Pell-Mell on Setting Up a Solid Server on Windows


#1

A short time ago, there was a topic meant for solving a symptom when setting up a Solid server on a Windows machine I once had created on the symptom. However, it began to develop a kind pell-mell on setting up a Solid server on Windows. Understandably, I didn't want that topic to deteriorate to a clutter: This would make solving the symptom unnecessarily more difficult to parse for people being proficient in basics. That is why I moved that topic to Symptom: Access to Main (“index”) Page Denied for Owner’s WebID When Setting Up a Solid Server on a Windows Machine.

As a result, I am accommodating you with creating this topic in the category currently called Solid: The Basics as a meeting place for all those who are concerned with basics of setting up a Solid server on Windows and who do not find a more specific topic of their concern.

To begin with, I have moved a part of the currently last post of the aforementioned moved topic, which reads as follows.

@DameLyngdoh, ... On the other hand, should you ask for a helping hand, as far as I can remember, I made use of openssl 'Win64OpenSSL-1_1_1.exe' installer I have downloaded from http://slproweb.com/products/Win32OpenSSL.html. There are many installers presented for download there. Unfortunately, I cannot say in a rush, which one entails downloading the aforementioned one. With respect to the public key certificate and the private key, I have made use of no other toolkits in this case.

I do not know what to do when using a university system not allowing installations. Maybe you have to speak to the administrator or—if you can take the responsibility for the outcome—use a system allowing installations after all. Otherwise without engagement cf. the post /hit-a-wall-with-ssl-certification-on-single-user-servers/455/3?u=gandalfprime...

For other projects I’ve used java to make the key and pem. Over Thanksgiving I’ll try setting up solid on my Windows box

Cit. @rimmartin in the topic Symptom: Access to Main (“index”) Page Denied for Owner’s WebID When Setting Up a Solid Server on a Windows Machine on this forum.

No comment on making PEM public key certificate and private key file format with Java in an undisclosed way.
Did someone say PowerShell? Try https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps 1 - it will create all the certificates you want. But they are stored in the Windows Certificate Store, so you need to export them afterwards as PEM-files (which apparently also is what Windows call CER-file) - see https://certsimple.com/help/windows-export-pem-private-key

Cit. @JornWildt in the topic Symptom: Access to Main (“index”) Page Denied for Owner’s WebID When Setting Up a Solid Server on a Windows Machine on this forum.

For obvious reason, it does not apply that PowerShell would create all the (public key) certificates you want. No comment on generating self-signed server certificate with PowerShell and making PEM public key certificate and private key file format in an undisclosed way. Anyway, be aware of the topic Hit a wall with SSL certification on single user servers when using self-signed server (public key) snake oil certificate.

Back to this topic at hand, I propose posting within this topic in case your posts do not directly concern more specific topics on setting up a Solid server on Windows.

Anybody who can reproduce the aforementioned symptom or who can contribute to solving it is still welcome to post within the moved topic.


#2

I stood node-solid-server up on windows using node-forge https://github.com/digitalbazaar/forge#x509 self signing with x509 and also made some windows cmd’s equivalent to bin/solid and bin/solid-test

no openssl or unix emulation needed.

I guess I should fork; would be the easiest way to provide this to the forum?


Node solid server setup and login
Symptom: Access to Main ("index") Page Denied for Owner's WebID When Setting Up a Solid Server on a Windows Machine
#3
cd node-solid-server

call .\bin\solid-test.cmd start --multiuser --port 8443 --ssl-cert C:\NodeProjects\pmc.cert --ssl-key C:\NodeProjects\pmc.key --root .\data

where before a little self_certify.js doing https://github.com/digitalbazaar/forge#x509 (// generate a keypair and create an X.509v3 certificate example) and then writing the cert and key to the parent directory:

// convert a Forge certificate to PEM
var pem = pki.certificateToPem(cert);

// convert a Forge private key to PEM-format
var pemKey = pki.privateKeyToPem(keys.privateKey);


fs.writeFile('pmc.cert', pem, {encoding: null}, (err) =>{});
fs.writeFile('pmc.key', pemKey, {encoding: null}, (err) =>{});

Node solid server setup and login
#4

I have not verified your way of making PKI self-signed TLS/SSL server certificate and server private key files in the PEM format.

Anyway,

  1. Assuming you refer to self-signed public key server certificate in both cases, you generate the keypair in the PEM format on the java way. What conversion does java way need then?

  2. What do you mean with forking? Fork what?

    Using PowerShell instead of your self-made java way could be a coequal alternative for making self-signed public key server certificate and server private key PEM files, though PowerShell features in general strongly depend on the version of Windows possibly for commercial reason and your way probably does not.

    Anyway, if no conversion was needed, the java way would be the one to go for people like @DameLyngdoh, who is using a university system with Java already installed, but not allowing installations, cf. initial post in this topic. However, beware of coming up against a brick wall when using self-signed public key server certificate.

  3. After starting the Solid server, do you encounter the reference symptom?

Note that I am pressed for time at least in the next weeks.

#5
  1. no java involved; used node-forge https://github.com/digitalbazaar/forge#x509 which is javascript run from node.

