Jump to content
marcovaldo

MARS running as Indy standalone Windows Service, correct cert locations

Recommended Posts

Hi All,

Sorry for duplicating information!
I repostet under new Topic for better visibility. May this save others the days I lost...


CERTIFICATE LOCATIONS FOR WINDOWS SERVICE DIFFERENT TO WINDOWS APPLICATION!
(at least on Win10/Pro as I have) :

the cert files (supposed to be in bin/executable folder) MUST BE IN C:\Windows\SysWOW64\ folder
also a cert.pem is queried from C:\usr\local\ssl\cert     (i copied the root cert to this name, however not sure if necessary)

so if sticking with Indy default names, the files are:
C:\Windows\SysWOW64\localhost.pem        root cert
C:\Windows\SysWOW64\localhost.crt           cert
C:\Windows\SysWOW64\localhost.key          key
Selfsigned cert OK (created using XCA)

For copying to this folder, of course Admin rights are necessary.
If you are using a VMWare VM for Delphi 10.4.X, as I do, and the project files are in the shared VM drive outside the VM,
you need 2-step copy: 1) project/bin to local desktop  2) local desktop to SysWOW64

All the above is for WIN32 Service target, as I did not tryout X64 yet.
I am happy to be out of the swamp and back on the road (after fighting Windows and not Project)

Kind Greetings,

     ckranich

Share this post


Link to post
1 hour ago, marcovaldo said:

the cert files (supposed to be in bin/executable folder) MUST BE IN C:\Windows\SysWOW64\ folder

Why? What is the actual problem with having them in an application folder?

Share this post


Link to post

They were ignored in application folder (if started as service)
In my  case they _have_been_ all the time in application folder. But only used by server compiled as application.
When service has been started, it was terminated after a few seconds (Event entry: Service failed at start....)
I first thought it has to do with my special setup (Delphi in VM, Project files outside in shared folder), but
it also failed if i copied service application, OpenSSL dlls, certs to a local folder inside VM, like C:\Test.
Could this be a special case of Win10 running in a VMWare Player VM then?
 

Share this post


Link to post
1 hour ago, marcovaldo said:

They were ignored in application folder (if started as service)
In my  case they _have_been_ all the time in application folder. But only used by server compiled as application.

Seems like they're loaded by relative path.

Share this post


Link to post
11 hours ago, marcovaldo said:

They were ignored in application folder (if started as service)

Indy doesn't care where the certificate files are stored, as long as the paths you supply to them are valid.  Using absolute paths should have worked fine.  Unless Indy is not the one using the certificate files to begin with...

Share this post


Link to post

Hi,

 

I did not want to trigger a dispute about this :-0
Only wanted to share my findings - might they (possibly) be helpful to others...
Yes, I tried absolute file locations before (like C:\certs\localhost.pem etc). did not work here (or only worked with application, not with service.

Thank you for contributing to Indy & kind Greetings,

m.

Share this post


Link to post

Final Remark:

This confusion has been triggered by my specific setup (maybee no one else uses this...)

=> if you run a Win32 Service on Win64, then the current folder IS SysWOW64,
no matter where the executable is located.

Share this post


Link to post

If you specifing absolute paths, they would be loaded from the absolute location, can you try to monitor the service with procmon (sysinternals), and see what files en especially where the service tries to open them ? 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×