You are not logged in.
- Topics: Active | Unanswered
#1 2020-04-30 12:33:33
- wesleyalves
- Member
- Registered: 2020-03-29
- Posts: 3
THttpApiServer with SSL over windows server 2012
Good morning everyone, I would like to thank you for this wonderful component.
I created a server using THttpApiServer. The speed and stability is incredible. Followed a turorial published on the blog and it could test the server using SSL. However, I had a problem with the server running on windows server 2012. Using the same tutorial, it was not possible to communicate with the server via HTTPS. doing some research, I managed to solve the problem with the following script that should be run by powerShell as an administrator.
Tested on Windows 10, Windows Server 2012, Windows Server 2016, and Windows Server 2019.
an observation. in Windows 2012 the certificate is valid for 12 months, for other systems, you can include additional parameters in the first line.
-NotAfter (Get-Date).AddYears(10) -FriendlyName WjhTestCert I hope it is useful for someone who may experience the same problem
$cert = New-SelfSignedCertificate -DnsName *.any_name_you_want.dev,$env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My
$certFile = Export-Certificate -Cert $cert -FilePath C:\WjhTestCert.cer
Import-Certificate -CertStoreLocation Cert:\LocalMachine\AuthRoot -FilePath $certFile.FullName
Remove-Item $certFile.FullName
$ips = [System.Net.Dns]::GetHostAddresses("").IPAddressToString -like '*.*'
Add-Content C:\Windows\System32\drivers\etc\hosts ” $ips *.any_name_you_want.dev”
$hash = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match "any_name_you_want"}).Thumbprint
Add-NetIPHttpsCertBinding -IpPort "0.0.0.0:8282" -CertificateHash $hash -CertificateStoreName "My" -ApplicationId "{3F2504E0-4F89-11D3-9A0C-0305E82C3301}" -NullEncryption $falseIn the version of powershell 4, the last command, which binds the certificate to the port, does not work. to get around, just bind using netsh http...
Strong hug
Offline
#2 2021-03-18 14:28:22
- BenTen
- Member
- Registered: 2021-01-19
- Posts: 11
Re: THttpApiServer with SSL over windows server 2012
Thank you, WesleyAlves.
I could not understand for a long time why the way to create a self-signed SSL certificate,
described in the blog, does not work in Windows 10
It turns out that SSL certificates in Windows 10 must be created via PowerShell :-)
Last edited by BenTen (2021-03-18 14:30:02)
Offline
#3 2021-03-18 19:51:41
Re: THttpApiServer with SSL over windows server 2012
Not what in mORMot2 IgnoreSSLCertificateErrors is sets to false by default (see the reasons here - https://synopse.info/forum/viewtopic.php?id=5781)
IMHO from security reason better to use plain HTTP than HTTPS with self-signed certificates.
Offline