OT: update RDS SSL/TSL certificates at aws

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OT: update RDS SSL/TSL certificates at aws

JJS via use-livecode
Hello,

this is a little bit off topic, but I hope I find here some experts and
hints to this issue.

I have some LC programs which communicate via https to PHP programs on a
webserver. Those PHP programs communicate with a RDS database on a aws
server.

 

Now I got a mail from aws, that they are going to exchange their SSL/TSL
certificates on the server and I have to take action to avoid interruption
of my applications. As far as I have understood, I have to do two steps. 1.
I have to renew the certificate from my RDS database at aws via the aws
console. Ok that seems to be some clicks at the aws console and that's it.

But 2. aws says, I should test my applications in an staging environment, if
everything works fine with the new certificates. And here comes my question.
I have no idea, what to test and what to look for, much less, where in my
PHP or even in my LC programs anything reflects to SSL certificates and
where I could change anything (and if yes what), if the test would fail.

 

Perhaps I am thinking to complex and all this isn't related to my apps at
all, but it scares me, because of the aws announcement "to avoid any broken
apps"

 

Has anybody experience with this issue in relation to LC and PHP?

 

Thanks for any hints how to handle this issue

 

Tiemo

 

 

 

 

 

 

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: OT: update RDS SSL/TSL certificates at aws

JJS via use-livecode
Tiemo,

i have no experiences with AWS. But what i can say is, that when changing an SSL certificate on a server  there should no changes be required in the frontend application created with LC. At least here i did not encounter any problems when i switched from unsecure to secure connections or when a server certificate was renewed / replaced.

What i´ve encountered in one case was that   i´ve received an SSL verification error. I think it was tsnet/curl error 48.

As a workaround  i used  tsNetVerifySSLPeer false   to disable verification.


Regards,
Matthias


Matthias Rebbe

free tools for Livecoders:
InstaMaker <https://instamaker.dermattes.de/>
WinSignMaker Mac <https://winsignhelper.dermattes.de/>

> Am 03.12.2019 um 09:18 schrieb Tiemo Hollmann TB via use-livecode <[hidden email] <mailto:[hidden email]>>:
>
> Hello,
>
> this is a little bit off topic, but I hope I find here some experts and
> hints to this issue.
>
> I have some LC programs which communicate via https to PHP programs on a
> webserver. Those PHP programs communicate with a RDS database on a aws
> server.
>
>
>
> Now I got a mail from aws, that they are going to exchange their SSL/TSL
> certificates on the server and I have to take action to avoid interruption
> of my applications. As far as I have understood, I have to do two steps. 1.
> I have to renew the certificate from my RDS database at aws via the aws
> console. Ok that seems to be some clicks at the aws console and that's it.
>
> But 2. aws says, I should test my applications in an staging environment, if
> everything works fine with the new certificates. And here comes my question.
> I have no idea, what to test and what to look for, much less, where in my
> PHP or even in my LC programs anything reflects to SSL certificates and
> where I could change anything (and if yes what), if the test would fail.
>
>
>
> Perhaps I am thinking to complex and all this isn't related to my apps at
> all, but it scares me, because of the aws announcement "to avoid any broken
> apps"
>
>
>
> Has anybody experience with this issue in relation to LC and PHP?
>
>
>
> Thanks for any hints how to handle this issue
>
>
>
> Tiemo
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email] <mailto:[hidden email]>
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

AW: OT: update RDS SSL/TSL certificates at aws

JJS via use-livecode
Thank you Matthias for your experience.

I didn't tested yet, but I hope I won't run into an SSL verification error. And actually I think in my case the SSL change on the db server won't affect my LC programs at all, because there is PHP in between, which connects to the db.

Thanks
Tiemo

-----Ursprüngliche Nachricht-----
Von: use-livecode [mailto:[hidden email]] Im Auftrag von Matthias Rebbe via use-livecode
Gesendet: Dienstag, 3. Dezember 2019 11:24
An: How to use LiveCode <[hidden email]>
Cc: Matthias Rebbe <[hidden email]>
Betreff: Re: OT: update RDS SSL/TSL certificates at aws

Tiemo,

i have no experiences with AWS. But what i can say is, that when changing an SSL certificate on a server  there should no changes be required in the frontend application created with LC. At least here i did not encounter any problems when i switched from unsecure to secure connections or when a server certificate was renewed / replaced.

What i´ve encountered in one case was that   i´ve received an SSL verification error. I think it was tsnet/curl error 48.

As a workaround  i used  tsNetVerifySSLPeer false   to disable verification.


Regards,
Matthias


Matthias Rebbe

free tools for Livecoders:
InstaMaker <https://instamaker.dermattes.de/>
WinSignMaker Mac <https://winsignhelper.dermattes.de/>

> Am 03.12.2019 um 09:18 schrieb Tiemo Hollmann TB via use-livecode <[hidden email] <mailto:[hidden email]>>:
>
> Hello,
>
> this is a little bit off topic, but I hope I find here some experts
> and hints to this issue.
>
> I have some LC programs which communicate via https to PHP programs on
> a webserver. Those PHP programs communicate with a RDS database on a
> aws server.
>
>
>
> Now I got a mail from aws, that they are going to exchange their
> SSL/TSL certificates on the server and I have to take action to avoid
> interruption of my applications. As far as I have understood, I have to do two steps. 1.
> I have to renew the certificate from my RDS database at aws via the
> aws console. Ok that seems to be some clicks at the aws console and that's it.
>
> But 2. aws says, I should test my applications in an staging
> environment, if everything works fine with the new certificates. And here comes my question.
> I have no idea, what to test and what to look for, much less, where in
> my PHP or even in my LC programs anything reflects to SSL certificates
> and where I could change anything (and if yes what), if the test would fail.
>
>
>
> Perhaps I am thinking to complex and all this isn't related to my apps
> at all, but it scares me, because of the aws announcement "to avoid
> any broken apps"
>
>
>
> Has anybody experience with this issue in relation to LC and PHP?
>
>
>
> Thanks for any hints how to handle this issue
>
>
>
> Tiemo
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email] <mailto:[hidden email]>
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode