HTTPS with self-signed certificate

Hi,

I understand from another post that it should be possible to use the Sparkle framework in Windows apps to connect to servers with HTTPS using self-signed certificates.  However whenever I try to connect to my (Sparkle) server which has a self-signed certificate, I get the following error :

Could not perform WinHttp operation.  Error: (12175) Error in Server SSL Certificate  Invalid Certificate Authority.  (00000008)

Are there any properties I should be setting to allow this?  I can connect fine with a genuine signed certificate.

Thanks,
Jonathan

Which operating system are you using on the client? Some OS restrict the connection to servers with self-signed certificates.

The client PC is running Windows 10.

Have also tried on Windows 8.1 and Windows 7.

I've got the request to work by adding my certificate to the 'Trusted Root Certification Authorities' folder using the 'Certificates' snap-in in MMC on the client PC.

Thanks for the feedback. Yes, for security reasons several operating systems refrain from connecting to an "invalid" certificate. 

it is very trouble to delivery certificate to the end-user. Are there any integration that the remotedbdatabase having the feature that can integrate with the cert onto the client app. like the secure bridge product from devart.com or http://docwiki.embarcadero.com/RADStudio/XE5/en/Tutorial:_Using_the_REST_Client_Library_to_Access_REST-based_Web_Services

Not sure what exactly you want to achieve? I don't know SecureBridge very well but it seems to be used to encrypt custom communication with server, like when connecting directly to databases or using TCP connections. The link you sent about rest clients in embarcadero page also doesn't mention anything special.

With RemoteDB all you have to do is install your certificate in server, you would have to do it with any tool you use. We even provide some high-level tools to make this task easier for you. Once you do that, accessing the server from the client is transparent and doesn't need anything special (it doesn't even need OpenSSL library like the one mentioned in the embarcadero link). Just point to your server address using "https://" prefix and it will be encrypted.

We face many difficulty on setting up the certificate.
Since our server is a win 2008 server.

We work out the following like
http://stackoverflow.com/questions/2355568/create-a-openssl-certificate-on-windows
http://stackoverflow.com/questions/9537782/automated-installation-of-ssl-certificates-to-android-devices?rq=1
Our window client and andriod client application still require a certifcate to execute the application.

In additional, andriod is not avaliable to install the cert. you need to root the andriod device!

Are there any thing wrong with us on creating the valid cert so that it need cert for all platform?

Please let us know.


You mean client certificates or server certificates? Currently XData/Sparkle servers doesn't enforce the user to have a client certificate. You install the certificate on the server and just connect from client to have encrypted communication, but there is no authentication using client certificates, is that what you are looking for?

We install the self-signed certificate on the server side.
by changing the server side url to https:// then the client side application ask for cert.

What exactly do you mean by "client side application ask for cert".

Self-signed certificates will cause several security issues thus most OS refuse to connect to a server with self-signed certificates. I suggest you get some real certificates, I believe there are even free ones available out there.