I have a local Blynk server running on windows7 machine,
I tested with the blynk APP and looks like ok,
but is not sending the Auth Token for e-mail,
it say problems in the network, So, I think the problems occur
because I don´t know how to Create the SSL Certificates
I´m a newbie, and I don´t Understand what to do with the lines
I don´t know if this is necessary for Windows7 machine
I don´t know if this is the cause for the e-mail problem
I don´t know if this happen because I don´t have port-forwarding in my router
Please give help, for understand and resolve the problem
Thank you so much for read me
+++Launching Server
C:\Blynk Server>java -jar server-0.11.3.jar -dataFolder /path
Blynk Server successfully started.
All server output is stored in current folder in ‘logs/blynk.log’ file.
+++Sending Auth Token E-mail in the Smartphone
EMail was not sent to your logging acc.
please check your network conection
+++Blynk.log
23:38:12.533 INFO - Using data dir ‘\path’
23:38:12.907 INFO - Initializing mail transport. Username : example@gmail.com. SMTP host : smtp.gmail.com:587
23:38:13.235 INFO - Plain tcp/ip hardware server port 8442.
23:38:13.235 WARN - ATTENTION. Certificate C:\Blynk Server and key C:\Blynk Server paths not valid. Using embedded certs. This is not secure. Please replace it with your own certs.
23:38:13.718 INFO - SSL hardware port 8441.
23:38:13.734 INFO - Enabling SSL for application.
23:38:13.734 WARN - ATTENTION. Server certificate paths cert : ‘C:\Blynk Server’, key : ‘C:\Blynk Server’ - not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own certs.
23:38:13.983 INFO - Application server port 8443.
23:38:13.983 INFO - Administration server port 8777.
23:39:41.071 INFO - artgan@gmail.com app joined.
Part of the file server.properties.jar
server.ssl.cert=./server_embedded.crt //I don´t have this file really
server.ssl.key=./server_embedded.pem //I don´t have this file really
server.ssl.key.pass=myblynkpassword
client.ssl.cert=
client.ssl.key=
It´s done
NOTE: you’ll need to setup Gmail to allow less secured applications.
Go here and then click “Allow less secure apps”.
The Problem was, that I made de files,
server.properties and mail.properties in notepad
and save in txt format
now the server is sending the Auth Token correctly
I solved this, but now I have other questions,
I think I’ll post a new query,
because it has no relation to this post
the question to this publication is still unresolved
How to create SSL Certificates for local Blynk Server on Windows 7?
So I’ll be grateful for your contributions
Please use google. It is very easy to find, there are a lot of ways. I recommend GnuWin32. Also when you’ll succeed please share your steps here, so I’ll update doc and many users will be guided by your tutorial.
I downloaded, Installed and updated the GNUWin32 In the root of my hard drive,
but thats all, I don’t get it yet how to associate Blynk server with GNUWin32,
Please can you give me a hand?
I Promise make a tutorial for the community when I get it to work
By the way Merry Christmas
@Lichtsignaal
Reading deep in the files of the GNUWin32,
I found that GNUWin32 has the openssl 0.9.8h version on it.
Please can you give me a hand?
I Promise make a tutorial for the community when I get it to work
By the way Merry Christmas
GNU is needed only to run openssl, which commands you need to run is described in doc. SSL certificates is not necessary. Are you sure you need them so much?
WARNNING DO NOT USE THIS CERTIFICATES ON PRODUCTION OR
IN WHERE ENVIROMENTS REAL SECURITY REQUIRED.
Thanks to you now I understand that GNUWin32 is only for to run openssl
I follow the the link SSL certificates, but not help to me, I´m not a expert
in software, for me is chinese
So Do I need it?
I just want to run the app and control my devices with a local server, in a secure way,
I thought thats was the idea.
This warning is just a reminder that you could make things even more secured (but still, all traffic is encrypted anyway). I would love to help you. But I’m not a windows user for a few years already. This what I easily googled in a minute.
It’s not that hard. You can basically follow the Linux guides, but replace the paths for the Windows binaries.
There is, as far as I see, no need to install GNu32 or anything like that. Just install OpenSSL. I’ll try and see if I can do it on my virtual windows box and give you some pointers.
