Skip to content

Enabling HTTPS for Localhost

Jump to bottom
Martin Konopka edited this page Apr 4, 2018 · 4 revisions

If you need to call the UXC REST services from secured website running on HTTPS, and call UXC localhost services, it is required to host UXC local services on HTTPS as well. However, HTTPS is not supported for localhost domain, since localhost is not valid domain name and web SSL certificates are issued only for valid domain names, not localhost, nor for IP addresses.

To overcome this limitation, follow these steps to open HTTPS protocol for the port 55554:

  1. Register a valid domain name, e.g., mydomain.com

  2. Create a subdomain that you will not use remotely, e.g., localhost.mydomain.com

  3. Obtain a security certificate for this subdomain, e.g., at Let's Encrypt

  4. Download certificate *.crt file(s) but also a private key in the PFX format *.p12.

  5. Open admin command prompt (see above) and run these commands: i. Add the public certificate to Trusted Root Certification Authorities:

    C:\Windows\System32\certutil.exe -f -addstore "Root" <PATH_TO_CRT_FILE>

    ii. Add the private key to the Personal certificate store (you will be prompted for the password of the private key):

    C:\Windows\System32\certutil.exe -f -importPFX "My" <PATH_TO_P12_FILE>

    iii. Remove previous registrations for the desired port 55554, if exist, with these command:

    C:\Windows\system32\netsh http delete urlacl url=http://localhost:55554/

    C:\Windows\system32\netsh http delete urlacl url=https://localhost:55554/

    C:\Windows\system32\netsh http delete urlacl url=http://+:55554/

    C:\Windows\system32\netsh http delete urlacl url=https://+:55554/

    C:\Windows\system32\netsh http delete sslcert ipport=127.0.0.1:55554

    iv. Add new port registration, note the HTTPS protocol:

    C:\Windows\system32\netsh http add urlacl url=https://+:55554/ user=Everyone

    v. Register certificate for the port. Locate the thumbprint string in the details of the public certificate file. The GUID number is for your personal use to locate the port registration later:

    C:\Windows\system32\netsh http add sslcert ipport=127.0.0.1:55554 certhash=<INSERT_CERTIFICATE_THUMBPRINT_WITHOUT_SPACES_HERE> appid={<INSERT_RANDOM_GUID_HERE>}

  6. Because the obtained certificates were issued for localhost.mydomain.com, we need to re-route this domain to localhost, i.e., 127.0.0.1:

    i. Backup the Windows hosts file located at:

    C:\Windows\System32\drivers\etc\hosts

    ii. Edit the file by adding new entries at the end of the entries list:

    127.0.0.1 localhost.mydomain.com

    127.0.0.1 www.localhost.mydomain.com

    iii. Save changes to the hosts file (requires elevated privileges).

  7. Update the localhost endpoint address in the UXC application settings to the newly registered entry in firewall:

https://+:55554
  1. Restart the UXC application.
  2. Test the connection in a web browser by navigating to the address:
https://localhost.mydomain.com:55554/
  1. Use this fake URI address in your applications to call the UXC API.
Clone this wiki locally