I am trying to set up https by choosing a self-signed certificate in the web server config
When I access the web server I then get this error:
That is not in our control. That is up to the individual browsers.
And why are you enabling this?
Your choice, but…
Safari cannot load the site either when I enable https.
I am enabling this for security reasons - as with any other https site
I’m pretty sure that when you use a self-signed certificate, you need to give permission in the browser to access that site. For example in Safari, you will have to jump through some hoops to get through the barriers it puts in place. You’ll finally get to a point where it gives you a link to visit the site. At that point, you’ll have to enter in your password to add it to your signed certs in the keychain – or something like that; it’s been a while since I had to do this.
Suppose I go with a signed certificate - has anyone done that with the options allowed for the DT3 web server? Somehow it has never been clear to me how to get a certificate without a bunch of complex Linux commands.
Apologies in advance for just having a related question… As I’m trialing DT3 (as possible replacement for Evernote), having access on a PC at work would be great. However, I am not a network person, and remember significant challenges with getting port forwarding to work consistently (especially with non-static IP address). Other services, such as Daylite and Evernote, have gone to subscription model to support cloud based sign in, making this much easier for the end user.
Would it be correct to assume that DT has no plans to move in this direction, and only way to get access externally is dealing with these network issues?- thanks!
This has been discussed at length prior to DT3. Devonthink staff have said they have no intention of moving to a cloud-centered central database model.
That said, there are clearly some advantages of the DT3 model - among other things, it takes far less effort and knowledge and cost to run a web server with DT3 than a typical PC server with a web app on top of a relational database. Plus you clearly “own” the data in this model - a huge benefit over Evernote. And https is not easy to set up if you operate your own Windows server either.
That said, the option to use a Devonthink certificate works on Firefox or Safari, but I keep getting the “scrambled credentials” error with Chrome. Has anyone solved this? If not, can anyone help with recommendations on how to create a TLS certificate that will work with DT3?
Yes, a self-signed certificate can be used.
Otherwise, you can get one from a certificate authority.
Other than suggesting you stop using Chrome (
), there is no specific support for it. I am not seeing an issue here though.
Can you suggest some source that explains the specific steps I need to do to create a “P12 File” which DT3 requests in order to set up SSL?
I just created a certificate using RapidSSL. I got the 4 files below but I have no clue how to convert those to a P12 file. There are some websites which suggest I can do so with the OpenSSL command line if I convert my private key to a file as well but I don’t understand the format to do that.
Bottom line - I am usually pretty good at following directions for configuring applications. But for some reason when it comes to SSL/TSL certificates there is such a high level of assumption of prior knowledge that it is beyond me to figure out how to do it. Has anyone else succeeded in getting the DT3 web server working with https ?
We don’t offer support for creating P12 files. We are just noting we support them, if available.
I would suggest you talk to RapidSSL regarding this issue as they’re the issuers of the certificate data.
Could you perhaps clarify what the “webroot” is for the DT3 web server? I need to know that if I create a certificate with Let’s Encrypt:
I too am curious about how this is done. I have DT3 Server and I have a cert for the domain that my DT3 is running on. Cert came from LetsEncrypt which has .pem extensions. P12 import doesn’t accept it. Documentation doesn’t provide a how-to. Can anyone who has this working with a valid cert explain how it’s configured?
You can convert a .pem file to .p12 in terminal. You will probably need to modify the input file names in the command:
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.crt -certfile CACert.crt
(your certificate file may have extension .pem rather than .crt).
openssl is included in MacOS. More info: https://www.openssl.org
(Edited due to fat fingers)
1 Like