How to publish an httpendpoint API in IIS

[Diego Euri Almanzar]

Hello, dear friends. I hope that everybody are very well.

I was able to successfully develop an API using HTTPENDPOINT. I manage it on port 81. However, when I try to use port 443, HTTPS, the certificate problem appears. The documentation that Alaska Software has for managing Web hosting is very poor, it is tiny, almost non-existent. Therefore, I was never able to get my CXP application to work in Standalone mode. I had to migrate to IIS. The same thing happens to me with the API. Even though the certificate is correct, I can't get my API to work as Standalone.

A CXP page is easy to get running in IIS. Since it is a source file that an Xbase application interprets. But, an API is an executable program. And, because it is an executable, I wouldn't know how to run it on the ISS, to avoid the inconveniences of Standalone. Using IIS, I have never had any problems with certificates. I use a Let's Encrypt certificate.

Can someone tell me how to publish an API in IIS?

[SlavkoDam]

Hi,
HttpEndpoint() has two methods to set certificate, :setCertificate() and :setCertificateFromFile(). They are very well explained and documented, and both work fine.
There is also an example how to set certificate on port 443.

Code: Select all

#define PORT 443 

// Create an end point for handling incoming 
// connections on the default port for HTTPS 
// Note: Port and address must be adjusted 
// for your environment! 
oHttpEndpoint := HttpEndpoint():new( PORT, "localhost" ) 

// Set the SSL certificate for the local computer. 
// The certificate will be used for subsequent 
// SSL connections. 
// Note: The certificate must be adjusted 
// for your environment! 
oHttpEndpoint:setCertificate( "machine\my\mycomputer" ) 

// Start the end point 
oHttpEndpoint:start() 

[Diego Euri Almanzar]

Hello, SlavkoDam

I appreciate a lot your help. I'll show you what I've developed so far:

//
// first case
//
#define PORT 443
oHttpEndpoint := HttpEndpoint():new( PORT, "*" )
oHttpEndpoint:setCertificateFromFile( "c:\mycerts\ www.megasoftrd.com.pfx", "blue5712")
lStarted := oHttpEndpoint:start()

//
// second case
//
#define PORT 443
oHttpEndpoint := HttpEndpoint():new( PORT, "*" )
oHttpEndpoint:setCertificate( "MEGAPRO\WEBHOSTING\www.megasoftrd.com")
lStarted := oHttpEndpoint:start()


None of the above cases work for me.

www.megasoftrd.com is a web hosting that I purchased from the GODADDY company. By having a name or hosting, I was able to activate a certificate through Let's Encrypt.
When I use the certificate on Xbase httpendpoint, the app doesn't work.

However, the same certificate works very well for me in an API I developed in ASP.NET Core. I have this API installed on the IIS server. What makes me suspect is that Let's Encrypt certificates do not work in Xbase, or perhaps I created it with the aim that it would only work in IIS. To clear up any doubts, I will buy a new certificate, from the same company that bought the name of the web hosting.

On the other hand, I use an asterisk instead of localhost, because I found a document that explains that when you are going to use a certificate for HTTPS, you must write an asterisk.

[SlavkoDam]

Hi,
Both of your use to set certificate in HttpEndpoint() are not correct.

1. First case: oHttpEndpoint:setCertificateFromFile( "c:\mycerts\ www.megasoftrd.com.pfx", "blue5712")

Is this "c:\mycerts\www.megasoftrd.com.pfx", a file on disk? If it is, rename it to something more convenient like this: "c:\mycerts\megasoftrd.pfx". Did you check and verify and display its content in local?

2. Second case: oHttpEndpoint:setCertificate("MEGAPRO\WEBHOSTING\www.megasoftrd.com")

"MEGAPRO\WEBHOSTING\www.megasoftrd.com" is totally not correct and has no sense. You did not understand at all :setCertificate() parameters. I will explain how to use it.
You can use this method if you installed your pfx certificate on your computer. You can do that by double click on the pfx file and follow the instructions.
1. You can choose a location where to install it, as Current user or Local computer. If this option is not offered, it will be Current user. This is <cLocation> in :setCertificate(), value "user" or "machine".
2. You have to choose a certificate store on the location from above, where to install it. You have to select Personal. This is <cStoreName> in :setCertificate(), value "my".
3. When you installed the certificate, you have to open it with c:windows\system32\certmgr.msc program. Find your certificate in Personal\Certificates folder and open it. In Details tab click on the Subject field and read "CN = " value. This is <cSubject> in :setCertificate() and it is case-sensitive.

