IIS

Version Date Notes By
0.2 2019-06-11 Added: Convert .pfx file to RSA. Known issues JTO
0.1 2019-01-01 Initial commit JFM

This documents contains some extra information about configuring the application with IIS

Handling Multiple Origins in CORS Using URL Rewrite

This is usefull when you have to add a diferent Access Control Allow Origin besides the one that's handled automatically with laravel

<rewrite>            
  <outboundRules>
      <rule name="Enable CORS for Fonts">
          <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
          <conditions>
            <add input="{REQUEST_URI}" pattern="^[^\?]+\.(ttf|otf|eot|woff|woff2|svg)(\?.*)?$" />
          </conditions>
          <action type="Rewrite" value="*" />
      </rule>
  </outboundRules>
</rewrite>

Resources

https://stackoverflow.com/questions/39647732/enabling-cors-on-iis-for-only-font-files

https://kamranicus.com/posts/2016-03-06-cors-multiple-origins-iis

Generating certificate files from IIS installed certificate

  1. On the Start search for certmgr (Manage Computer Certificates) IIS

  2. Right-click the certificate to export and select All Tasks > Export.

  3. Choose Yes, export the private key and include all certificates in certificate path if possible. Warning: Do not select the delete private key option.

  4. Leave the default settings and then enter your password.

  5. Choose to save the file and then click Finish. You should receive an "export successful" message. The .pfx file is now saved to the location you selected.

Now that we have the file .pfx we have to convert it to a RSA private key format

First we need to download and install OpenSSL for windows http://www.slproweb.com/products/Win32OpenSSL.html.

After the installation open command prompt in administrator mode and navigate to where you installed OpenSSL

We can extract the private key form a PFX to a PEM file with this command (replace filename.pfx for the location and filename where the .pfx file was exported):

  • openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Exporting the certificate only:

  • openssl pkcs12 -in filename.pfx -clcerts -nokeys -out certificate.pem

Removing the password from the extracted private key:

  • openssl rsa -in key.pem -out private.key

Copy the files to "C:\storage\certificates\" if the certificates folder doesn't exist create it

Alter the laravel-echo-server.json to the following:

  "protocol": "https",
  "sslCertPath": "C:<Application-Backend-Directory>\\storage\\certificates\\certificate.pem",
  "sslKeyPath": "C:<Application-Backend-Directory>\\storage\\certificates\\private.key",
  "verifyAuthPath": true,
  "verifyAuthServer": false

Known issues

  • In IIS version 8.0.9200.16384 a problem was detected when a validation error occurs in the application backend. The error was intercepted by IIS which would return a custom error page instead of the expected error. Because of that the frontend couldn't interpret the error.

Solution:

  1. Open IIS select the site -> Error pages -> Edit Feature Settings
  2. Select the option "Detailed errors" and click Ok.