HomeInterfacesRecipesChangelogFAQ
Log In
Interfaces
  1. Summary

HTTPS in Interface V2

HTTPS is supported by default in Interface V2. To use it, it must be enabled by configuring an endpoint in appsettings.json to use related certificates.

It is assumed that the client already has the required certificates for HTTPS support. This manual will therefore not cover the generation and signing of these certificates.

Configuration

Configuration is done by using the configuration provided by the Kestrel server used to run the AutoStore Interface. For a complete overview, see the official Microsoft documentation.

Defining HTTPS endpoint

The HTTPS endpoints must be defined inside a Kestrel category, which itself must define Endpoints. For each endpoint, a category with an arbitrary name must be defined to represent the endpoint. The endpoint category must contain a Url and paths to any certificate files under a Certificate category. It must also contain "ClientCertificateMode": "RequireCertificate" in order to make client certificates mandatory.

"Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:44000",
        "Certificate": {
          "Path": "<path_to_cert_file>",
          "KeyPath": "<path_to_key_file>",
          "Password": "<cert_password>"
        },
        "ClientCertificateMode": "RequireCertificate"
      }
    }
  }

The excerpt below is taken from the official Microsoft documentation and demonstrates configuration using various certificate files.

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://localhost:5000"
      },
      "HttpsInlineCertFile": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "<path to .pfx file>",
          "Password": "$CREDENTIAL_PLACEHOLDER$"
        }
      },
      "HttpsInlineCertAndKeyFile": {
        "Url": "https://localhost:5002",
        "Certificate": {
          "Path": "<path to .pem/.crt file>",
          "KeyPath": "<path to .key file>",
          "Password": "$CREDENTIAL_PLACEHOLDER$"
        }
      },
      "HttpsInlineCertStore": {
        "Url": "https://localhost:5003",
        "Certificate": {
          "Subject": "<subject; required>",
          "Store": "<certificate store; required>",
          "Location": "<location; defaults to CurrentUser>",
          "AllowInvalid": "<true or false; defaults to false>"
        }
      },
      "HttpsDefaultCert": {
        "Url": "https://localhost:5004"
      }
    },
    "Certificates": {
      "Default": {
        "Path": "<path to .pfx file>",
        "Password": "$CREDENTIAL_PLACEHOLDER$"
      }
    }
  }
}

It is recommended to use the standard Interface 44000 port when configuring HTTPS endpoints.

Removing The Default HTTP endpoint

The default HTTP endpoint is decided by the URLS field of the appsettings.json file. This field should be completely removed. If it is left in the config it will be overwritten by the configurations inside the Kestrel:Endpoints category.

"Urls": "http://0.0.0.0:44000",

Enabling Only Interface Side Certificate

If only the Interface is to present a certificate, the "ClientCertificateMode": "RequireCertificate" field can be omitted.

Updated 2 months ago