So no one will go down a road that leads no where ...

So no one will go down a road that leads no where ...

by Ken Task -
Number of replies: 2
Picture of Particularly helpful Moodlers

Short version ...

Setup a CentOS 6 test server without DNS just for testing for a rather large corp using Moodle remotely hosted (outside the confines of corp network - apparently the person training cannot get internal technical support).  Purpose to test webservices.  Yes, without DNS ... access via host file 'trick'.   Test server had self-signed certificate and running https:// ... Moodle configured to use https:// ... all that worked just fine.   Person doing the webservices part was successful in testing.

The 'next phase' in the 'plan' (not mine) was to use a valid CA and test with that.   So embarked on setting up a valid CA (company doesn't matter).   Result ... regardless of what I did/tried, couldn't get this stealthy Apache to use certificate acquired.   Finally, an expert says ... 'No.  Can't be done.  Server *must* have a valid DNS".

Lesson learned ... the hard way - have spent 10 hours learning that lesson. :|

On another note, couple of related question ... if anyone knows:

Certificates are not issued for life (as we all know) and from time to time, they require renewal.  So let's say that happens to a Moodle server - expired and new certificates have not been acquired yet.

How does the remote server/whatever running some app/script to do some action on the Moodle server affect re-acquire the new certs?  Or does that matter (networking comes before application).

If that doesn't matter ... what does?   The token assigned to the user using webservices?

Yep, if  I sound confused it's cause I am!!!

Ken

Average of ratings: -
In reply to Ken Task

Re: So no one will go down a road that leads no where ...

by ryan sanders -

if SSL certificate expires. the user should get a pop-up in any browser, denoting SSL certificate issues. and noting something about it has expired. 

it has been some time since i had to deal with SSL certificates. so i am out of loop of current standards for them. at one time you needed a min of 2 computers. and hacks for single computer were hard to come by.  1 computer that issued certificate and 2nd computer (your site) that obtained the certificate. thinking about it. there is some DNS records that get created to deal with SSL. 

SSL certificates are designed to expire after so long. (security reasons) there are some applications i would imagine to do a test bed server to create certificate, without having to pay for a SSL certificate.  

back in the day there were so many settings and options for SSL it got a little overboard. not sure how it is today. 


Average of ratings: -
In reply to ryan sanders

Re: So no one will go down a road that leads no where ...

by Ken Task -
Picture of Particularly helpful Moodlers

Yes, a users using a browser do get a notification and option to accept a self-signed certificate.  But, evidently, webservices on the client end cannot make such exceptions.   Have to make a correction to the testing phase here ... person at the other end (the one creating the webservices using SalesLogic, I think), had tested when stealth test server was running http (no SSL) and had no issues, but couldn't get webservices to work when server was reconfigured to run  self-sign certificate (script on his end just "timed out").  Webservices connection changed and there was nothing one could do in the script on his end to accept a self-signed cert.

Have seen one example of webservices and it used http://site/username=blah&password=incleartext.... blah, blah. somewhere in the URL the key that is supposed to be setup for that user in Moodle to use a certain webservice.

My guess is ... a valid certificate has to be created for a server that has a valid FQDN before one can use webservices under https.

A valid cert from a CA is just accepted ... by browser ... user can see the icon change in a browser.  No action by the browser user required.  Webservices originally created and tested under http might require regenerating all that was scripted to use https.

So there is no one here that has actually used/setup webservices to test using http that then switched to https (self-signed)?

in 'learning mode' and trying to understand ...

Ken


Average of ratings: -