http.sys and SSL - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html) +--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html) +---- Forum: English (https://www.atozed.com/forums/forum-16.html) +----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html) +----- Thread: http.sys and SSL (/thread-495.html) |
http.sys and SSL - TonyNZ - 07-13-2018 First up ... as far as I can gather the StandAloneSSL demo doesn't work when compiled under 15.0.7. I compile / run it under 14.2.28 and it all works. If I then compile it under 15.0.7 I either get (depending on browser) 404 pages ("Resource not found") or errors such as: EIdOSSLUnderlyingCryptoError 'Error accepting connection with SSL. ... routinesl3_get_client_hello:no shared cipher'! I have however got my own SA working under 15.0.7 with SSL as an application and with a Custom Server. Now I want to use http.sys. To use http.sys with SSL do I have to convert the .pem files to IIS formats and install them so http.sys "knows" about them? If so ... advice or suggestions appreciated. Thanks. RE: http.sys and SSL - jeroen.rottink - 07-13-2018 Hi Tony, I didn't work with IW15/http.sys yet but found Configure HTTPS with HTTP.sys for self hosted web servers, a detailed write down of the procedure needed. Regards, Jeroen. RE: http.sys and SSL - Alexandre Machado - 07-14-2018 (07-13-2018, 05:56 AM)TonyNZ Wrote: First up ... as far as I can gather the StandAloneSSL demo doesn't work when compiled under 15.0.7. I compile / run it under 14.2.28 and it all works. If I then compile it under 15.0.7 I either get (depending on browser) 404 pages ("Resource not found") or errors such as: EIdOSSLUnderlyingCryptoError 'Error accepting connection with SSL. ... routinesl3_get_client_hello:no shared cipher'! First things first: SSL works perfectly with IW 15. This has been extensively tested, both Indy and Http.sys servers. Even if you are using Http.sys server you need to set your ServerController.SSLOptions.Port to your HTTPS port (default value is zero, which means don't do any HTTPS binding). If you set to, for instance, 443, your IW Http.sys application will create a binding for HTTPS using that port. We will update our Http.sys doc to include HTTPS information and a new demo within a couple of days. I'll keep you posted. For now, the best documentation available is that one suggested by Jeroen, above, although not everything applies to IW Https.sys apps. Kind regards RE: http.sys and SSL - TonyNZ - 07-14-2018 Thanks Jeroen. I'd seen (and bookmarked) that site ... working my way through things converted the OpenSSL certificates to an IIS (.pfx) file and imported into the Windows certificate store but still get the same problem. Hi Alexandre. Thanks for the info that http.sys works with SSL. So I presume I'm missing something. Specifically this is what I did ... Took your HttpSysDemo1 and made the following changes: Port = 80 SSLOptions.Port = 443 NonSSLRequest = nsAccept SSLVersion = TLSv12 SSLVersions = [TLSv1,TLSV11,TLSv12] Copied the appropriate .pem and .dll files into the correct folder. Test 1: Replaced IWStartHsys with IWStart, and TIWStartHSys.Execute(true) with TIWStart.Execute(true). Run the demo Both http://domain/HSysApp1/ and https://domain/HSysApp1/ work. Test 2: Restore the IWStartHsys and TIWStartHSys.Execute(true) Run the demo again http://domain/HSysApp1/ works. https://domain/HSysApp1/ doesn't work! Chrome: Site can't be reached (the connection was reset). Firefox: Secure connection failed (the connection was reset; authenticity of the received data couldn't be verified) IE: The page can't be displayed. I shall keep playing with this over the weekend and look forward to updates to the documentation and a http.sys / SSL demo. Regards RE: http.sys and SSL - TonyNZ - 07-14-2018 Success! For anyone else (if using http.sys and SSL) ... you need to use the IIS (.pfx) version of the certificate; import it into the Windows certificate store; and then bind that certificate to port 443. If anyone is interested I can do up some notes on the specific steps. Bastille day here ... so now going to going to have some French bubbly (the cheaper stuff). RE: http.sys and SSL - ioan - 10-15-2018 (07-14-2018, 05:54 AM)TonyNZ Wrote: Success! I'm having the same problem with ssl and http.sys. Please write the steps you followed to get it working It seems that I figured it out. After installing the .pfx certificate, in IIS Manager I had to create a Binding for the port 443 without running the IIS Web Server. Then the ssl in the Intraweb application just works. RE: http.sys and SSL - joel - 08-08-2020 (10-15-2018, 05:21 PM)ioan Wrote:(07-14-2018, 05:54 AM)TonyNZ Wrote: Success! I am trying to setup ssl with my http.sys. Does anyone have any specific steps on how to do this? RE: http.sys and SSL - kudzu - 08-08-2020 https://blog.boxofbolts.com/ssl/windows/owin/guide/2015/06/29/https-self-hosted-windows/ RE: http.sys and SSL - joelcc - 08-11-2020 (08-08-2020, 06:33 PM)kudzu Wrote: https://blog.boxofbolts.com/ssl/windows/owin/guide/2015/06/29/https-self-hosted-windows/ thanks. We got it working. |