mORMot Open Source

dualarrow

Member

From: Australia

Registered: 2018-06-28

Posts: 21

[Solved] https. Cant seem to get it to work

This is all except the uses of a test file I'm trying to make work with https

Type
  ICalculator = Interface(IInvokable) ['{EE3E7EDE-3FFA-4E63-B9DC-CE157074FCD4}']
    Function Add(n1,n2: Integer): Integer;
  End;

  TServiceCalculator = Class(TInterfacedObject, ICalculator)
  Public
    Function Add(n1,n2: Integer): Integer;
  End;

var
  aDatabaseFile: TFileName;
  aModel: TSQLModel;
  aServer: TSQLRestServerFullMemory;
  aHTTPServer: TSQLHttpServer;
{ TServiceCalculator }

function TServiceCalculator.Add(n1, n2: Integer): Integer;
begin
  Result := n1 + n2;
end;

begin
  TInterfaceFactory.RegisterInterfaces([TypeInfo(ICalculator)]);

  aModel := TSQLModel.Create([], 'rpc');
  aServer := TSQLRestServerFullMemory.Create(aModel);
  aServer.ServiceDefine(TServiceCalculator, [ICalculator], sicShared);
  aHTTPServer := TSQLHttpServer.Create('888',[aServer]);

  writeln(#13#10'Background server is running at http://localhost:888'#13#10+
          #13#10'Press [Enter] to close the server.');
  ConsoleWaitForEnterKey;
end.

I tried using makecert as per the documentation and I tried creating the certificates with openssl, and finally I tried using powershell with the following line

New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"

Each time, the certificates looked good and registered ok as per this

>netsh http show sslcert

SSL Certificate bindings:
-------------------------

    IP:port                      : 0.0.0.0:888
    Certificate Hash             : 51f0382a9ad387dc686ea41533434bedd72729dc
    Application ID               : {b9865d74-2679-4b58-96dd-8837e6021d54}
    Certificate Store Name       : (null)
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
    Reject Connections           : Disabled
    Disable HTTP2                : Not Set
    Disable QUIC                 : Not Set
    Disable TLS1.3               : Not Set
    Disable OCSP Stapling        : Not Set

The documentation doesnt really say what's meant to be done with the appid (under windows 10 this seems to be a mandatory parameter). So what I did was this

I started up regedit and created and entry of "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HttpsTest.exe" where HttpsTest.exe is the name of the executable from above. I created a string key for it named "AppID" and gave it a GUID of {B9865D74-2679-4B58-96DD-8837E6021D54} which I generated from delphi (just to create a clean guid).

Then from a command prompt, I ran

netsh http add sslcert ipport=0.0.0.0:888 certhash=51F0382A9AD387DC686EA41533434BEDD72729DC appid={B9865D74-2679-4B58-96DD-8837E6021D54}

which completed ok.

The thumbprint was obtained using mmc and double clicking on the certificate as per the mormot documentation.

I then ran up the server and pointer my browser to it at "https://localhost:888/rpc/calculator/add?n1=1&n2=2" to which chrome said "This site can’t provide a secure connection" however under the developer tools security option, it says "Certificate - valid and trusted" and "Resources - all served securely"

Using "telnet 127.0.0.1 888" and just pressing "/" I see the returned content in plain text, not encypted. Pointing telnet at "google.com 443" it returns encrypted data and not plain text.

Pointing a browser at "http://localhost:888/rpc/calculator/add?n1=1&n2=2" (ie not https) provides the correct result of

{"result":[3]}

I'm suspecting my setting up of the appid may be in error or perhaps my setting up of the server in the source above.

Does anyone have any suggestions ?

Last edited by dualarrow (2018-07-06 12:00:32)

dualarrow

Member

From: Australia

Registered: 2018-06-28

Posts: 21

Re: [Solved] https. Cant seem to get it to work

After much googling and trail and error, I resolved the issue. Heres what I found in case anyone else has this issue.

It was all the URI registration that was not working (as I wasn't aware of this. You learn something every day )

To list the URI registrations

netsh http show urlacl

look for any entries with your desired interface/port on it. Any found, delete them like this

netsh http delete urlacl url=https://+:888/rpc/

replacing appropriate parts with the ones you want deleted.

Now add the correct one like this

netsh http add urlacl url=https://+:888/rpc/ user=\Everyone

again, replace the appropriate parts with your URI

This was done on a windows 10 pro OS and I have confirmed with both chrome and wireshark that the https is working correctly.

Cahaya

Member

Registered: 2015-06-21

Posts: 36

Re: [Solved] https. Cant seem to get it to work

After much googling and trail and error, I resolved the issue. Heres what I found in case anyone else has this issue.

netsh http add urlacl url=https://+:888/rpc/ user=\Everyone

again, replace the appropriate parts with your URI
This was done on a windows 10 pro OS and I have confirmed with both chrome and wireshark that the https is working correctly.

Hi,

Do you know what is the problem of this error :
TSQLHttpServer(0255EA88) http.sys URI registration error #183 for https://+:888/root stack trace API

Thank you

Cahaya

Member

Registered: 2015-06-21

Posts: 36

Re: [Solved] https. Cant seem to get it to work

Hi,

I'm sorry, I get wrong direction.

Reserved URL            : http://+:888/root/
        User: \Everyone
            Listen: Yes
            Delegate: Yes
            SDDL: D:(A;;GA;;;WD)

I need to delete url = http... not https. I don't know how windows add that URI.
After delete it and add url = https .... finally it done.

I follow this thread step with a few modification.

Thank you.