Pell-Mell on Setting Up a Solid Server on Windows

A short time ago, there was a topic meant for solving a symptom when setting up a Solid server on a Windows machine I once had created on the symptom. However, it began to develop a kind pell-mell on setting up a Solid server on Windows. Understandably, I didn't want that topic to deteriorate to a clutter: This would make solving the symptom unnecessarily more difficult to parse for people being proficient in basics. That is why I moved that topic to Symptom: Access to Main (“index”) Page Denied for Owner’s WebID When Setting Up a Solid Server on a Windows Machine.

As a result, I am accommodating you with creating this topic in the category currently called Solid: The Basics as a meeting place for all those who are concerned with basics of setting up a Solid server on Windows and who do not find a more specific topic of their concern.

To begin with, I have moved a part of the currently last post of the aforementioned moved topic, which reads as follows.

Back to this topic at hand, I propose posting within this topic in case your posts do not directly concern more specific topics on setting up a Solid server on Windows.

Anybody who can reproduce the aforementioned symptom or who can contribute to solving it is still welcome to post within the moved topic.

I stood node-solid-server up on windows using node-forge https://github.com/digitalbazaar/forge#x509 self signing with x509 and also made some windows cmd’s equivalent to bin/solid and bin/solid-test

no openssl or unix emulation needed.

I guess I should fork; would be the easiest way to provide this to the forum?

cd node-solid-server

call .\bin\solid-test.cmd start --multiuser --port 8443 --ssl-cert C:\NodeProjects\pmc.cert --ssl-key C:\NodeProjects\pmc.key --root .\data

where before a little self_certify.js doing GitHub - digitalbazaar/forge: A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (// generate a keypair and create an X.509v3 certificate example) and then writing the cert and key to the parent directory:

// convert a Forge certificate to PEM
var pem = pki.certificateToPem(cert);

// convert a Forge private key to PEM-format
var pemKey = pki.privateKeyToPem(keys.privateKey);


fs.writeFile('pmc.cert', pem, {encoding: null}, (err) =>{});
fs.writeFile('pmc.key', pemKey, {encoding: null}, (err) =>{});

I have not verified your way of making PKI self-signed TLS/SSL server certificate and server private key files in the PEM format.

Anyway,

1. Assuming you refer to self-signed public key server certificate in both cases, you generate the keypair in the PEM format on the java way. What conversion does java way need then?

2. What do you mean with forking? Fork what?

   Using PowerShell instead of your self-made java way could be a coequal alternative for making self-signed public key server certificate and server private key PEM files, though PowerShell features in general strongly depend on the version of Windows possibly for commercial reason and your way probably does not.

   Anyway, if no conversion was needed, the java way would be the one to go for people like @DameLyngdoh, who is using a university system with Java already installed, but not allowing installations, cf. initial post in this topic. However, beware of coming up against a brick wall when using self-signed public key server certificate.

3. After starting the Solid server, do you encounter the reference symptom?

1. no java involved; used node-forge https://github.com/digitalbazaar/forge#x509 which is javascript run from node.

2. I had followed with the reply Pell-Mell on Setting Up a Solid Server on Windows with information on how I did it

3. the server window:

C:\NodeProjects\node-solid-server>echo off
 --port 8443 --ssl-cert C:\NodeProjects\pmc.cert --ssl-key C:\NodeProjects\pmc.key --root .\data
TIP create a config.json: `$ solid init`
Solid server (v4.4.0-5-gee8c7c8) running on https://localhost:8443/
Press <ctrl>+c to stop

and I can go to link https://localhost:8443/, register and work with the interface

self_certify.js

var fs = require('fs');
var forge = require('node-forge');

var pki = forge.pki;

