Connect to a https Server

firstfriday · 2025-08-12 00:30:18

hi, I have a problem with secTLSSelfSigned.

The client returns always an error code 666.

FHTTPClient.TLS.Enabled:=true;
FHTTPClient.TLS.IgnoreCertificateErrors:=true;
StatusCode := FHTTPClient.Request(FBaseURL, 'POST',10 ,'Content-Type: application/json'#13#10 +  'Accept: application/json',RequestBody);
// StatusCode  always 666

Server ist created like this:

HttpServer := TRestHttpServer.Create('8080', [RestServer], '+', useBidirSocket, 32, secTLSSelfSigned );

what am I doing wrong?

ab · 2025-08-12 16:49:51

The tests with secTLSSelfSigned do pass here.

There is not enough information in your code.
Use a gist or a download link please to put some reproducible example.

Can you try to debug a little and find out where the client fails?

firstfriday · 2025-09-05 23:18:41

I am pritty sure that your code works fine. It is a general Certificate or Windows problem.
I cannot debug because it does not even reach your Framework.
Server (started as an admin with no error):

      certFile := 'cert.pem';
      keyFile := 'key.pem';  
      // these files created with
      // openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=mydyndns"
      FServer := TRestHttpServer.create('localhost:8080', [FSQLRestServer], '+',
                  useHttpApiRegisteringURI,32,secTLS,certFile, keyFile); // secTLSSelfSigned has same effect

then I try to access it with a browser and it returns:
ERR_CONNECTION_RESET
or
with curl: curl: (35) Recv failure: Connection was reset

Last edited by firstfriday (2025-09-06 10:40:01)

Chaa · 2025-09-06 03:39:41

Try check your firewall settings: Control panel -> System and Security -> Windows Defender Firewall -> Advanced Settings.

firstfriday · 2025-09-06 11:31:04

I found finally out that
1) I need to start the server with 0.0.0.0:8080 to be reached form outside my network.
With http I could start it with localhost, with https not.

2) With parameter useHttpApiRegisteringURI the TLS(secTLSSelfSigned) is delegating the TLS functionality to the windows system. In theory you will have to configure it with the management console: prompt:Certmgr.msc and import the certificate generated with opelSSL. But I could not get it running.

The only combination worked for me was

 FServer := TRestHttpServer.create(''0.0.0.0:8080', [FSQLRestServer], '+',
                  useHttpAsync,32,secTLSSelfSigned);

The whole issue about certificates is quite confusing and I found it difficulte to find a working manual for windows to manage it.

mORMot Open Source

#1 2025-08-12 00:30:18

Connect to a https Server

#2 2025-08-12 16:49:51

Re: Connect to a https Server

#3 2025-09-05 23:18:41

Re: Connect to a https Server

#4 2025-09-06 03:39:41

Re: Connect to a https Server

#5 2025-09-06 11:31:04

Re: Connect to a https Server

Board footer