+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: SSL with WildCard certificate. (/thread-1977.html)
SSL with WildCard certificate. - Rassamaha78 - 09-16-2020
- Can anyone write a step by step instruction on how to enable HTTPS. I am using Intraweb 15, in http.sys mode (TIWStartHSys.Execute (False)). I am following these setup steps:
- Configuring ServerController:
SSLOptions.Certificate.CertFileName SSLOptions.Certificate.KeyFileName SSLOptions.Certificate.RootCertFileName SSLOptions.Certificate.Password SSLOptions.Certificate.Path SSLOptions.CipherList SSLOptions.Port - Add libeay32.dll, ssleay32.dll to programm folder.
- Configure HTTPS with HTTP.sys for self hosted web servers
But the SSL still don't work, Webbrowser reports: Unable to access the site, Site does not allow a connection: ERR_CONNECTION_REFUSED
What else needs to be done to enable HTTPS?
P.S. Server OS - Windows 2016 Server.
RE: SSL with WildCard certificate. - ioan - 09-16-2020
(09-16-2020, 03:19 PM)Rassamaha78 Wrote:
- Can anyone write a step by step instruction on how to enable HTTPS. I am using Intraweb 15, in http.sys mode (TIWStartHSys.Execute (False)). I am following these setup steps:
See this thread: https://www.atozed.com/forums/thread-958.html
Basically, you have to install the certificate to Windows because Windows handles the connection with http.sys.
RE: SSL with WildCard certificate. - Rassamaha78 - 09-17-2020
I have already done everything that is written above several times. I installed the certificate through IIS and directly through the netsh, it still does not work. Maybe WildCard certificates have customization features ? I've often heard about this in various articles.
RE: SSL with WildCard certificate. - MJS@mjs.us - 09-17-2020
I use wildcard certs with httpsys. Maybe this is the issue: even though the cert is wildcard you'll still have to add an entry for every subdomain like so -
netsh http add sslcert hostnameport="www.abc.com:443" certhash=123...
netsh http add sslcert hostnameport="ms1.abc.com:443" certhash=123...
netsh http add sslcert hostnameport="ms2.abc.com:443" certhash=123...
etc.
RE: SSL with WildCard certificate. - Rassamaha78 - 09-19-2020
I have already tried all the methods, but I still cannot enable support for SSL in my project. Below I will describe all the configuration steps that I do, maybe I am doing something wrong:
1. I have a domain, let's say it's broker.com, there is a WildСard certificate *.broker.com. IIS is running on the server where several sites are running: https://crm.broker.com, https://webtrader.broker.com, https://tradersroom.broker.com they all support SSL on port 443.
2. Now I would like to start my service on the same server at: https://broker.ru/payments/
3. I am using Intraweb version 15.1.22 in the http.sys mode ( TIWStartHSys.Execute( False ) ).
4. I am setting the settings in the IWServerControllerBaseConfig event ( Perhaps the settings need to be set in another event ? ):
Code:
Port := 8888; //80
URLBase := '/payments/';Do I need to specify the path to certificates for nttp.sys? I've tried specifying and leaving the field blank.
Code:
SSLOptions.Certificate.CertFileName := 'cert.pem';
SSLOptions.Certificate.KeyFileName := 'key.pem';
SSLOptions.Certificate.RootCertFileName := 'root.pem';
SSLOptions.Certificate.Password := 'pass';
SSLOptions.Certificate.Path := 'C:\certificates\';Can I specify the SSL port 443 if it is already in use by the IIS ? I've tried 443 and 8444.
Code:
SSLOptions.Port := 8444; //4435.Further in PowerShell, I get the certificate fingerprint with the command:
Code:
dir cert:\localmachine\my6. Then I execute the command:
Code:
netsh http add sslcert ipport=0.0.0.0:443 certhash=C30A5559BEA881A555215592F55598F85DDDC55D appid="{8555E71B-5558-4CF1-5554-743F55562F71}" certstore=myand I get a message something like: Certificate added successfully.
I also tried to specify the hostnameport=payments.broker.com:443 domain instead of the IP address, while in the settings of the IWServerController, I added:
Code:
HttpSysOptions.VirtualHostNames := 'payments.broker.com';I also tried executing the command:
Code:
netsh http add urlacl url=https://0.0.0.0:443/ user=Users7. I also put the libraries in the folder with the exe file: libeay32.dll and libmysql.dll, But as I understand it, these libraries are not needed when working with http.sys ?
After all these actions, the HTTP works fine, but when trying to access through HTTPS, the browser says that it: "Cannot load the page".
I do not know what action to take yet and I really look forward to help from this forum...
RE: SSL with WildCard certificate. - Alexandre Machado - 09-22-2020
Http.sys applications don't use OpenSSL, so you can safely remove libeay32.dll from your equation.
You have all the tools with IntraWeb itself.
Here is a step by step procedure, using only our IWCertificateManager tool:
https://www.atozed.com/intraweb/certmanager/creating-and-installing-self-signed-development-certificates-for-http-sys-applications/
RE: SSL with WildCard certificate. - Rassamaha78 - 09-23-2020
I still cannot include support for SSL in my project ...
IWCertificateManager didn’t help me. I tried to install the certificate manually, it is displayed in IWCertificateManager, I also tried to create and install the certificate through IWCertificateManager itself, there is no effect.
I noticed a strange effect: when starting my service, Windows does not open the specified SSL port (SSLOptions.Port)! I tried different ports: 443, 8444, etc., maybe the service needs some additional permissions?
Do I have to fill in any other parameters besides SSLOptions.Port in http.sys mode? For example such as SSLOptions.Certificate.CertFileName, SSLOptions.Certificate.KeyFileName, SSLOptions.Certificate.RootCertFileName, SSLOptions.Certificate.Password, SSLOptions.Certificate.Path ?
Can anyone give me a minimal example of a SSL + http.sys that works 100% on your server ?