SSL with WildCard certificate. - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html) +--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html) +---- Forum: English (https://www.atozed.com/forums/forum-16.html) +----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html) +----- Thread: SSL with WildCard certificate. (/thread-1977.html) |
SSL with WildCard certificate. - Rassamaha78 - 09-16-2020
But the SSL still don't work, Webbrowser reports: Unable to access the site, Site does not allow a connection: ERR_CONNECTION_REFUSED What else needs to be done to enable HTTPS? P.S. Server OS - Windows 2016 Server. RE: SSL with WildCard certificate. - ioan - 09-16-2020 (09-16-2020, 03:19 PM)Rassamaha78 Wrote: See this thread: https://www.atozed.com/forums/thread-958.html Basically, you have to install the certificate to Windows because Windows handles the connection with http.sys. RE: SSL with WildCard certificate. - Rassamaha78 - 09-17-2020 I have already done everything that is written above several times. I installed the certificate through IIS and directly through the netsh, it still does not work. Maybe WildCard certificates have customization features ? I've often heard about this in various articles. RE: SSL with WildCard certificate. - MJS@mjs.us - 09-17-2020 I use wildcard certs with httpsys. Maybe this is the issue: even though the cert is wildcard you'll still have to add an entry for every subdomain like so - netsh http add sslcert hostnameport="www.abc.com:443" certhash=123... netsh http add sslcert hostnameport="ms1.abc.com:443" certhash=123... netsh http add sslcert hostnameport="ms2.abc.com:443" certhash=123... etc. RE: SSL with WildCard certificate. - Rassamaha78 - 09-19-2020 I have already tried all the methods, but I still cannot enable support for SSL in my project. Below I will describe all the configuration steps that I do, maybe I am doing something wrong: 1. I have a domain, let's say it's broker.com, there is a WildСard certificate *.broker.com. IIS is running on the server where several sites are running: https://crm.broker.com, https://webtrader.broker.com, https://tradersroom.broker.com they all support SSL on port 443. 2. Now I would like to start my service on the same server at: https://broker.ru/payments/ 3. I am using Intraweb version 15.1.22 in the http.sys mode ( TIWStartHSys.Execute( False ) ). 4. I am setting the settings in the IWServerControllerBaseConfig event ( Perhaps the settings need to be set in another event ? ): Code: Port := 8888; //80 Do I need to specify the path to certificates for nttp.sys? I've tried specifying and leaving the field blank. Code: SSLOptions.Certificate.CertFileName := 'cert.pem'; Can I specify the SSL port 443 if it is already in use by the IIS ? I've tried 443 and 8444. Code: SSLOptions.Port := 8444; //443 5.Further in PowerShell, I get the certificate fingerprint with the command: Code: dir cert:\localmachine\my 6. Then I execute the command: Code: netsh http add sslcert ipport=0.0.0.0:443 certhash=C30A5559BEA881A555215592F55598F85DDDC55D appid="{8555E71B-5558-4CF1-5554-743F55562F71}" certstore=my and I get a message something like: Certificate added successfully. I also tried to specify the hostnameport=payments.broker.com:443 domain instead of the IP address, while in the settings of the IWServerController, I added: Code: HttpSysOptions.VirtualHostNames := 'payments.broker.com'; I also tried executing the command: Code: netsh http add urlacl url=https://0.0.0.0:443/ user=Users 7. I also put the libraries in the folder with the exe file: libeay32.dll and libmysql.dll, But as I understand it, these libraries are not needed when working with http.sys ? After all these actions, the HTTP works fine, but when trying to access through HTTPS, the browser says that it: "Cannot load the page". I do not know what action to take yet and I really look forward to help from this forum... RE: SSL with WildCard certificate. - Alexandre Machado - 09-22-2020 Http.sys applications don't use OpenSSL, so you can safely remove libeay32.dll from your equation. You have all the tools with IntraWeb itself. Here is a step by step procedure, using only our IWCertificateManager tool: https://www.atozed.com/intraweb/certmanager/creating-and-installing-self-signed-development-certificates-for-http-sys-applications/ RE: SSL with WildCard certificate. - Rassamaha78 - 09-23-2020 I still cannot include support for SSL in my project ... IWCertificateManager didn’t help me. I tried to install the certificate manually, it is displayed in IWCertificateManager, I also tried to create and install the certificate through IWCertificateManager itself, there is no effect. I noticed a strange effect: when starting my service, Windows does not open the specified SSL port (SSLOptions.Port)! I tried different ports: 443, 8444, etc., maybe the service needs some additional permissions? Do I have to fill in any other parameters besides SSLOptions.Port in http.sys mode? For example such as SSLOptions.Certificate.CertFileName, SSLOptions.Certificate.KeyFileName, SSLOptions.Certificate.RootCertFileName, SSLOptions.Certificate.Password, SSLOptions.Certificate.Path ? Can anyone give me a minimal example of a SSL + http.sys that works 100% on your server ? |