Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Httpsys application issues loading SSL
#1
Hi there.  It became time to acquire a SSL certificate and then get my standalone httpsys application secured.  I looked into the demo that is provided on-line but that bombs with cannot find library or similar message.  I think this is from the 32 bit dll's being missing (libeay32 and ssleay32).

My application is 64 bit so I have the 64 bit versions of the above dll's in the same folder as my exe.  I also have the 3 certificate files in PEM format (key, cert and root) in the same folder.  My certificate is issued from https://www.digicert.com and is a RapidSSL certificate.

For my server controller, I mimicked the demo but have a blank password since apparently my files are not password protected.  SSLVersion is TLSv12 but I also tried SSLv3.  Port is 443 and non SSL is set to redirect so always in SSL.  SSL versions are all set to false like the demo.

My form is set to connection mode secure and I have the code "WebApplication.SwitchToSecure;" in the create form event for the main form of the application.

The app installs as a server just fine and starts.  When I try to load the site in SSL in firefox it reports an error:

Secure Connection Failed

The connection to the server was reset while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

From what I have read the system is rather automatic and just looks for the 3 certificate files and then uses the DLL's to load SSL.  I must be missing something simple here.  The only thing I can think of is my certificates have no header in them namely the bag information that I see in the demo equivalent files.

Any assistance would be welcome.  
Cheers.
Reply
#2
Hi Bob. you have to install your certificate on windows, http.sys don't need openssl libs (libeay32 and ssleay32).

1st, convert to PFX: openssl pkcs12 -export -out certificate_out.pfx -inkey private.key -in certificate.crt, and install it.

2nd, binding your certificate on your port:
   -Get the certificate thumbprint, Open PowerShell: dir cert:\localmachine\my
   -Powershell: add sslcert ipport=0.0.0.0:443 certhash=thumbprint_get_above appid={00000000-0000-0000-0000-000000000000} certstore=my

Obs: https://docs.microsoft.com/en-us/windows...dd-sslcert
Reply
#3
(01-20-2019, 01:02 PM)Jose Nilton Pace Wrote: Hi Bob. you have to install your certificate on windows, http.sys don't need openssl libs (libeay32 and ssleay32).

1st, convert to PFX: openssl pkcs12 -export -out certificate_out.pfx -inkey private.key -in certificate.crt, and install it.

2nd, binding your certificate on your port:
   -Get the certificate thumbprint, Open PowerShell: dir cert:\localmachine\my
   -Powershell: add sslcert ipport=0.0.0.0:443 certhash=thumbprint_get_above appid={00000000-0000-0000-0000-000000000000} certstore=my

Obs: https://docs.microsoft.com/en-us/windows...dd-sslcert

Thank you very much!  I am at the last step but I cannot find the appid of my application (httpsys application was installed as a service in case this matters).  I ran 'Get-WmiObject Win32_Product  | select IdentifyingNumber,Name,Version' in powershell but my application name is not listed.
Reply
#4
Hi Bob, doesn't matter, leave that way FIXED:
appid={00000000-0000-0000-0000-000000000000}
Reply
#5
Ah, OK. Perfect! All is working now in SSL and I now am wondering why the documentation from Atozed had all of this complicated dll's and PEM files. I removed all of that extra stuff around the exe and everything is working just fine. Thank you so much for this much easier way of using SSL.

One final question is that I cannot have SSL in development mode and I am trying to toggle with my dev mode session variable if I am to flick the app into SSL. The create event of the first form of the application is too late to toggle SSL it seems and my "WebApplication.SwitchToSecure" code crashes the application. The documentation states to issue that command before the desired create form or show form command. When I just say connection mode secure for the form in design mode then all is fine but I want to do that progammatically so I set to any and then toggle if needed. So to make a long story short where do I place the code to toggle as the application is loading?

Cheers.
Reply
#6
Hi Bob. If i understand correctly, i use a variable {$IFDEF DEBUG} to develop and deploy, something like:

Code:
procedure TIWServerController.IWServerControllerBaseCreate(Sender: TObject);
begin
  {$IFDEF DEBUG}
  SSLOptions.NonSSLRequest := nsAccept;
  {$ELSE}
  SSLOptions.NonSSLRequest := nsRedirect;
  {$ENDIF}
end;
Reply
#7
I often use command line params or for debug, look at the machine name. Compiler conditionals as JNP posted are also valid. There are a variety of ways to handle this depending on developer preference.
Reply
#8
There is a function (deprecated I think) named DebugHook that indicates whether you are running in the IDE debugger. I don't know if it's available in the latest Delphi, but still works fine in XE2. You can still compile in debug mode and run outside the IDE without the trigger.

http://docwiki.embarcadero.com/Libraries....DebugHook

I generally put this up top:
ReportMemoryLeaksOnShutdown := DebugHook <> 0;

Dan
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)