#1 2020-04-30 12:33:33

wesleyalves
Member
Registered: 2020-03-29
Posts: 3

THttpApiServer with SSL over windows server 2012

Good morning everyone, I would like to thank you for this wonderful component.
I created a server using THttpApiServer. The speed and stability is incredible. Followed a turorial published on the blog and it could test the server using SSL. However, I had a problem with the server running on windows server 2012. Using the same tutorial, it was not possible to communicate with the server via HTTPS. doing some research, I managed to solve the problem with the following script that should be run by powerShell as an administrator.

Tested on Windows 10, Windows Server 2012, Windows Server 2016, and Windows Server 2019.
an observation. in Windows 2012 the certificate is valid for 12 months, for other systems, you can include additional parameters in the first line.

 -NotAfter (Get-Date).AddYears(10) -FriendlyName WjhTestCert 

I hope it is useful for someone who may experience the same problem

$cert = New-SelfSignedCertificate -DnsName *.any_name_you_want.dev,$env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My
$certFile = Export-Certificate -Cert $cert -FilePath C:\WjhTestCert.cer
Import-Certificate -CertStoreLocation Cert:\LocalMachine\AuthRoot -FilePath $certFile.FullName
Remove-Item $certFile.FullName
$ips = [System.Net.Dns]::GetHostAddresses("").IPAddressToString -like '*.*'
Add-Content C:\Windows\System32\drivers\etc\hosts ” $ips *.any_name_you_want.dev”
$hash = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match "any_name_you_want"}).Thumbprint
Add-NetIPHttpsCertBinding -IpPort "0.0.0.0:8282" -CertificateHash $hash -CertificateStoreName "My" -ApplicationId "{3F2504E0-4F89-11D3-9A0C-0305E82C3301}" -NullEncryption $false

In the version of powershell 4, the last command, which binds the certificate to the port, does not work. to get around, just bind using netsh http...

Strong hug

Offline

#2 2021-03-18 14:28:22

BenTen
Member
Registered: 2021-01-19
Posts: 11

Re: THttpApiServer with SSL over windows server 2012

Thank you, WesleyAlves.

I could not understand for a long time why the way to create a self-signed SSL certificate,
described in the blog, does not work in Windows 10

It turns out that SSL certificates in Windows 10 must be created via PowerShell :-)

Last edited by BenTen (2021-03-18 14:30:02)

Offline

#3 2021-03-18 19:51:41

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: THttpApiServer with SSL over windows server 2012

Not what in mORMot2 IgnoreSSLCertificateErrors is sets to false by default (see the reasons here - https://synopse.info/forum/viewtopic.php?id=5781)
IMHO from security reason better to use plain HTTP than HTTPS with self-signed certificates.

Offline

Board footer

Powered by FluxBB