Atozed Forums

Full Version: http.sys and SSL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
First up ... as far as I can gather the StandAloneSSL demo doesn't work when compiled under 15.0.7. I compile / run it under 14.2.28 and it all works. If I then compile it under 15.0.7 I either get (depending on browser) 404 pages ("Resource not found") or errors such as: EIdOSSLUnderlyingCryptoError 'Error accepting connection with SSL. ... routineConfusedsl3_get_client_hello:no shared cipher'!

I have however got my own SA working under 15.0.7 with SSL as an application and with a Custom Server. Now I want to use http.sys. To use http.sys with SSL do I have to convert the .pem files to IIS formats and install them so http.sys "knows" about them? If so ... advice or suggestions appreciated.

Thanks.
Hi Tony,

I didn't work with IW15/http.sys yet but found Configure HTTPS with HTTP.sys for self hosted web servers, a detailed write down of the procedure needed.

Regards,
Jeroen.
(07-13-2018, 05:56 AM)TonyNZ Wrote: [ -> ]First up ... as far as I can gather the StandAloneSSL demo doesn't work when compiled under 15.0.7. I compile / run it under 14.2.28 and it all works. If I then compile it under 15.0.7 I either get (depending on browser) 404 pages ("Resource not found") or errors such as: EIdOSSLUnderlyingCryptoError 'Error accepting connection with SSL. ... routineConfusedsl3_get_client_hello:no shared cipher'!

I have however got my own SA working under 15.0.7 with SSL as an application and with a Custom Server. Now I want to use http.sys. To use http.sys with SSL do I have to convert the .pem files to IIS formats and install them so http.sys "knows" about them? If so ... advice or suggestions appreciated.

Thanks.

First things first: SSL works perfectly with IW 15. This has been extensively tested, both Indy and Http.sys servers.

Even if you are using Http.sys server you need to set your ServerController.SSLOptions.Port to your HTTPS port (default value is zero, which means don't do any HTTPS binding). If you set to, for instance, 443, your IW Http.sys application will create a binding for HTTPS using that port.

We will update our Http.sys doc to include HTTPS information and a new demo within a couple of days. I'll keep you posted. For now, the best documentation available is that one suggested by Jeroen, above, although not everything applies to IW Https.sys apps.

Kind regards
Thanks Jeroen. I'd seen (and bookmarked) that site ... working my way through things converted the OpenSSL certificates to an IIS (.pfx) file and imported into the Windows certificate store but still get the same problem.

Hi Alexandre. Thanks for the info that http.sys works with SSL. So I presume I'm missing something. Specifically this is what I did ...

Took your HttpSysDemo1 and made the following changes:

Port = 80
SSLOptions.Port = 443
NonSSLRequest = nsAccept
SSLVersion = TLSv12
SSLVersions = [TLSv1,TLSV11,TLSv12]

Copied the appropriate .pem and .dll files into the correct folder.

Test 1:
Replaced IWStartHsys with IWStart, and TIWStartHSys.Execute(true) with TIWStart.Execute(true).
Run the demo
Both http://domain/HSysApp1/ and https://domain/HSysApp1/ work.

Test 2:
Restore the IWStartHsys and TIWStartHSys.Execute(true)
Run the demo again
http://domain/HSysApp1/ works.
https://domain/HSysApp1/ doesn't work!

Chrome: Site can't be reached (the connection was reset).
Firefox: Secure connection failed (the connection was reset; authenticity of the received data couldn't be verified)
IE: The page can't be displayed.

I shall keep playing with this over the weekend and look forward to updates to the documentation and a http.sys / SSL demo.

Regards
Success!

For anyone else (if using http.sys and SSL) ... you need to use the IIS (.pfx) version of the certificate; import it into the Windows certificate store; and then bind that certificate to port 443.

If anyone is interested I can do up some notes on the specific steps.

Bastille day here ... so now going to going to have some French bubbly (the cheaper stuff).
(07-14-2018, 05:54 AM)TonyNZ Wrote: [ -> ]Success!

For anyone else (if using http.sys and SSL) ... you need to use the IIS (.pfx) version of the certificate; import it into the Windows certificate store; and then bind that certificate to port 443.

If anyone is interested I can do up some notes on the specific steps.

Bastille day here ... so now going to going to have some French bubbly (the cheaper stuff).

I'm having the same problem with ssl and http.sys. Please write the steps you followed to get it working

It seems that I figured it out. After installing the .pfx certificate, in IIS Manager I had to create a Binding for the port 443 without running the IIS Web Server. Then the ssl in the Intraweb application just works.
(10-15-2018, 05:21 PM)ioan Wrote: [ -> ]
(07-14-2018, 05:54 AM)TonyNZ Wrote: [ -> ]Success!

For anyone else (if using http.sys and SSL) ... you need to use the IIS (.pfx) version of the certificate; import it into the Windows certificate store; and then bind that certificate to port 443.

If anyone is interested I can do up some notes on the specific steps.

Bastille day here ... so now going to going to have some French bubbly (the cheaper stuff).

I'm having the same problem with ssl and http.sys. Please write the steps you followed to get it working

It seems that I figured it out. After installing the .pfx certificate, in IIS Manager I had to create a Binding for the port 443 without running the IIS Web Server. Then the ssl in the Intraweb application just works.

I am trying to setup ssl with my http.sys.    Does anyone have any specific steps on how to do this?
(08-08-2020, 06:33 PM)kudzu Wrote: [ -> ]https://blog.boxofbolts.com/ssl/windows/...d-windows/

thanks.   We got it working.