Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SSL with WildCard certificate.
#1
  • Can anyone write a step by step instruction on how to enable HTTPS. I am using Intraweb 15, in http.sys mode (TIWStartHSys.Execute (False)). I am following these setup steps:
  • Configuring ServerController:
    SSLOptions.Certificate.CertFileName     SSLOptions.Certificate.KeyFileName      SSLOptions.Certificate.RootCertFileName SSLOptions.Certificate.Password         SSLOptions.Certificate.Path             SSLOptions.CipherList                   SSLOptions.Port   
  • Add libeay32.dll, ssleay32.dll to programm folder.
  • Configure HTTPS with HTTP.sys for self hosted web servers



But the SSL still don't work, Webbrowser reports: Unable to access the site, Site does not allow a connection: ERR_CONNECTION_REFUSED
What else needs to be done to enable HTTPS?

P.S. Server OS - Windows 2016 Server.
Reply
#2
(09-16-2020, 03:19 PM)Rassamaha78 Wrote:
  • Can anyone write a step by step instruction on how to enable HTTPS. I am using Intraweb 15, in http.sys mode (TIWStartHSys.Execute (False)). I am following these setup steps:


See this thread: https://www.atozed.com/forums/thread-958.html

Basically, you have to install the certificate to Windows because Windows handles the connection with http.sys.
Reply
#3
I have already done everything that is written above several times. I installed the certificate through IIS and directly through the netsh, it still does not work. Maybe WildCard certificates have customization features ? I've often heard about this in various articles.
Reply
#4
I use wildcard certs with httpsys.  Maybe this is the issue: even though the cert is wildcard you'll still have to add an entry for every subdomain like so - 

netsh http add sslcert hostnameport="www.abc.com:443" certhash=123...
netsh http add sslcert hostnameport="ms1.abc.com:443" certhash=123...
netsh http add sslcert hostnameport="ms2.abc.com:443" certhash=123...

etc.
Reply
#5
I have already tried all the methods, but I still cannot enable support for SSL in my project. Below I will describe all the configuration steps that I do, maybe I am doing something wrong:

1. I have a domain, let's say it's broker.com, there is a WildСard certificate  *.broker.com. IIS is running on the server where several sites are running:  https://crm.broker.com,  https://webtrader.broker.com,  https://tradersroom.broker.com they all support SSL on port 443.
2. Now I would like to start my service on the same server at: https://broker.ru/payments/ 
3. I am using Intraweb version 15.1.22 in the http.sys mode ( TIWStartHSys.Execute( False ) ).
4. I am setting the settings in the IWServerControllerBaseConfig event ( Perhaps the settings need to be set in another event ? ):

Code:
Port    := 8888; //80
URLBase := '/payments/';

Do I need to specify the path to certificates for nttp.sys? I've tried specifying and leaving the field blank.

Code:
SSLOptions.Certificate.CertFileName     := 'cert.pem';
SSLOptions.Certificate.KeyFileName      := 'key.pem';
SSLOptions.Certificate.RootCertFileName := 'root.pem';
SSLOptions.Certificate.Password         := 'pass';
SSLOptions.Certificate.Path             := 'C:\certificates\';

Can I specify the SSL port 443 if it is already in use by the IIS ? I've tried 443 and 8444.

Code:
SSLOptions.Port                        := 8444; //443

5.Further in PowerShell, I get the certificate fingerprint with the command:

Code:
dir cert:\localmachine\my

6. Then I execute the command:

Code:
netsh http add sslcert ipport=0.0.0.0:443 certhash=C30A5559BEA881A555215592F55598F85DDDC55D appid="{8555E71B-5558-4CF1-5554-743F55562F71}" certstore=my

 and I get a message something like: Certificate added successfully.
 I also tried to specify the hostnameport=payments.broker.com:443 domain instead of the IP address, while in the settings of the IWServerController, I added:

Code:
HttpSysOptions.VirtualHostNames := 'payments.broker.com';
 
also tried executing the command:

Code:
netsh http add urlacl url=https://0.0.0.0:443/ user=Users

7. I also put the libraries in the folder with the exe file: libeay32.dll and libmysql.dll, But as I understand it, these libraries are not needed when working with http.sys ?
 
After all these actions, the HTTP works fine, but when trying to access through HTTPS, the browser says that it: "Cannot load the page".

I do not know what action to take yet and I really look forward to help from this forum...
Reply
#6
Http.sys applications don't use OpenSSL, so you can safely remove libeay32.dll from your equation.

You have all the tools with IntraWeb itself.

Here is a step by step procedure, using only our IWCertificateManager tool:

https://www.atozed.com/intraweb/certmana...lications/
Reply
#7
I still cannot include support for SSL in my project ...
IWCertificateManager didn’t help me. I tried to install the certificate manually, it is displayed in IWCertificateManager, I also tried to create and install the certificate through IWCertificateManager itself, there is no effect.
I noticed a strange effect: when starting my service, Windows does not open the specified SSL port (SSLOptions.Port)! I tried different ports: 443, 8444, etc., maybe the service needs some additional permissions?
Do I have to fill in any other parameters besides SSLOptions.Port in http.sys mode? For example such as SSLOptions.Certificate.CertFileName,  SSLOptions.Certificate.KeyFileName,  SSLOptions.Certificate.RootCertFileName,  SSLOptions.Certificate.Password, SSLOptions.Certificate.Path ?
Can anyone give me a minimal example of a SSL + http.sys that works 100% on your server ?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)