PLBWEB_SSL_KEYFILE Keyword

9.7A

PLBWEB_SSL_KEYFILE={keyfile}

 

This keyword is optional and specifies the file name of a SSL certificate key(s) that supports the SSL operations.

 

If this keyword is not defined, the PWS defaults to a SSL certificate key file named 'privkey.pem'.

 

When this keyword is defined, the {keyfile} can be assigned as a file name only that must exist in the current working directory of the PWS.

 

In addition, the {keyfile} can be assigned as a file name with an OS full path or a partial OS path relative to the current working directory of the PWS.

Note the following:

1.   When the PL/B Web Server is configured to provide a SSL secured logon channel, a server SSL certificate must be provided and available on the system executing the PWS.

2.   A Windows PL/B Web Server requires access to the 'ssleay32.dll' to provide a SSL secured logon channel. If the 'ssleay32.dll' cannot be found and loaded by the PWS runtime, the PWS runtime terminates immediately without starting. Most Linux\Linux OS systems come with OpenSSL installed. Therefore, the Linux\Linux PL/B Web Server is statically linked so the OS can automatically load the OpenSSL libraries when the PWS runtime is loaded.

3.   To support PL/B development of PWS applications, a self-signed certificate may be generated and used during the development period. In this case, one of the following scenarios can be used to generate a SSL self-signed certificate:

  1. Use the 'openssl' command and execute the following commands in a Windows command shell. Please note that the 'openssl.exe' may already exist on a user's system in a directory such as 'c:\openssl\bin'. Otherwise, the 'openssl.exe' command may need to be downloaded from 'https://www.openssl.org'.

    2.  

    openssl genrsa -out privkey.pem 2048

     

    openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

     

  2. As an alternative, the user can access the following link and generate a self-signed certificate.

    3.  

    http://www.selfsignedcertificate.com

     

  3. When using a self-signed certificate, the PWS server keyword named 'PLBWEB_SSL_SELFSIGNED=ON' must be specified in the 'plbwebsrv.ini' [Environment] section. Otherwise, the client browser cannot make a connection to the PWS server. To obtain a server SSL certificate that is not self-signed, the user should contact their Internet Service Provider.

 

 

See Also: PLBWEBSRV Keywords, Server Command Line


PL/B Web Server PLBWEB_SSL_ERROR_URL PLBWEB_SSL_LOCKOUT_MAX