#1 2024-11-16 17:47:41

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

RestHttpServer with https

Good morning,
I am a beginner in Mormot,
I took the example:
mormot2\ex\Third Party Demos\martin-doyle\05-HttpDaemonORM,
and I added https, I changed:
On the server:

HttpServer := TRestHttpServer.Create(HttpPort,[SampleServer],'+',HTTP_DEFAULT_MODE,32,secTlsselfsigned );

On the client:

  HttpClient := TRestHttpClient.Create('localhost', HttpPort, Model,true);
  HttpClient.IgnoreTlsCertificateErrors:=true;

I ran Project05HttpDaemon.exe as administrator, it is registered in http.sys:

20241116 17291031  !  +         mormot.rest.http.server.TRestHttpServer(016738e0).Create useHttpApiRegisteringURI (secTLSSelfSigned) on port 11111
20241116 17291033  ! http               mormot.rest.http.server.TRestHttpServer(016738e0) http.sys registration of https://+:11111/root
20241116 17291033  " info  SetThreadName 4c84=HttpSrv 11111root THttpApiSrv
20241116 17291033  " trace server.TSampleServer(01600030) BeginCurrentThread(THttpApiServer) root=root ThreadID=4c84 'HttpSrv 11111root THttpApiSrv' ThreadCount=1
20241116 17291033  # info  SetThreadName 4f40=HttpSrv 11111root THttpApiSrv



But the client requests do not reach the server, there is not even a trace on the server.
THANKS.

Offline

#2 2024-11-16 18:11:13

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,682
Website

Re: RestHttpServer with https

secTLSSelfSigned is for the socket or the async web server.
It does not work with the http.sys server (useHttpApi*).

Offline

#3 2024-11-16 20:17:47

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

Re: RestHttpServer with https

Thank you for your response,
what is the best solution (security + speed) to resolve this problem,
with example if you like
THANKS

Offline

#4 2024-11-17 02:14:11

zen010101
Member
Registered: 2024-06-15
Posts: 70

Re: RestHttpServer with https

server:
  HttpServer := TRestHttpServer.Create(HttpPort, [SampleServer], '+', useBidirAsync, 4, secTLSSelfSigned);
client:
  HttpClient := TRestHttpClient.Create('localhost', HttpPort, Model, true);

Offline

#5 2024-11-18 12:09:18

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

Re: RestHttpServer with https

Thank you for your response.
How can I do it with my own certificate with example please
THANKS

Offline

#6 2024-11-20 15:11:59

zen010101
Member
Registered: 2024-06-15
Posts: 70

Re: RestHttpServer with https

see source code:

/// create a HTTP/HTTPS Server instance, to serve REST requests
...
// - for a HTTPS server, use secTLS and set CertificateFile, PrivateKeyFile,
// and PrivateKeyPassword expected values, or specify secTLSSelfSigned
constructor Create(const aServers: array of TRestServer; const aPort: RawUtf8;
  aThreadPoolCount: integer = 32; aSecurity: TRestHttpServerSecurity = secNone;
  aOptions: TRestHttpServerOptions = HTTPSERVER_DEFAULT_OPTIONS;
  const CertificateFile: TFileName = ''; const PrivateKeyFile: TFileName = '';
  const PrivateKeyPassword: RawUtf8 = ''; const CACertificatesFile: TFileName = '');
    reintroduce; overload;

from the documentation

Offline

#7 2024-11-21 08:23:14

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

Re: RestHttpServer with https

Thanks for your help
i will test
Thanks

Offline

#8 2024-11-21 12:17:49

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

Re: RestHttpServer with https

Good morning,
After using my certificate

  HttpServer := TRestHttpServer.Create([SampleServer], HttpPort, 16, secTLS,HTTPSERVER_DEFAULT_OPTIONS , 'mycertificat.pem','myprivatkey.key','PasseworD' );

I got the following error:

20241121 12060323  ! EXC           ESChannel {Message:"<>: AfterBind: PFXImportCertStore returned 80090327 [SEC_E_CERT_UNKNOWN], System Error -2146885630 [Une erreur s’est produite lors d’une opération de codage ou de décodage]"} [Main] at 4471b9 
20241121 12060324  ! EXC           ENetSock {Message:"TCrtSocket.DoTlsAfter: TLS failed [ESChannel <>: AfterBind: PFXImportCertStore returned 80090327 [SEC_E_CERT_UNKNOWN], System Error -2146885630 [Une erreur s’est produite lors d’une opération de codage ou de décodage]]"} [Main] at 44c7b9

Offline

#9 2024-11-21 14:28:13

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,682
Website

Re: RestHttpServer with https

With SChannel, you need to use a PFX file with both the certificate and the private key.
You can't supply a separated PEM.

Offline

#10 2024-11-21 20:06:26

hicham_taybi
Member
Registered: 2024-10-27
Posts: 10

Re: RestHttpServer with https

Thank you for your answer
How can I do that with example please
Thank you

Offline

#11 2024-11-22 04:37:26

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: RestHttpServer with https

See TSChannelNetTls.AfterBind logic and comments.

Convert to PFX:

openssl pkcs12 -inkey myprivatkey.key -in mycertificat.pem -export -out mycert.pfx

Offline

Board footer

Powered by FluxBB