Ticket #177 ( Closed )

Short Description SSL configuration
Entered By: gaucho When: 1998-10-06 23:24:31 Build: 1.03.26d
Categories Type: Problem   Department: Product   Category: Troubleshooting
Description
Bill, I am trying to configure SSL to work with Screensurfer. Sean used Microsoft Certificate Server to generate the key and it works fine with pages that are not coming from screensurfer. I followed the installation instruction but when i try accessing https://(mymachine):82/home the request just hangs, meaning my browser tries to connect but it just never gets through until it times out. Any idea(s)? I also tried the instruction you gave to one of the customers inserting the ip address of the secure machine in the registry. no luck. I even tried using the SECURE in my entry point which is a transaction accessing that url through regular http request, and although i am able to access the url fine, the secure connection does not take effect. It is called as a non-secure url.
Append By: gaucho  When: 1998-10-07 05:28:18  New Status: Pending IE
Comment Bill, Man, im about ready to give up here! It seems so simple on the instructions but i can't get it to work. i have iis installed on port 80 with ssl on port 443, screensurfer on 82, console on 83. when i access a screensurfer file, using https://mymachinename/surfer/home, im getting this error: "An I/O error occurred during authorization. Please try your connection again." If you don't mind I think i will have to give you a call tomorrow. It was decided at a meeting monday that if we can't get ssl going by friday that the project will be placed on hold and try it again at a latter date.
Append By: WindSurfer  When: 1998-10-07 05:46:11  New Status: Pending Customer
Comment First-- the port 82 was wrong, which I think you got rid of later; HTTPS implies the SSL port.

Second-- when you installed the Screensurfer IIS filter, did you specify port 82 then?

Third-- SECURE only works on screens...if you want a transaction to work through SSL, you have to specify with the https://securemachine/surfer...

Append By: WindSurfer  When: 1998-10-07 05:51:47  New Status: Pending Customer
Comment Joe--what are the settings in hkey_local_machine/Software/Intelligent Environments/Screensurfer/IISFilter?

Have you checked the log file in the IISFilter directory?

Append By: WindSurfer  When: 1998-10-07 05:53:32  New Status: Pending Customer
Comment Also, what version of IIS?
Append By: WindSurfer  When: 1998-10-07 06:45:41  New Status: Pending Customer
Comment We have discovered a regression in the IIS filter that snuck-in while making it work in a certain way for an existing customer (used for performing password entry only).

We think that your HTTP thread in Screensurfer is trapping when you access it-- are you getting any entries in the Event Log while testing?

A new build will be ready for you when you read this-- will post the ftp link when it is ready.

Append By: WindSurfer  When: 1998-10-07 06:59:50  New Status: Pending Customer
Comment The new build is ready at ftp://ftp.ieinc2.com/pub/surfer/t1_3_26c.zip

Unzip to \screensurfer\bin to replace ielua.exe.

THEN, update the registry, and in the screensurfer config, change "SecurityDefault" to 1. This tells Screensurfer to just run in secure mode, without worrying about flipping the user to and from based on the active section being executed. What happened was that the logic looking to do the "flip" was using a pointer that didn't exist when doing "home" or a transaction.

Sorry you blew a night on it-- please, next time you start using something so new, try to do it when we are around to provide help!

Append By: gaucho  When: 1998-10-07 11:57:18  New Status: Pending IE
Comment Bill, I downloaded the new build, changed the SecurityDefault to 1 and reinstalled IISFilter using mymachine'sIPAddress:82 for the Screensurfer machine. I then tried accessing https://mymachine/surfer/home and this is what i got in the SurfProx During "Sending to Proxy", "Unable to send data to HTTP host "localhost:82"-- Error Code=10057, Description=WSAENOTCONN: The socket is not connected." During "Sending to Proxy", "Unable to send data to HTTP host "localhost:82"-- Error Code=10038, Description=WSAENOTSOCK: One of the descriptor sets contains an entry which is not a socket." btw, I have IIS 4 running. Also, should i be just entering mymachine's IPAddress without the port number when installing IISFilter? (i currently have Screensurfer running at port 82 for web gateway and 83 for console).
Append By: WindSurfer  When: 1998-10-07 13:39:29  New Status: Pending Customer
Comment Try ftp://ftp.ieinc2.com/pub/surfer/surfprox.dll -- stop IIS and replace the one that is in the directory you specified when you installed the filter on the IIS machine.

We found a potential for the default of "127.0.0.1:82" to be replaced following the reading of the registry keys by the DLL...this didn't show up yet because testing and use has only been on the same machine so far--

Append By: WindSurfer  When: 1998-10-07 15:56:54  New Status: Pending Customer
Comment It looks like there may be a Microsoft DLL incompatibility on your NT machine-- please grab ftp://ftp.ieinc2.com/pub/surfer/proxstat.zip and unzip to replace your filter DLL (stop IIS first).

This has been built with the MFC libraries embedded instead of using the DLL, and it should work more consistently than the smaller one we first packaged.

Append By: WindSurfer  When: 1998-10-09 10:31:02  New Status: Pending Customer
Comment New build, which looks a lot more consistent with IIS4 is available at ftp://ftp.ieinc2.com/pub/surfer/proxiis4.dll -- rename to surfprox.dll to use it, replacing the one you have now. We did a check on the MFC versions and, stupidly, were out-of-synch with IIS4.

When added to the filter list in the properties, this one just goes green right away and things just seem to behave the way you expect it to.

Classic case of "almost compatible" (arghh).

We will need to incorporate a metabase update capability in our installation program and provide an IIS4-compatible filter installation before an IIS4 version of the Screensurfer Filter is "prime time".