Getting Started with TLS
You'd like to test the new secure server feature of TLS in Frontier or Radio, but you're not sure where to start. You've come to the right place! These instructions will help you get up and running in just a matter of minutes.
These instructions assume one very important thing: that you're familiar with running Frontier or Radio as a web server, even if you've only ever served pages to yourself, as a "desktop web site."
These instructions will grow shorter and simpler with future releases of the software. These are here now to help the early adopters start using the software today.
- Launch Frontier or Radio
- Choose "Open" from the file menu
- Find and open the file "Install TLS.ftds". It's in the folder "TLS 0.3" that's created when you decompress TLS-0.3.sit or TLS-0.3.zip
- Click "Yes" to confirm that you want to install the software
Obtain a License for TLS
- Go to http://tls.macrobyte.net/licensing/evaluation
- Enter your email address and click "Request License"
- When you receive your evaluation license via email, copy it to the computer with the TLS server (if necessary) and open it
- You should receive an acknowledgement that the license was successfully installed
Generate a Test Key, Test Cert, and Test CSR
If you're going to run the server with a valid certificate that has been signed by one of the certificate authorities, you can skip the following steps and just paste your key and certificate into the locations specified in the #testing script.
- Copy and paste the sample script at tls.keys.["#testing"] to another location
- Modify the copy according to your server's and organization's details
- Run the script
By default, this script will put your private key, csr, and self-signed certificate in the workspace table.
MacOS X Only: Port Forwarding
The standard port for https is 443, but MacOS X will not allow you to start a server on that port (the same is true for 80, the default port for http). To test the secure server, you must specify a higher port number (4443) and then either ask the OS to forward requests from port 443 to port 4443, or include the port number in your URL's in the browser.
- In Frontier or Radio, change
user.inetd.config.https to 4443
Optional: turn on port forwarding and forward port 443 to 4443:
- Open a Terminal window
- Type "
sudo /usr/sbin/sysctl -w net.inet.ip.forwarding=1" and press enter
- Type your password and press enter
- Type "
sudo ipfw add 102 fwd 127.0.0.1,4443 tcp from any to any 443 in" and press enter
That's it, your server will now forward all requests to port 443 to 4443, where Frontier will handle them.
Start the Server
- Copy and paste the sample script at tls.httpsServer.["#startupHelper"] to another location
- Modify the pkeyPasswd variable to match whatever you used in tls.keys.["#testing"]
- Run the script
- Optional: To have the TLS server started automatically when Frontier or Radio is launched, move your copy of the sample script to the
Connect In the Browser
Use the same URL as always, but replace "http" with "https"
For example: https://127.0.0.1/
That's just an example! If you're on MacOS X and you aren't using port-forwarding, then the URL will be something more like https://127.0.0.1:4443/
- You should expect to get an error that basically says the certificate is invalid. Your certificate hasn't been signed by one of the recognized signers (like Verisign). However, you should still be able to connect with the server and browse the site.