Support #2147
Running examples using https on Windows 7
0%
Description
After reading the FAQ on this issue I have the following documentation of steps taken to run hellow.wt using https:
Open 'cmd' window and input the following. The second line is used to circumvent the issue ( bug ) of the RANDFILE variable in the OpenSSL configuration file being ignored on Windows:
cd C:\OpenSSL-Win32\bin set RANDFILE=.rnd openssl dhparam -check -text -5 512 -out dh512.pem
To generate your own self-signed certificate, use the following commands. Use 'test' password for server.key generation, then nothing for the server.crt:
openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr copy server.key server.key.org # removes the passphrase openssl rsa -in server.key.org -out server.key openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt # The PEM file is a combination of what is above: type server.crt server.key server.csr > server.pem # View it to check type server.pem
Now edit the Configuration Properties >> Command Arguments as follows:
--https-address=0.0.0.0 --https-port=8080 --deploy-path=/hello --docroot=. --ssl-certificate=server.pem --ssl-private-key=server.pem --ssl-tmp-dh=dh512.pem
Note that the FAQ tells us to create pem using:
type server.crt server.key server.crt > server.pem
Which can't be right since it is concatenating server.crt twice. What is the correct command? I tried mine, as well as just concatenating .crt and .key files. Neither works. I get this error when running my debug install of hello.wt, as determined by the above config props:
stat: No such file or directory
[2013-Aug-25 03:35:06.811169] 2304 - [info] "WServer/wthttp: fatal: SSL Certificate chain file (""server.pem"") not valid."
Press any key to continue . . .
Here is the file:
C:\OpenSSL-Win32\bin>type server.pem -----BEGIN CERTIFICATE----- MIICATCCAWoCCQD1e/+knHfRzzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 cyBQdHkgTHRkMB4XDTEzMDgyNTEwMjA1OVoXDTIzMDgyMzEwMjA1OVowRTELMAkG A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5icU GU7BX2kKGNXndllcUOxpUdHCc6LZ6pCq5PWux16Oms6n52125vUNnsrPBf4oACz8 Wq5x/iYmA9kKCPVjsogQbAIex9IgPuLqNxWWCf14VH50tm+zZJV0jcnCG6nINsUY n78tEnBRDZ3zp6I7yf8cV2+zmE3p+DldVYxFhQUCAwEAATANBgkqhkiG9w0BAQUF AAOBgQCnTdDsjC1U9ZF8dcS6UpsRxRlu9qUwYHzz9PYgraEwUvi833RJcF6ZKQUc 63C2j4hq1u7qlKQQUZNv2PAYEtlLWGUBRMOLBJ8EvoRouFh8aFV7AnU96btU0iZQ bs9a5JZmJ82QRvHnn6/qDSIbHszehMPiEsZbLu7qw6AYTLHwuw== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDmJxQZTsFfaQoY1ed2WVxQ7GlR0cJzotnqkKrk9a7HXo6azqfn bXbm9Q2eys8F/igALPxarnH+JiYD2QoI9WOyiBBsAh7H0iA+4uo3FZYJ/XhUfnS2 b7NklXSNycIbqcg2xRifvy0ScFENnfOnojvJ/xxXb7OYTen4OV1VjEWFBQIDAQAB AoGACyriQsgbgfGq18GpVYjIffS6t4miEdJZGJSkdi+lp27jJIfahdQ97L7/RjE5 EmVes4N7SzsjtN1NAurJHd4qVCvJK8X+IgNJfP9BHGBoIBQREDHac66tKQSjA5s/ FtiaHBiG10qzoOZS3+FyByPCOSDP3M2mcHTeldvRbmNSz5ECQQD+N0zLEmw9zPOc KYje0FKAjDiv4sH0Z3Ce71EfbvImi7CQuCg8MJqr2jc59lZm6omBe1v4g9rBW63A hD6DZPKnAkEA58SMcdK3j4kMGiUtm9gITDTcx5hFibgsfhXNESbgwz1vISRD3Y8E AfyeAztrK8BGXVkLH1aIy2zna7PhhRPccwJBAIkbJi24B+zk5tZoiEszq+tstP4X nGfGijUN+YCsg6lKWbYTvI+J30GkdXirZToocHUHJTlJU+hJG9LjABw5i60CQGLo PgdVJYDbu45sz0nyp5fd91o2YXakYlhsdVccgE7RqNs73rpujgdLByPZ96J0K5Mq rNRy2W32y8vquBNSpoECQQCLIA8RmtlOEd/O3zq6NrTKngyUnDO1cph8cozNrFUj rS2+1IWIx6HxOQ65htaxAfTpX0ROEr6BvLM8QD61Wmqx -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST----- MIIBhDCB7gIBADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEh MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDmJxQZTsFfaQoY1ed2WVxQ7GlR0cJzotnqkKrk9a7HXo6a zqfnbXbm9Q2eys8F/igALPxarnH+JiYD2QoI9WOyiBBsAh7H0iA+4uo3FZYJ/XhU fnS2b7NklXSNycIbqcg2xRifvy0ScFENnfOnojvJ/xxXb7OYTen4OV1VjEWFBQID AQABoAAwDQYJKoZIhvcNAQEFBQADgYEAfvlv3fjI01N6acHxC/E4ZBYmhLZSjf4e knv43OQIGIw7oo5KlsJEu+iTWN2b7wVsxRvlge/271pA36/gwqklkBDC2speF2Nl OfDouy3lol4QhAmqhGxkK0JxaG0+s9rfavUdEn9SGNwF1dDgWCdpLzfCbRihg9ar rRiFb+q1Fek= -----END CERTIFICATE REQUEST----- C:\OpenSSL-Win32\bin>
Updated by Wim Dumon over 8 years ago
- Status changed from New to Feedback
While you're probably right that server.crt doesn't have to be twice in the certification file, it doesn't seem to hurt if it is available twice. Adding the CSR there is wrong, but also doesn't seem to matter.
I ran the sequence of commands for openssl both on cygwin and in a normal windows cmd prompt and both were accepted by my wthttpd. So with server.pem containing the combinations (server.crt and server.key), (serv.crt, server.key, server.crt), (server.crt, server.key, server.csr) all work.
My wt startup options are:
./hello.wt.exe --https-address=0.0.0.0 --ssl-certificate=server.pem --ssl-private-key=server.pem --ssl-tmp-dh=dh512.pem --docroot . --http-address 0.0.0.0 --http-port 4430
Your file also works fine for me.
I assume that your server.pem is not in the right directory (For you, that would be the cwd), since if I enter a non-existing file name I do get the error that you get.
BR,
Wim.
Best regards,
Wim.
Updated by Bud T over 8 years ago
Wim Dumon wrote:
While you're probably right that server.crt doesn't have to be twice in the certification file, it doesn't seem to hurt if it is available twice. Adding the CSR there is wrong, but also doesn't seem to matter.
I'm not sure if there are three entries in the .pem file or two? Is it .csr and .key or also .crt in there?
You might also indicate in the FAQ write-up which folder in which the .pem file is supposed to be created. Presently it doesn't say anything about changing output directory from the bin in which openssl executable is located.
Updated by Wim Dumon over 8 years ago
only .key and .crt have to be in the .pem file. To the best of my knowledge, CSR is a certificate signing request, which is not required anymore once the certificate has been signed.
Like any program, a path with c:\ or \ (/ in unix style) in the front is an absolute path, and a path without a leading c:\ or \ is a relative path. We don't add or remove anything to those path names when passing them to the OS, so expect that Wt behaves like any other program on your system.
BR,
Wim.