So, you have to use this: oHttpEndpoint:setCertificate("user\my\cname"), where "cname" is from point 3. above. You can also use this: oHttpEndpoint:setCertificate("cname","my","user").

Did you check FError() code when setting certificates were not successful?

Can you send me part of your ASP.NET code for creating HttpEndpoint and setting certificate? I would like to compare it with Xbase++ code.

Slavko

[Diego Euri Almanzar]

Hello, SlavkoDam

Thanks for the information. I will study it day after day, until I understand it. Meanwhile, I leave you the link where I found the way to program the HTTPENDPOINT, it is a forum that has Xbase++

https://ilx.alaska-software.com/index.p ... ndpoint.7/

In the end, they explain the following:

*-----------------------------------------------------------------------------------------------

Implement the HttpEndpoint

The following modifications are required:

• Select the default SSL port 443 as port: #define PORT 443
• Bind the default host with the parameter "*": HttpEndpoint:New( PORT, "*" )
• The certificate must be bound before the method :start() is called:
o lOk := oHttpEndpoint:setCertificate( "machine\webhosting\<certificate subject eg. mydomain.com>" )

If port 443 is open in the firewall, then the web handler is accessible with the web browser at https://<mydomain.com>/default.html. The browser must indicate a valid certificate for this server.

*--------------------------------------------------------

SlavkoDam, Please help me understand if the asterisk automatically links the host name that is inside the certificate. Or if I should replace the asterisk with the name of my host.

Then, I send you the example of the API developed with ASP.NET MVC. Nothing extraordinary, it's an example I found in the Microsoft documentation.


Best regards.

[SlavkoDam]

Hi,

In that Alaska article,they used win-acme program to create a new certificate. Since you have your own certificate, you don't need that. Only have to install your certificate on your computer, in Current User on Local Machine store location.

Don't use mmc.exe to view certificates, as used by Alaska article. It is easier to use certmgr.msc for Current User store and certlm.msc for Local Machine store. You can also check certificates with Xbase++ IsCertificateAvailable() function.

Here is what I tested and that all work fine. I have several certificates installed on my computer for different purposes, and :setCertificate() returns .T. with all below examples.

oEndpt = HttpEndpoint():new(443,"localhost")

set = oEndpt:setCertificate("user\my\sd-softdesign.com") // set = .T., FERROR() = 0
* set = oEndpt:setCertificate("machine\ca\MUP Gradjani CA 4") // set = .T., FERROR() = 0
* set = oEndpt:setCertificate("machine\ca\MUPCA Sluzbenici 3") // set = .T., FERROR() = 0
* set = oEndpt:setCertificate("machine\ca\Sandbox SUF Issuing CA 1") // set = .T., FERROR() = 0

MSGBOX(LTOC(set) + " " + STR(FERROR()))
oEndpt:start()

You can also use CertificateSelect() function instead of :setCertificate() method.

This is what documentation for the :new() method says for "*" address: 'If an asterisk ("*") is passed in the <cAddress> parameter, the HttpEndpoint can service multiple network interfaces and binds to all IP addresses of the installed network adapters. This includes "localhost". '. If you use your endpoint for only one address, it is the best to put it in <cAddress>.

Slavko

[Diego Euri Almanzar]

Hello, SlavkoDam

It is evident that you have a great command of all programming and computer science topics. I will study your recommendations step by step. I appreciate it a lot. While I try to understand, I would like you to do me the favor of answering the following.

It is evident that Fecth JavaScript is the most modern method for API access. But, also with Fecth there are problems accessing the https API (443), when they have a localhost as their host name.
In your interesting example, can I change localhost to a hostname like www.quintaavenida.com ?

That is, I have already had problems when I write localhost, in an API URL. Sometimes they work well, other times they don't. It would be interesting to leave localhost forever.

I guess then, that the name localhost can be replaced by the name of my host?

Best regards.

[SlavkoDam]

Hi,

This is the documentation description of <cAddress> parameter for HttpEndpoint(): "The optional parameter <cAddress> is the IP address in dotted octet notation (e.g. "192.168.0.1") or hostname as a character string."

So, "localhost" can be and should be replaced with your hostname. "localhost" is used only for testing, as in my examples. In fact, it would be the best and the most accurate to specify it in dotted octet notation, because if you change the hostname you don't have to change the address in you application.

[Diego Euri Almanzar]

Hello, dear Slavko Dam

Brilliant. Thanks for the help.