#1 2014-09-18 14:21:19

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

Problem to run TSQLHttpServer via HTTPS?

Hello,

first time on the forum...
I am very new with mORMot. It looks like the stuff solving lot of my problems and must say THANK YOU.

My task is run TSQLHttpServer via HTTPS.

Thanks to blog article at

http://blog.synopse.info/post/2013/09/0 … -in-mORMot

I can run server on local computer. It works fine.


Next task is to run it on remote computer.
I have made all steps from the article on the server but when I run client I get exception (EWinHTTP): winhttp.dll error  12175 (A security error occured).


My steps:

1. 
makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a
sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

2. install Dev Certificate Authority

3.
makecert -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n
CN="MY_SERVER_IP" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr
localmachine -sky exchange -sp
"Microsoft RSA SChannel Cryptographic Provider" -sy 12

4.
netsh http add sslcert ipport=0.0.0.0:8843 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

5. Open port 8843 in Firewall...

6. Run client.exe on client computer

7. get the exception.

I not very guru with certificates and I suspect I have a mistake in steps... Please show me the way.

PS.
1. when I run the client.exe on the server everything works fine.
  aClient := TSQLHttpClientWinHTTP.Create(MY_SERVER_IP,8843,aModel, true);

2. telnet MY_SERVER_IP 8843 establishes a connection on the client computer.

Thanks a lot.

Last edited by alexdmatveev (2014-09-18 14:23:41)

Offline

#2 2014-09-18 17:14:13

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,182
Website

Re: Problem to run TSQLHttpServer via HTTPS?

Did you try to use the HttpSysManager tool, as recommended by http://www.delphitools.info/2013/12/17/ … web-server ?

Offline

#3 2014-09-18 17:47:34

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

Re: Problem to run TSQLHttpServer via HTTPS?

Thanks a lot,

Is my problem on the server or on client?
You sent me a link to a tool...

Does it mean I should get public certificate from StartSSL to work via HTTPS with remote computer?
And when I produce a certificate with manual from your article I am able to ONLY use localcomputer connection.

Right?

And a point is I have no domain name on the my server but only IP-address...

Thanks.

Last edited by alexdmatveev (2014-09-18 17:54:04)

Offline

Board footer

Powered by FluxBB