Blog Options
Archive
<< March 2024 >>-
Tuesday 26
- TMS WEB Core with StellarDS.io backend: unparalleled productivity -
Thursday 21
- How to setup a virtual hosting environment in Delphi -
Tuesday 19
- Simplifying Full-Stack Development with our newest solution! -
Thursday 14
- Level Up Your Development: more development power at the Best Price -
Friday 8
- Recap: How it Works With Holger - Build a Full Stack Web App from Scratch
- Learn how to design a web site for blog posts with TMS WEB Core
Authors
- Aaron Decramer (16)
- Adrian Gallero (33)
- Andrew Simard (86)
- Bart Holvoet (26)
- Bernard (1)
- Bernard Roussely (1)
- Bradley Velghe (16)
- Bruno Fierens (399)
- Gjalt Vanhouwaert (30)
- Holger Flick (15)
- Marcos Douglas B. Santos (5)
- Masiha Zemarai (119)
- Nancy Lescouhier (32)
- Pieter Scheldeman (98)
- Roman Yankovsky (2)
- Tunde Keller (22)
- Wagner Landgraf (81)
- Wagner R. Landgraf (1)
Blog
All Blog Posts | Next Post | Previous PostEnable HTTPS in your REST server with Free SSL/TLS Certificate from Lets Encrypt
Bookmarks:Thursday, April 19, 2018
Updated: April 11th, 2021.
One of the most important aspects of a REST API server is security. It should be mandatory that your data is encrypted while being transferred between client and server. And the standard way to do such encryption is using HTTP Secure (HTTPS).
To support HTTPS in your server, you need an SSL/TLS certificate. Not so long ago, this was a task that was relatively annoying/hard to do, and it would also require you to pay yearly fees for that. Thats not true anymore, since the release of Lets Encrypt. From their website: Lets Encrypt is a free, automated and open Certificate Authority. What does that means, basically? You can now have SSL/TLS certificates for free. And automatically!
You can use Let's Encrypt to generate SSL/TLS certificate for any TMS Sparkle-based server (like TMS XData, for example). Thus, if you want more info about Lets Encrypt and how its system works, please visit their web site to learn more about how it works.
To install a Lets Encrypt certificate in your TMS Sparkle server, we are going to use a tool named win-acme (Simple ACME Client for Windows, WACS - Windos ACME Simple). It was formerly called letsencrypt-win-simple (LEWS).
The tool is very simple to use and self-explanatory. There are many ways to validate your certificate, from self-hosted server to DNS modifications, including Cloudflare integration, for example. Refer to WinAcme documentation to learn what's the best option for you.
The only trick you need to be aware is that when WinAcme generates a certificate (regardless if it's a new or renewal), it gives you the possibility to execute a batch script. This is very useful so we can automatically bind the new certificate with Sparkle using netsh tool.
So, you can simply create a file named bindcertificate.bat
- as suggestion, use the name you want - with the following content:
netsh http delete sslcert ipport=0.0.0.0:443 netsh http add sslcert ipport=0.0.0.0:443 certhash=%1 certstorename=%2 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
The GUID in appid above could be anything. You can change to a GUID value you want, or just use what's there.
And ask WinAcme to execute such script upon every certification generation. LE will then pass the certificate footprint in parameter %1 and the store name in parameter %2, and the certificate will be bound to Sparkle automatically in each renewal.
And that's it! Your server now supports HTTPS forever, for free!
Wagner Landgraf
Bookmarks:
This blog post has received 12 comments.
Wagner R. Landgraf
Farias Anderson
Wagner R. Landgraf
Ian Barker
Wagner R. Landgraf
Erro apresentado:
1-[EROR] Error encoutered whila opening certificadostore. the system cannot find file especified
2-[EROR] create certificate the system cannot find the file especificad
vc teria uma sugestão pra me ajudar
To instalando no windows sever 2008 r2
Grupo WS sISTEMA
Wagner R. Landgraf
Bossier Peter
Bruno Fierens
It looks that ACME Client which you mentioned is not supported.
See my error code:
"Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2"
Could you please help me how to continue?
Ondrej Pillar
Wagner R. Landgraf
All Blog Posts | Next Post | Previous Post
Thanks for sharing it with us.
Ronald Janse