RestHttpServer with https

hicham_taybi · 2024-11-16 17:47:41

Good morning,
I am a beginner in Mormot,
I took the example:
mormot2\ex\Third Party Demos\martin-doyle\05-HttpDaemonORM,
and I added https, I changed:
On the server:

HttpServer := TRestHttpServer.Create(HttpPort,[SampleServer],'+',HTTP_DEFAULT_MODE,32,secTlsselfsigned );

On the client:

HttpClient := TRestHttpClient.Create('localhost', HttpPort, Model,true);
HttpClient.IgnoreTlsCertificateErrors:=true;

I ran Project05HttpDaemon.exe as administrator, it is registered in http.sys:

20241116 17291031 ! + mormot.rest.http.server.TRestHttpServer(016738e0).Create useHttpApiRegisteringURI (secTLSSelfSigned) on port 11111
20241116 17291033 ! http mormot.rest.http.server.TRestHttpServer(016738e0) http.sys registration of https://+:11111/root
20241116 17291033 " info SetThreadName 4c84=HttpSrv 11111root THttpApiSrv
20241116 17291033 " trace server.TSampleServer(01600030) BeginCurrentThread(THttpApiServer) root=root ThreadID=4c84 'HttpSrv 11111root THttpApiSrv' ThreadCount=1
20241116 17291033 # info SetThreadName 4f40=HttpSrv 11111root THttpApiSrv

But the client requests do not reach the server, there is not even a trace on the server.
THANKS.

ab · 2024-11-16 18:11:13

secTLSSelfSigned is for the socket or the async web server.
It does not work with the http.sys server (useHttpApi*).

hicham_taybi · 2024-11-16 20:17:47

Thank you for your response,
what is the best solution (security + speed) to resolve this problem,
with example if you like
THANKS

zen010101 · 2024-11-17 02:14:11

server:
HttpServer := TRestHttpServer.Create(HttpPort, [SampleServer], '+', useBidirAsync, 4, secTLSSelfSigned);
client:
HttpClient := TRestHttpClient.Create('localhost', HttpPort, Model, true);

hicham_taybi · 2024-11-18 12:09:18

Thank you for your response.
How can I do it with my own certificate with example please
THANKS

zen010101 · Yesterday 15:11:59

see source code:

/// create a HTTP/HTTPS Server instance, to serve REST requests
...
// - for a HTTPS server, use secTLS and set CertificateFile, PrivateKeyFile,
// and PrivateKeyPassword expected values, or specify secTLSSelfSigned
constructor Create(const aServers: array of TRestServer; const aPort: RawUtf8;
  aThreadPoolCount: integer = 32; aSecurity: TRestHttpServerSecurity = secNone;
  aOptions: TRestHttpServerOptions = HTTPSERVER_DEFAULT_OPTIONS;
  const CertificateFile: TFileName = ''; const PrivateKeyFile: TFileName = '';
  const PrivateKeyPassword: RawUtf8 = ''; const CACertificatesFile: TFileName = '');
    reintroduce; overload;

from the documentation

hicham_taybi · Today 08:23:14

Thanks for your help
i will test
Thanks

hicham_taybi · Today 12:17:49

Good morning,
After using my certificate

HttpServer := TRestHttpServer.Create([SampleServer], HttpPort, 16, secTLS,HTTPSERVER_DEFAULT_OPTIONS , 'mycertificat.pem','myprivatkey.key','PasseworD' );

I got the following error:

20241121 12060323 ! EXC ESChannel {Message:"<>: AfterBind: PFXImportCertStore returned 80090327 [SEC_E_CERT_UNKNOWN], System Error -2146885630 [Une erreur s’est produite lors d’une opération de codage ou de décodage]"} [Main] at 4471b9
20241121 12060324 ! EXC ENetSock {Message:"TCrtSocket.DoTlsAfter: TLS failed [ESChannel <>: AfterBind: PFXImportCertStore returned 80090327 [SEC_E_CERT_UNKNOWN], System Error -2146885630 [Une erreur s’est produite lors d’une opération de codage ou de décodage]]"} [Main] at 44c7b9

ab · Today 14:28:13

With SChannel, you need to use a PFX file with both the certificate and the private key.
You can't supply a separated PEM.

mORMot Open Source

#1 2024-11-16 17:47:41

RestHttpServer with https

#2 2024-11-16 18:11:13

Re: RestHttpServer with https

#3 2024-11-16 20:17:47

Re: RestHttpServer with https

#4 2024-11-17 02:14:11

Re: RestHttpServer with https

#5 2024-11-18 12:09:18

Re: RestHttpServer with https

#6 Yesterday 15:11:59

Re: RestHttpServer with https

#7 Today 08:23:14

Re: RestHttpServer with https

#8 Today 12:17:49

Re: RestHttpServer with https

#9 Today 14:28:13

Re: RestHttpServer with https

Board footer