Windows Windows Server 

How to host SignalR with SSL/https or adding new port to SSL

To host SignalR server and client in a secure hosting, you have to bind a port to SSL to run as https. next comes why to bind a new port to SSL when 443 default already available? Why, because if you are self-hosting outside IIS and 443 is already assigned you have to add a new port to SSL. Follow below steps to find a solution.

Binding a new port to SSL

Self-hosting under HttpListener is good, but one of the negative aspects of not being part of IIS is it doesn’t know about certificates that are installed for IIS, which means that certificates you want to use have to be explicitly bound to a port if you are self-hosting.

For now, I am considering you have already installed SSL certificate in IIS successfully. if not follow the SSL installation steps in windows IIS here – Click here

  1. Open command prompt/ PowerShell in admin mode.
  2. To bind please use the command below. (in certhash add your SSL cert thumbprint, how to find SSL thumbprint shown below) – Click here
    netsh http add sslcert ipport=0.0.0.0:8082 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=jhdsfjbb8ba48fiudsbfv8yertbv8sebrvb843gbfv

ipport = Specified as ipport=0.0.0.0:8082 where the zeros mean all IP addresses on port 8082 (you can use any port number between 1-65535 but check all ports already assigned and then assign). For IP you can also specify a specific IP Address.

appid = For appid the value is static so always use appid={12345678-db90-4b66-8b01-88f7af2e36bf}

certhash = The certhash is the id that maps the certificate to the IP endpoint above. You can find this hash by looking at the certificate in the Windows Certificates section.

Also Read:  How to redirect HTTP to HTTPS URL in Windows server

After successful installation use below command to verify.

netsh http show sslcert ipport=0.0.0.0:8082

 

Note: in the application please try to use the domain name to connect to your self-hosted server, because to your domain name the SSL certificate is issued and not to your IP address, so use a domain name. example: (https://yourdomainname.com:8082/signalr/hubs)

If you have any dought please comment down below

How to find Certhash?

  1. Open IIS manager and on the left side, list click on your IIS main server and in right part double click on server certificates option as shown below.
    Find Server Certificate
  2. Then select your SSL certificate and right click and click
    selecting SSL certificate
  3. click on details tab above and find the “thumbprint” in the list below, select will show you a key in below area, copy that and remove space in between and use it.
    Thumbprint selection

 

Related posts