Now for the stuff, certificates! Go to the folder where Blynk server.jar is located
C:\Users\bastiaan\Downloads\blynk>openssl genrsa -out server_embedded.key 2048
Loading ‘screen’ into random state - done
Generating RSA private key, 2048 bit long modulus
…+++
…+++
unable to write ‘random state’
e is 65537 (0x10001)
C:\Users\bastiaan\Downloads\blynk>openssl req -new -out server_embedded.csr -key server_embedded.key -config “c:\Program Files\OpenSSL\openssl.cnf”
Loading ‘screen’ into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) :NL
State or Province Name (full name) :Test
Locality Name (eg, city) :Test
Organization Name (eg, company) :Test
Organizational Unit Name (eg, section) :Test
Common Name (eg, your websiteÆs domain name) :Test
Email Address :test@test.net
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :pupkin123
C:\Users\bastiaan\Downloads\blynk>openssl x509 -req -days 1825 -in server_embedded.csr -signkey server_embedded.key -out server_embedded.crt
Loading ‘screen’ into random state - done
Signature ok
subject=/C=NL/ST=Test/L=Test/O=Test/OU=Test/CN=Test/emailAddress=test@test.net
Getting Private key
C:\Users\bastiaan\Downloads\blynk>openssl pkcs8 -topk8 -inform PEM -outform PEM -in server_embedded.key -out server_embedded.pem
Enter Encryption Password: (same pwd as in the server.properties file)
Verifying - Enter Encryption Password:
Loading ‘screen’ into random state - done
C:\Users\bastiaan\Downloads\blynk>dir
Volume in drive C has no label.
Volume Serial Number is D402-B243
Directory of C:\Users\bastiaan\Downloads\blynk
12/26/2015 11:15 AM .
12/26/2015 11:15 AM …
12/26/2015 10:57 AM data
12/26/2015 10:57 AM logs
12/26/2015 10:44 AM 9,120,466 server-0.12.0.jar
12/26/2015 10:56 AM 166 server.properties
12/26/2015 11:13 AM 1,241 server_embedded.crt
12/26/2015 11:09 AM 1,058 server_embedded.csr
12/26/2015 11:00 AM 1,679 server_embedded.key
12/26/2015 11:15 AM 1,785 server_embedded.pem
6 File(s) 9,126,395 bytes
4 Dir(s) 13,900,537,856 bytes free
There are a couple files now and if we start Blynk, the follow takes place in the blynk.log file:
C:\Users\bastiaan\Downloads\blynk\logs>type blynk.log
11:17:09.496 INFO - Using data dir ‘.\data’
11:17:09.637 INFO - Initializing mail transport. Username : example@gmail.com.
SMTP host : smtp.gmail.com:587
11:17:09.989 INFO - Plain tcp/ip hardware server port 8442.
11:17:09.989 INFO - Enabling SSL for hardware.
11:17:11.226 INFO - SSL hardware port 8441.
11:17:11.226 INFO - Enabling HTTPS for hardware.
11:17:11.240 INFO - HTTPS hardware server port 7443.
11:17:11.240 INFO - Enabling HTTP for hardware.
11:17:11.240 INFO - HTTP hardware server port 8080.
11:17:11.240 INFO - Enabling SSL for application.
11:17:11.240 WARN - Found server certificates but no client certificate for ‘C:
\Users\bastiaan\Downloads\blynk’ path. Using one way ssl.
11:17:11.254 INFO - Application server port 8443.
11:17:11.254 INFO - Administration server port 8777.
And that’s that. I think SSL is now enabled
Kindly note that somewhere I filled out “test” for a Common Name. This has to be the FQDN of where to reach your server. This could also be an IP address.
I realize this post a little old but as with many others still a little unclear -perhaps you can help clarify.
I also saw the WARNING in my logs saying …“but no client certificate for C:… Using one way ssl”… does that imply that SSL only established on connections that are requested from clients e,g, Mobile App OR for example Wemos ESP board TO my local Blynk server (which I assume is how all connections are established) BUT there is no certificate for Server to outside world connections i.e. “no client certificate” as the server would never initiate a connection request ? — or have I completely got this all wrong
The warning is just that, a warning. It means a client can only verify the server certificate, but the server has no means to authenticate a client. Since a client usually connects to the server and not the other way around, it’s no big deal.
thank Lichtsignaal.
I have two further questions that you may provide insight (to me and others reading the forum).
What is the purpose of the following client.ssl properties in the server.properties file ?
#by default server uses embedded in jar cert to simplify local server installation.
#WARNNING DO NOT USE THIS CERTIFICATES ON PRODUCTION OR IN WHERE ENVIRNOMENTS REAL SECURITY REQUIRED.
#provide either full path to files either use '.' for specifying current directory. For instance "./myfile.crt"
server.host= blynk.davolilogic.com
server.ssl.cert= ./myserver.crt
server.ssl.key= ./myserver.pem
server.ssl.key.pass= xxxxx
#Blynk server allows to use 2 hosts for same IP, below properties for second host
server2.host=
server2.ssl.cert=
server2.ssl.key=
server2.ssl.key.pass=
client.ssl.cert=
client.ssl.key=
I use httpAPI and use fingerprint in my sketch: i.e.
// Use web browser to view and copy
// SHA1 fingerprint of the certificate
// const char* fingerprint = "CF 05 98 89 CA FF 8E D8 5E 5C E0 C2 E4 F7 E6 C3 C7 50 DD 5C";
the problem is that given my certificate is not signed by a CA would that be the reason why the below sketch returns “certificate does not match” or is there a workaround ? [hope I’ve explained that clearly ;-)]