Setting up SSL
|
|
Setting up SSL |
|
SSL allows security over the web by encrypting all data transmissions between the server and the user's browser. The WebKIDSS program has been configured to take advantage of SSL if you have your server site set up properly. To do this, you will need a server certificate from a certificate authority like Thawte (thawte.com) or Verisign (verisign.com).
A stand-alone program, SetupSSL, designed to create the encryption keys and a certificate request is provided for you on the WebKIDSS Web Server page. Download and run it to create a certificate request that can be sent to a certificate authority. The SetupSSL program is available for both Mac and Windows. The latest version of this SetupSSL program is v1.2. The SetupSSL program must be installed and run from the server machine in order to create the proper certificate request.
Version 1.2 of this setup program contains an option for the length of keys. The default value is 512 bits. This length is compatible with most (all?) browsers and is the default. Also, this is the default size implied in the 40bit SSL plugin (4DSLI.DLL) as supplied by 4D. An option has been added to the SetupSSL program for using 1024 bit keys. Use of this option requires the installation of the 128bit SSL plugin (4DSLI.DLL - note the same name as the 40bit version). This 128bit version of the plugin may be obtained from the 4D.com web site.
The Mac version is a compiled 4D v6.8.x program (compiled 4D v2003.x, and 4D v2004.x are also available - the 4D v6.7.1 version is no longer available) that has been stuffed as an archive (.sit) and encoded with binhex (.hqx) just like all the other Mac compatible software available on the WebKIDSS site. Download it and expand it to get the file: 'SetupSSL'. Create a folder named 'SSL' inside your WebKIDSS folder and put this file into that folder before running. This file is the program file. When running this file, you should specify that a new data file be created. There are instructions for running the program on the main opening screen and on a separate screen after the program has been run. Before running the program to generate a certificate request you must make sure you have installed the file '4DSLI.DLL' in the '4D Extensions' folder within the folder containing the 4th Dimension program. This file was probably installed in the proper place when you installed 4th Dimension. If not, find it on your installation CD and put a copy in the 4D Extensions folder. If you cannot find this file on the installation CD, or in any of the folders containing the 4th Dimension program on your hard disk, try installing again but this time only install the 'Network Components' portion of the 4D program.
The Windows version is a compiled 4D v6.8.x program (compiled 4D v2003.x, and 4D v2004.x are also available - the 4D v6.7.x version is no longer available) that has been zipped (.zip) just like all the other Windows compatible software available on the WebKIDSS site. Download it and expand it to get two files: 'SetupSSL.4DC' and 'SetupSSL.RSR'. Create a folder named 'SSL' inside your WebKIDSS folder and put these two files into that folder before running. These files are the program file. When running this program, you should specify that a new data file be created. There are instructions for running the program on the main opening screen and on a separate screen after the program has been run. Before running the program to generate a certificate request you must make sure you have installed the file '4DSLI.DLL' in the '4D Extensions' folder within the folder containing the 4th Dimension program. If you are using 4D v6.7.3, make sure you have installed the file '4DNCTCP.DLL' in the '4D' folder within the 'Windows' folder. This file, '4DNCTCP.DLL', is not needed if you are using 4D v6.8.1. These files were probably installed in the proper place when you installed 4th Dimension. If not, 4DNCTCP.DLL is part of the 'Network Components' download for 4D v6.7.3. Download the Network Components for 4D v6.7.x and put a copy of 4DNCTCP.DLL in the 4D folder within the Windows folder.
You should only run the SetupSSL program once to generate the keys and the certificate request. If you run it a second time, it will generate new keys and a new certificate request. The keys generated this second time will not be compatible with the certificate request generated the first time.
When you run the SetupSSL program, select 'Anyuser (no password)' from the user list, and leave the password field blank. (At this point you will be given a dialog for opening the data file. From that dialog, indicate that a new data file be created.) Then select 'Generate Request' from the File menu. Answer all questions on the form. Then click the 'OK' button. After the program has run, move the three files: 'key.pem', 'public_key.txt', and 'certrequest.txt' out of the SSL folder and into the WebKIDSS folder. Then go to one of the certificate authority's web site to determine how you should submit the certificate request.
The return certificate you will receive from one of the certificate authorities must be placed in a file named 'cert.pem' and saved in the WebKIDSS folder.
After you have installed SSL, then you can access the WebKIDSS program using 'https:' instead of the 'http:'. This will provide secure access. Also please note: DO NOT INCLUDE A PORT NUMBER IN THE URL WHEN USING SSL. A reference similar to the following will allow secure access regardless of the port number assigned to the WebKIDSS program.
<A HREF="https://www.myschool.org">Click here for WebKIDSS web server</A>
If you just use 'http:' (and the port number) you can still access the WebKIDSS program, but it will be in non-secure mode.