Project

General

Profile

Support #2147

Running examples using https on Windows 7

Added by Bud T over 8 years ago. Updated over 8 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
08/25/2013
Due date:
% Done:

0%

Estimated time:

Description

After reading the FAQ on this issue I have the following documentation of steps taken to run hellow.wt using https:

Open 'cmd' window and input the following. The second line is used to circumvent the issue ( bug ) of the RANDFILE variable in the OpenSSL configuration file being ignored on Windows:

cd C:\OpenSSL-Win32\bin
set RANDFILE=.rnd
openssl dhparam -check -text -5 512 -out dh512.pem

To generate your own self-signed certificate, use the following commands. Use 'test' password for server.key generation, then nothing for the server.crt:

openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr copy server.key server.key.org
# removes the passphrase
openssl rsa -in server.key.org -out server.key 
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt 
# The PEM file is a combination of what is above: 
type server.crt server.key server.csr > server.pem
# View it to check
type server.pem

Now edit the Configuration Properties >> Command Arguments as follows:

--https-address=0.0.0.0 --https-port=8080 --deploy-path=/hello --docroot=. --ssl-certificate=server.pem --ssl-private-key=server.pem --ssl-tmp-dh=dh512.pem

Note that the FAQ tells us to create pem using:

type server.crt server.key server.crt > server.pem

Which can't be right since it is concatenating server.crt twice. What is the correct command? I tried mine, as well as just concatenating .crt and .key files. Neither works. I get this error when running my debug install of hello.wt, as determined by the above config props:

stat: No such file or directory
[2013-Aug-25 03:35:06.811169] 2304 - [info] "WServer/wthttp: fatal: SSL Certificate chain file (""server.pem"") not valid."
Press any key to continue . . .

Here is the file:

C:\OpenSSL-Win32\bin>type server.pem
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQD1e/+knHfRzzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTEzMDgyNTEwMjA1OVoXDTIzMDgyMzEwMjA1OVowRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5icU
GU7BX2kKGNXndllcUOxpUdHCc6LZ6pCq5PWux16Oms6n52125vUNnsrPBf4oACz8
Wq5x/iYmA9kKCPVjsogQbAIex9IgPuLqNxWWCf14VH50tm+zZJV0jcnCG6nINsUY
n78tEnBRDZ3zp6I7yf8cV2+zmE3p+DldVYxFhQUCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQCnTdDsjC1U9ZF8dcS6UpsRxRlu9qUwYHzz9PYgraEwUvi833RJcF6ZKQUc
63C2j4hq1u7qlKQQUZNv2PAYEtlLWGUBRMOLBJ8EvoRouFh8aFV7AnU96btU0iZQ
bs9a5JZmJ82QRvHnn6/qDSIbHszehMPiEsZbLu7qw6AYTLHwuw==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDmJxQZTsFfaQoY1ed2WVxQ7GlR0cJzotnqkKrk9a7HXo6azqfn
bXbm9Q2eys8F/igALPxarnH+JiYD2QoI9WOyiBBsAh7H0iA+4uo3FZYJ/XhUfnS2
b7NklXSNycIbqcg2xRifvy0ScFENnfOnojvJ/xxXb7OYTen4OV1VjEWFBQIDAQAB
AoGACyriQsgbgfGq18GpVYjIffS6t4miEdJZGJSkdi+lp27jJIfahdQ97L7/RjE5
EmVes4N7SzsjtN1NAurJHd4qVCvJK8X+IgNJfP9BHGBoIBQREDHac66tKQSjA5s/
FtiaHBiG10qzoOZS3+FyByPCOSDP3M2mcHTeldvRbmNSz5ECQQD+N0zLEmw9zPOc
KYje0FKAjDiv4sH0Z3Ce71EfbvImi7CQuCg8MJqr2jc59lZm6omBe1v4g9rBW63A
hD6DZPKnAkEA58SMcdK3j4kMGiUtm9gITDTcx5hFibgsfhXNESbgwz1vISRD3Y8E
AfyeAztrK8BGXVkLH1aIy2zna7PhhRPccwJBAIkbJi24B+zk5tZoiEszq+tstP4X
nGfGijUN+YCsg6lKWbYTvI+J30GkdXirZToocHUHJTlJU+hJG9LjABw5i60CQGLo
PgdVJYDbu45sz0nyp5fd91o2YXakYlhsdVccgE7RqNs73rpujgdLByPZ96J0K5Mq
rNRy2W32y8vquBNSpoECQQCLIA8RmtlOEd/O3zq6NrTKngyUnDO1cph8cozNrFUj
rS2+1IWIx6HxOQ65htaxAfTpX0ROEr6BvLM8QD61Wmqx
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBhDCB7gIBADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEh
MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDmJxQZTsFfaQoY1ed2WVxQ7GlR0cJzotnqkKrk9a7HXo6a
zqfnbXbm9Q2eys8F/igALPxarnH+JiYD2QoI9WOyiBBsAh7H0iA+4uo3FZYJ/XhU
fnS2b7NklXSNycIbqcg2xRifvy0ScFENnfOnojvJ/xxXb7OYTen4OV1VjEWFBQID
AQABoAAwDQYJKoZIhvcNAQEFBQADgYEAfvlv3fjI01N6acHxC/E4ZBYmhLZSjf4e
knv43OQIGIw7oo5KlsJEu+iTWN2b7wVsxRvlge/271pA36/gwqklkBDC2speF2Nl
OfDouy3lol4QhAmqhGxkK0JxaG0+s9rfavUdEn9SGNwF1dDgWCdpLzfCbRihg9ar
rRiFb+q1Fek=
-----END CERTIFICATE REQUEST-----

C:\OpenSSL-Win32\bin>
#1

Updated by Wim Dumon over 8 years ago

  • Status changed from New to Feedback

While you're probably right that server.crt doesn't have to be twice in the certification file, it doesn't seem to hurt if it is available twice. Adding the CSR there is wrong, but also doesn't seem to matter.

I ran the sequence of commands for openssl both on cygwin and in a normal windows cmd prompt and both were accepted by my wthttpd. So with server.pem containing the combinations (server.crt and server.key), (serv.crt, server.key, server.crt), (server.crt, server.key, server.csr) all work.

My wt startup options are:

./hello.wt.exe --https-address=0.0.0.0 --ssl-certificate=server.pem --ssl-private-key=server.pem --ssl-tmp-dh=dh512.pem --docroot . --http-address 0.0.0.0 --http-port 4430

Your file also works fine for me.

I assume that your server.pem is not in the right directory (For you, that would be the cwd), since if I enter a non-existing file name I do get the error that you get.

BR,

Wim.

Best regards,

Wim.

#2

Updated by Bud T over 8 years ago

Wim Dumon wrote:

While you're probably right that server.crt doesn't have to be twice in the certification file, it doesn't seem to hurt if it is available twice. Adding the CSR there is wrong, but also doesn't seem to matter.

I'm not sure if there are three entries in the .pem file or two? Is it .csr and .key or also .crt in there?

You might also indicate in the FAQ write-up which folder in which the .pem file is supposed to be created. Presently it doesn't say anything about changing output directory from the bin in which openssl executable is located.

#3

Updated by Wim Dumon over 8 years ago

only .key and .crt have to be in the .pem file. To the best of my knowledge, CSR is a certificate signing request, which is not required anymore once the certificate has been signed.

Like any program, a path with c:\ or \ (/ in unix style) in the front is an absolute path, and a path without a leading c:\ or \ is a relative path. We don't add or remove anything to those path names when passing them to the OS, so expect that Wt behaves like any other program on your system.

BR,

Wim.

Also available in: Atom PDF