3

I have an existing DataSnap server (Windows service) which is running fine on HTTP, and I now want to add HTTPS as an additional protocol. I've obtained and installed an SSL certificate and generated a certificate file (.crt) and private key file (.key). As a test, when using the Delphi XE2 DataSnap Server wizard and ticking 'HTTPS' to get the certificate page, I can reference the 2 files and click the 'Test' button which succeeds. I've added an additional TDSHTTPService component and linked it to a TDSCertFiles component. In my service startup event I'm setting the path to the 2 certificate files before starting the DSServer, in the DSCertFiles.CertFile and DSCertFiles.KeyFile properties. When trying to start the service I get the error :

Could not load certificate. error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

Is there something I'm missing?

Andrey Zverev
  • 4,409
  • 1
  • 28
  • 34
Jonathan Wareham
  • 3,357
  • 7
  • 46
  • 82
  • Does your code verify that the service actually can "see" the certificate files (it might be a path or permission problem)? – mjn Jan 26 '12 at 10:38
  • Hi, see my comment to Remy's answer - the component seems to look for the certificates in the path set at design-time only (maybe a bug?). – Jonathan Wareham Jan 26 '12 at 11:01
  • You can verify if it is a bug - if the error disappears as soon as you place the files in the design-time defined location. Otherwise, something is wrong with the service environment – mjn Jan 26 '12 at 11:58
  • Yes the error disappears when ensuring the files are in the design-time location. – Jonathan Wareham Jan 26 '12 at 12:06

2 Answers2

5

There is a well known bug in XE2 and XE3.

I've found this workaround.

After set the TDSCert properties and before start the DSHTTPServer, call this method:

DSCertFiles2.SetServerProperties(DSHTTPService2.HttpServer); //WORK AROUND
Daniele Teti
  • 1,764
  • 14
  • 20
1

Error code 0x140AD002 means SSL_CTX_use_certificate_file() was not able to open the file.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • Many thanks, it seems the DataSnap certificate component always looks for the certificate files in the path specified on the TDSCertFiles component at design-time, and ignores new paths that might be set in code at run-time. – Jonathan Wareham Jan 26 '12 at 08:37