// generate a keypair and create an X.509v3 certificate
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
// alternatively set public key from a csr
//cert.publicKey = csr.publicKey;
// NOTE: serialNumber is the hex encoded value of an ASN.1 INTEGER.
// Conforming CAs should ensure serialNumber is:
// - no more than 20 octets
// - non-negative (prefix a '00' if your value starts with a '1' bit)
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
var attrs = [{
  name: 'commonName',
  value: 'localhost'
}, {
  name: 'countryName',
  value: 'US'
}, {
  shortName: 'ST',
  value: 'Pensylvania'
}, {
  name: 'localityName',
  value: 'State College'
}, {
  name: 'organizationName',
  value: 'PMC'
}, {
  shortName: 'OU',
  value: 'pmc'
}];
cert.setSubject(attrs);
// alternatively set subject from a csr
//cert.setSubject(csr.subject.attributes);
cert.setIssuer(attrs);
cert.setExtensions([{
  name: 'basicConstraints',
  cA: true
}, {
  name: 'keyUsage',
  keyCertSign: true,
  digitalSignature: true,
  nonRepudiation: true,
  keyEncipherment: true,
  dataEncipherment: true
}, {
  name: 'extKeyUsage',
  serverAuth: true,
  clientAuth: true,
  codeSigning: true,
  emailProtection: true,
  timeStamping: true
}, {
  name: 'nsCertType',
  client: true,
  server: true,
  email: true,
  objsign: true,
  sslCA: true,
  emailCA: true,
  objCA: true
}, {
  name: 'subjectAltName',
  altNames: [{
    type: 6, // URI
    value: 'http://localhost/webid#me'
  }, {
    type: 7, // IP
    ip: '127.0.0.1'
  }]
}, {
  name: 'subjectKeyIdentifier'
}]);
/* alternatively set extensions from a csr
var extensions = csr.getAttribute({name: 'extensionRequest'}).extensions;
// optionally add more extensions
extensions.push.apply(extensions, [{
  name: 'basicConstraints',
  cA: true
}, {
  name: 'keyUsage',
  keyCertSign: true,
  digitalSignature: true,
  nonRepudiation: true,
  keyEncipherment: true,
  dataEncipherment: true
}]);
cert.setExtensions(extensions);
*/
// self-sign certificate
cert.sign(keys.privateKey);

// convert a Forge certificate to PEM
var pem = pki.certificateToPem(cert);

// convert a Forge private key to PEM-format
var pemKey = pki.privateKeyToPem(keys.privateKey);


fs.writeFile('pmc.cert', pem, {encoding: null}, (err) =>{});
fs.writeFile('pmc.key', pemKey, {encoding: null}, (err) =>{});

needs your location and names filled.

call "%NODE_HOME%\node" self_certify.js

As far as I can say, your focus in the last few days was helping others to run Solid under Windows developer environment for testing purposes, but contrary to that description without using openssl. If so, you can run your Solid installation. Can you?

Yes.

No openssl; node-forge x509 is javascript that does not call or use openssl. It generates a certificate and private key that works with node-solid-server in WIndows developer environment. Above the self_certify.js code I ran to generate a certificate and private key because I’m a developer without access to commercial pki’s.

How are you launching the server? I made cmd’s that launch it equivalent to the bash scripts bin/solid and bin/solid-test. I forked and pushed them to https://github.com/rimmartin/node-solid-server/tree/master/bin

I’m currently working on setting up my client side code on windows to test further; might have to pick it up after work this evening

solid start -v from the NSS filesystem root, cf. Section Initial Access Authorization presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server. However, I am not working in a developer environment for now. Cannot say if that command works there. Maybe it works with the --no-reject-unauthorized flag to make the Solid server to accept self-signed certificates... cf.

windows has emulation for NSS filesystem root?
I’m running from the windows command line

Following https://github.com/solid/node-solid-server#run-a-single-user-server-beginner steps?
You had first ran solid init? DId it ask for an SSL key and certificate?

This is a misunderstanding: With NSS filesystem root, we understand just that, what it says, cf. Fig.8 presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server, and the comment straight thereunder: We are running from the windows command line (a.k.a. NSS Console) just as you are.

Yes, following Command Line Usage. 👎Note that the fragment URI/URL component command-line-usage in https://github.com/solid/node-solid-server#command-line-usage currently has not worked at least for days as expected with all browsers. I suspect a server/client compatibility issue due to a server flaw and am in a rush unable to provide a workaround. Anyway, it works as expected at least with current Firefox Quantum 63.0.3 (64-bit) on Windows 8.

but bin/solid is a shebang script for node javascript

This doesn’t run on my windows box from the cmd prompt. So I made the windows equivalent:

I have not evaluated on the nature of the solid line command. It worked from the box as expected. Could your Windows user’s path environment variable have not been set properly when installing the solid module?

I don’t think node-soild-server was written and tested for windows yet

You have got eyes to see. Do you perhaps not believe your eyes?

?
I’m running node-solid-server on windows

Well done!