HTTPS. SYS How to use HTTPS

HTTPS. SYS How to use HTTPS

HTTPS. SYS supports both HTTP and HTTPS.

HTTP because it does not require an SSL certificate, the use is very simple, here only to use HTTPS as a description.

All you need to do is bind the SSL certificate to the HTTPS connection port you are going to use.

You do not need any additional SSL libraries to be installed or deployed on the client or server. All SSL communication is done at the bottom of the operating system.

How do I bind an SSL certificate to an HTTPS connection port to use?

First, you must make sure that your certificate is installed/imported in the Windows certificate store. Also note that it must be installed to the local machine store instead of the current user.

You can use the Netsh command-line tool that comes with Windows.

How does the Netsh tool work?

NETSH. EXE operation SSL

Program Location: C:\windows\syswow64\netsh.exe

View current port configuration

netsh http show sslcert

Binding an SSL certificate to a port number

URL Booking

Run the Windows command-line tool (Cmd.exe) with administrator privileges and execute the following command:

netsh http add urlacl url=http://+:2001/tms/business/user=%userdomain%\%username%

Where%userdomain% and%USERNAME% are the domain and name of the user under which your server would run. For testing purposes, you can just give access to any user:

netsh http add urlacl url=http://+:2001/tms/business/user=everyone

Note if the language of your Windows is not 中文版, you must need to the change "Everyone" by the name of the group that Represents all users in Windows. Or, alternatively, provide the ssdl of the "Everyone" group (or any other group you want to give permission to, for Exampl E Replace "WD" by "NS" to the provide access to network service.

netsh http add urlacl url=http://*:2001/tms/business/sddl=d: (A;; GA;;; WD)

Server Certificate Configuration (binding to a port)

Run Windows command line tool (Cmd.exe) under administrative rights and use a command like this:

netsh http add sslcert ipport=0.0.0.0:2002 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={ 00112233-4455-6677-8899-aabbccddeeff}

The above command would bind the proper certificate to Port 2002. There is three parameters in the command above this you need to change for your own usage:

Ipport:you must use the port number to use for HTTPS connections. In the example, it was 2002. The IP can still is 0.0.0.0 which means any IP.

Certhash:you must provide the thumbprint of the certificate you want to use for your server. You can check the thumbprint by using Microsoft Management Console.

Appid:this can is any arbitrary GUID. You just need to generate one and input it here. You can even use the GUID generator in Delphi code editor (while editing code, just press Shift+ctrl+g, Delphi would genera Te a GUID for you). The GUID must is enclosed by brackets.

Remove the SSL certificate for the port number

Netsh http Delete Sslcert ipport=0.0.0.0:8005

Once you have registered the certificate in the command above, your server is configured to use a secure connection.

If you do not have a certificate, you can also generate a self-signed certificate for testing purposes. So you need Makecert.exe or OPENSSL.EXE tools,
Available when you install Microsoft Visual Studio or the Windows SDK. Generating a self-signed certificate is beyond the scope of this document, but the following links may be helpful in accomplishing such tasks.

HTTPS. SYS How to use HTTPS