Jiwa

I had thought I'd seen some documentation on self hosting the REST API using HTTPS but my searching isn't fruitful.

Is there a way we can run the REST API using the self hosted service over HTTPS? And does it need to be port 443 or can we choose any port?

In answer to your question you can use any port in fact you can even set it up for multiple instances like test, staging and production even on the same machine to specify the port you use :[portnumber] just like under http.

Instruction on largely what you need to do can be found here https://blog.boxofbolts.com/ssl/windows ... d-windows/ which is about binding the certificate to a port, the same steps would apply to a self signed or bought certificate, you could actually avoid these steps by running the service as administrator but I would not recommend that from a security perspective.

The only trick that seem to be at issue that I've set is wild cards don't seem to work in namely you can't simply change

Code: Select all

<add key="URLBase" value="http://*:81/" />


to

Code: Select all

<add key="URLBase" value="https://*:81/" />


you actually need a proper URL for a domain or an ip address at least that's what I had to do to make it work.

Mike in an email had been discussing WinAcme & Lets Encrypt and was going to do up a set of instructions but I don't know how far he got, using it gets you out of the cost of the certificate by using Lets Encrypt but you have to set it up to renew when the certificate expires, I'll forward you the email which also covers most of the steps mentioned in the link above.

SBarnes wrote:Mike in an email had been discussing WinAcme & Lets Encrypt and was going to do up a set of instructions but I don't know how far he got

Yeah, nah - we decided we shouldn't be duplicating the instructions for other services or products like win-acme or Let's Encrypt. We've done that in the past and it just creates problems in having to maintain those instructions when things change down the track - so we expect IT professionals to be able to work out on their own how to obtain, install, bind and auto-renew certificates.

Instructions for using the free Let's Encrypt services on Windows machines using Win-acme can be found on their website : https://www.win-acme.com/

What I will advise is to use the pluggable version (the one with plugin support). This will let you use some features useful on different scenarios - such as if you're using RDS on the same box there is a powershell script to invoke in the renewal process to install the new cert in all the right places.

I'd also advise reading the manual. Otherwise your validation will likely fail because you're not understanding what it's trying to do and didn't open the right ports on your firewall - or something similar.