- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: sockets
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2005 05:16 AM
10-19-2005 05:16 AM
I just wanted to thank all of you who have responded to all my questions and thank you for giving me great solutions to my OpenVMS questions.
My next question is a programming question. I hope I'm on the right forum. Anyway, here goes. We have been writing GUI applications using MS Visual C++ that access our data, stored in indexed files, on an Alpha server running OpenVMS. Our client (Windows) applications use a derivation of the MFC CSocket class and our server uses the sys$qio system routines. The nature of our business requires that we transfer data from server to client securely. When we make a connection over the internet we use a VPN gateway to encrypt our data; however, this can be expensive and requires another layer of expertise for our company and clients. My desire is to solve this problem by creating a secure socket on both the server and client using some kind of SSL implementation; whereby, the regular socket is wrapped, as it were, in an SSL routine for reads and writes eliminating the need for encryption devices. Can anyone help me solve this problem by suggesting SSL 'c' libraries that would be compatible in both the OpenVMS HP 'C' and Windows Visual C++ programming environments.
Eric
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2005 06:00 AM
10-19-2005 06:00 AM
SolutionTake a look to OpenSSL. On VMS you have a HP release of OpenSSL:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
On windows you can download it from:
http://www.openssl.org/
Bojan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2005 06:06 AM
10-19-2005 06:06 AM
Re: sockets
We have few sample programs in our OpenVMS directory for your requirement (similar). But for windows side, I have no info.
Better you can go thru these sample programs
1.SSL$simple_cli.c
2.SSL$simple_serv.c
Using SOCKET
1. SSL$BIO_cli.c
2. SSL$BIO_serc.c
Using $QIO
1. SSL$TCP_client_qio.c
2. SSL$TCP_server_qio.c
All these files are available in
SYS$COMMON:[SYSHLP.EXAMPLES.SSL] directory.
Archunan
Archie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2005 11:09 AM
10-20-2005 11:09 AM
Re: sockets
Thanks for turning me on to the ssl sights and example programs! I do have another question concerning certificates.
I have been running the script to create all the *.ca,*.crt, and *.csr files; however, the process fails when I try to create the server and client certificate request (server.crt/client.crt) with the following error:
>>
Using configuration from ssl$root:[000000]openssl-vms.cnf
Enter pass phrase for ssl$key:client_ca.key:
unable to load number from ssl$root:[demoCA]serial.txt
error while loading serial number
2431:error:0D066096:asn1 encoding routines:a2i_ASN1_INTEGER:short line:F_INT:215:
<<
Is there supposed to be something in ssl$root:[000000]serial.txt file like a unique serial number? If so who or where would I get it?
Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2005 07:05 PM
10-20-2005 07:05 PM
Re: sockets
The serial.txt file is by defaultlocated at SSL$DB:SERIAL.TXT and SSL$DB points to SSL$ROOT:[DEMOCA]. The file contains a hexadeciml number which is one more than the number of signed certificates.
The procedure to create the CA with SSL$COM:SSL$CERT_TOOL.COM is:
5. Create a CA (Certification Authority) Certificate
to create the CA (it seem you did this phase)
then you create one or more requests with:
3. Create a Certificate Signing Request
Then you must sign the request with:
6. Sign a Certificate Signing Request
use the CA certificate to sign the request.
Try to create the file with:
$ CREATE SSL$ROOT:[DEMOCA]SERIAL.TXT
01
Bojan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2005 07:13 PM
10-20-2005 07:13 PM
Re: sockets
Look at the SYS$COMMON:[SYSHLP.EXAMPLES.SSL]SSL$EXAMPLES_SETUP.TEMPLATE
also at this link:
http://h71000.www7.hp.com/doc/82FINAL/aa-rscvc-te/00/00/44-con.html
from the manual:
http://h71000.www7.hp.com/doc/82FINAL/aa-rscvc-te/aa-rscvc-te.HTML
Bojan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2005 03:19 AM
10-21-2005 03:19 AM
Re: sockets
I really appreciate your help! Thanks!
Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2005 08:32 PM
10-22-2005 08:32 PM
Re: sockets
Just my $ 0.02.
Just a suggestion. It is not clear from the discussion in this thread, but it is vital to avoid self-signed certificates. Go through the full process and get a real certificate signed by a recognized certification authority, the cost is quite nominal (this may be your intent, but it the discussion is unclear).
A self-signed certificate guarantees nothing in terms of security. Only a certificate from a widely recognized CA provides any guarantee to remote users of authenticity.
- Bob Gezelter, http://www.rlgsc.com