSL_PrivateKey=privkey.pem;

See: http://www.openssl.org/docs/HOWTO/keys.txt http://www.openssl.org/docs/HOWTO/certificates.txt