When one develops a self-hosted WCF http server,
one of the steps needed is to bind an SSL certificate to a port number:
httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6
as stated in:
http://msdn.microsoft.com/en-us/library/ms733791.aspx
However,
It is hardly expected that in my deployment environment one would be able to do it.
(I don't even know if the httpcfg.exe is redistributable)
Moreover, if the user changed the port after he installed the product then he will need to run the command again....
how can this step be automated pro grammatically?
preferably in C# but if it can only be done in C++ (direct access to the Http Server API)
then I will manage :)
Have a look here: an open source C# UI for configuring HTTP.SYS that directly drives the API. This should get you an idea of the code necessary for configuring the certs.
For those tuning in a couple of years later:
This article from Mike Bouck's RAM has a clean C# wrapper for the http.sys api.
Таке а look on https://github.com/segor/SslCertBinding.Net
It also has nuget available
Install-Package SslCertBinding.Net
and does what you need perfectly. Thanks to the author.
Related
I basically follow the steps in this question to create SSL certificates for ActiveMQ. Now with some help, I can connect my C# application to ActiveMQ. However when I tried to connect my Angular application to it, I got ERR_CERT_COMMON_NAME_INVALID error.
I actually have an ActiveMQ instance running in AmazonMQ and it works fine with my Angular application. So I think this is the issue of the certificate when I try to run the ActiveMQ in my own docker image.
For some details, I am using a domain name dev.com pointing to 127.0.0.1, which is set in host file. I am using dev.com to access both C# application and Angular application so I plan to use wss://dev.com:61619 to access ActiveMQ from my Angular application. When I generate keystore, I specify dev.com as the CN. In addition, I have another self-signed certificate generated with OpenSSL for Angular and C# application, not sure if there will be any conflict between them.
Can anyone please help to see what could be wrong?
Thank you
I'm using the preview tooling for ASP.NET Core and VS 2015 that was released in Dec timeframe.
I've followed numerous online examples with how to enable SSL in Kestrel. None of them worked.
So I tried an option in project called "Enable SSL" and it seems to set a port for me, and works from local host, but doesn't seem to work from elsewhere.
I've also tried .UseKestrel() I have option.UseHttps("ssl.pfx", "password")
Below that I have UseUrls, but it doesn't seem to bind correctly to the ports because my SSL requests. When I try to issue SSL requests it times out. I used netstat and it seems like there is no port opened for my specified SSL port.
1) How do I use UseUrls? I need both localhost and remote machine access
2) How do I configure IIS express to allow the https calls?
If anyone has a good reliable way to set this up for VS 2015 in an ASP.NET Core project I would really appreciate it!
Thanks,
James
You're not saying what you have tried so far, so maybe you've tried that already, but you need to:
have a valid certificate that your server will be able to provide to the client
install the nuget package: Microsoft.AspNetCore.Server.Kestrel.Https
change your configure sequence so that it uses Kestrel Https
app.UseKestrelHttps(certificate);
change the url Kestrel is listening to one starting by https://
I used this article a few months back on VS2015: https://www.thesslstore.com/blog/implement-ssl-kestrel-asp-net-core/
I worked fine for me, but maybe there are a few things to adapt with the latest version.
I have a VM running Windows Server 2016 Technical Preview, and have installed the Containers feature, and then run the Install-ContainerHost.ps1 script from Microsoft's container tools repo
https://github.com/Microsoft/Virtualization-Documentation/tree/master/windows-server-container-tools/Install-ContainerHost
I can now run the Docker Deamon on Windows. Next I want to copy the certificates to a client machine so that I can issue commands to the host remotely. But I don't know where the certificates are stored on the host.
In the script the path variable is set to %ProgramData%\docker\certs.d
The certificates on windows are located in the .docker folder in the current user directory.
docker --help command will show the exact path details
AFAIK there are no certificates generated when you do what you are doing. If you drop certificates in the path you found then it will use them, and be secured. But otherwise there is none on the machine. Which explains why it isn't exposed by default.
On my setup I connected without TLS but that was on a VM that I could only access on my dev machine. Obviously anything able to be accessed over a network shouldn't do that.
Other people doing this are here: https://social.msdn.microsoft.com/Forums/en-US/84ca60c0-c54d-4513-bc02-14bd57676621/connect-docker-client-to-windows-server-2016-container-engine?forum=windowscontainers and here https://social.msdn.microsoft.com/Forums/en-US/9caf90c9-81e8-4998-abe5-837fbfde03a8/can-i-connect-docker-from-remote-docker-client?forum=windowscontainers
When I dug into the work in progress post it has this:
Docker clients unsecured by default
In this pre-release, docker communication is public if you know where to look.
https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress#DockermanagementDockerclientsunsecuredbydefault
So eventually this should get better.
Recently I'm using TFS behind proxy authentication, everything works well till I try to install packages through the Package Manager Console, if I try to install a package, even if I set up proxy credentials to access TFS, the system asks for credentials to connect to nuget.org, when I input credentials, the authentication through nuget breaks the previous TFS proxy authentication, so I get the error HTTP code 407: Proxy Athentication Required (Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
After that I can't use nuget and can't use TFS so I have to restart VS2013, but in this way I can't install packages.
Any Idea??
Thanks
I worked around this issue with NuGet 2.8.50926.663 and a very restrictive company proxy by installing Fiddler2 from www.fiddlertool.com. It seems having some kind of proxy go-between helps NuGet play nicely with proxies.
Of course there are other tools which will achieve the same effect, e.g. WireShark or Privoxy. I know Fiddler is very useful on a development workstation, so I choose that.
Searching for other solutions kept coming back to issues and regressions of issues in older versions of NuGet, like version 1.5 for example. Seems like either the proxy authentication or HTTPS certificate handling of NuGet is not so streamlined.
I want to write a small back-end REST server using Play! Framework 2.1.3. This server will only serve WS requests, and all communication to it must be made over SSL. For this reason, I don't want to have an HTTP port open for this server at all.
I've seen this question regarding SSL on various Play! branches, and according to the linked discussion, the only way to open SSL port (which worked for me) is to add JAVA_OPTS before running the server, like so:
JAVA_OPTS=-Dhttps.port=9443 play run
This setting opens both HTTP and HTTPS ports for communication.
My questions are:
Is it possible to open the server only for SSL communication? How?
Is there a configuration file where I put this setting?
Thanks!
This is super easy with Play 2.2, not sure it works on 2.1.3, I didn't see it in the 2.1.x docs...but was in the 2.2.x docs...so give it a shot, it might be implemented.
Throw this in your configuration file :
http.port=disabled
Or you could run it with the command line option :
-Dhttp.port=disabled
http://www.playframework.com/documentation/2.2.x/ConfiguringHttps