0

I would like to create a self hosted webapi that is reachable over https (ssl). I am a little bit confused because I see many different ways to do this. I read something about Karma and owin. As I know Owin is the current way to do this. Ao I implemented the first test with http and everything looks fine. But now I would like to use https. I read that you have to bind a ssl certificate to ip and port. To do this I should call netsh. But I have multiple customer machines where this service has to run. Is there any way to do it automatically in code? I mean why should I have to do it manually?

Franki1986
  • 1,320
  • 1
  • 15
  • 40

1 Answers1

1

An SSL cert has to be bound to either a specified host name, or a specified IP address. So if you're installing on several machines, by definition, you'd need multiple SSL certs for your approach to work. You might be able to dump the cert files into a common folder and let your application sort out which one to apply, but you're going to need more than one.

What'd be cool would be if you could call an appropriate API to tell Windows to generate a new cert at run-time!

Xavier J
  • 4,326
  • 1
  • 14
  • 25
  • I think the point with the certificate per machine is no problem, because it is always in a kind of intranet amd the certificates can be self signed. But how to bind them without using manually the console. Is there not some way to do it in code? – Franki1986 Jun 14 '17 at 18:11
  • See whatcha can get outta this: https://stackoverflow.com/questions/26554364/register-certificate-to-ssl-port – Xavier J Jun 14 '17 at 18:18
  • Thanks for your answer, but this answers only the way creating a self signed certificate in code. I would like to create a self hosted webapi without running netsh extra. – Franki1986 Jun 14 '17 at 18:29
  • Maybe you can adapt ***this***. Most examples I'm seeing use a shell command to call netsh. https://www.codeproject.com/Articles/437733/Demystify-http-sys-with-HttpSysManager – Xavier J Jun 14 '17 at 18:35
  • Thanks, that helps a little bit. Is owin the right way here? Or are there any other solutions that are easier or better? – Franki1986 Jun 14 '17 at 18:47
  • Owin could be a plus or minus depending on what your application is doing. But Owin doesn't matter a bit if you can't get the port binding you need! – Xavier J Jun 14 '17 at 18:51