  2. I had followed with the reply Pell-Mell on Setting Up a Solid Server on Windows with information on how I did it

  3. the server window:

C:\NodeProjects\node-solid-server>echo off
 --port 8443 --ssl-cert C:\NodeProjects\pmc.cert --ssl-key C:\NodeProjects\pmc.key --root .\data
TIP create a config.json: `$ solid init`
Solid server (v4.4.0-5-gee8c7c8) running on https://localhost:8443/
Press <ctrl>+c to stop

and I can go to link https://localhost:8443/, register and work with the interface


#6

self_certify.js

var fs = require('fs');
var forge = require('node-forge');

var pki = forge.pki;

// generate a keypair and create an X.509v3 certificate
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
// alternatively set public key from a csr
//cert.publicKey = csr.publicKey;
// NOTE: serialNumber is the hex encoded value of an ASN.1 INTEGER.
// Conforming CAs should ensure serialNumber is:
// - no more than 20 octets
// - non-negative (prefix a '00' if your value starts with a '1' bit)
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
var attrs = [{
  name: 'commonName',
  value: 'localhost'
}, {
  name: 'countryName',
  value: 'US'
}, {
  shortName: 'ST',
  value: 'Pensylvania'
}, {
  name: 'localityName',
  value: 'State College'
}, {
  name: 'organizationName',
  value: 'PMC'
}, {
  shortName: 'OU',
  value: 'pmc'
}];
cert.setSubject(attrs);
// alternatively set subject from a csr
//cert.setSubject(csr.subject.attributes);
cert.setIssuer(attrs);
cert.setExtensions([{
  name: 'basicConstraints',
  cA: true
}, {
  name: 'keyUsage',
  keyCertSign: true,
  digitalSignature: true,
  nonRepudiation: true,
  keyEncipherment: true,
  dataEncipherment: true
}, {
  name: 'extKeyUsage',
  serverAuth: true,
  clientAuth: true,
  codeSigning: true,
  emailProtection: true,
  timeStamping: true
}, {
  name: 'nsCertType',
  client: true,
  server: true,
  email: true,
  objsign: true,
  sslCA: true,
  emailCA: true,
  objCA: true
}, {
  name: 'subjectAltName',
  altNames: [{
    type: 6, // URI
    value: 'http://localhost/webid#me'
  }, {
    type: 7, // IP
    ip: '127.0.0.1'
  }]
}, {
  name: 'subjectKeyIdentifier'
}]);
/* alternatively set extensions from a csr
var extensions = csr.getAttribute({name: 'extensionRequest'}).extensions;
// optionally add more extensions
extensions.push.apply(extensions, [{
  name: 'basicConstraints',
  cA: true
}, {
  name: 'keyUsage',
  keyCertSign: true,
  digitalSignature: true,
  nonRepudiation: true,
  keyEncipherment: true,
  dataEncipherment: true
}]);
cert.setExtensions(extensions);
*/
// self-sign certificate
cert.sign(keys.privateKey);

// convert a Forge certificate to PEM
var pem = pki.certificateToPem(cert);

// convert a Forge private key to PEM-format
var pemKey = pki.privateKeyToPem(keys.privateKey);


fs.writeFile('pmc.cert', pem, {encoding: null}, (err) =>{});
fs.writeFile('pmc.key', pemKey, {encoding: null}, (err) =>{});

needs your location and names filled.

call "%NODE_HOME%\node" self_certify.js

Node solid server setup and login
#7

As far as I can say, your focus in the last few days was helping others to run Solid under Windows developer environment for testing purposes, but contrary to that description without using openssl. If so, you can run your Solid installation. Can you?


#8

Yes.

No openssl; node-forge x509 is javascript that does not call or use openssl. It generates a certificate and private key that works with node-solid-server in WIndows developer environment. Above the self_certify.js code I ran to generate a certificate and private key because I’m a developer without access to commercial pki’s.

How are you launching the server? I made cmd’s that launch it equivalent to the bash scripts bin/solid and bin/solid-test. I forked and pushed them to https://github.com/rimmartin/node-solid-server/tree/master/bin


#9

I’m currently working on setting up my client side code on windows to test further; might have to pick it up after work this evening


#10

solid start -v from the NSS filesystem root, cf. Section Initial Access Authorization presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server. However, I am not working in a developer environment for now. Cannot say if that command works there. Maybe it works with the --no-reject-unauthorized flag to make the Solid server to accept self-signed certificates... cf.


#11

windows has emulation for NSS filesystem root?
I’m running from the windows command line

Following https://github.com/solid/node-solid-server#run-a-single-user-server-beginner steps?
You had first ran solid init? DId it ask for an SSL key and certificate?


#12

This is a misunderstanding: With NSS filesystem root, we understand just that, what it says, cf. Fig.8 presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server, and the comment straight thereunder: We are running from the windows command line (a.k.a. NSS Console) just as you are.

Yes, following Command Line Usage. 👎Note that the fragment URI/URL component command-line-usage in https://github.com/solid/node-solid-server#command-line-usage currently has not worked at least for days as expected with all browsers. I suspect a server/client compatibility issue due to a server flaw and am in a rush unable to provide a workaround. Anyway, it works as expected at least with current Firefox Quantum 63.0.3 (64-bit) on Windows 8.

My answers left cf. A temporary solution for the limitation of forum.solidproject.org_t_setting-up-a-solid-server-on-a-windows-machine_112_4.htm presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server.

#13

but bin/solid is a shebang script for node javascript

This doesn’t run on my windows box from the cmd prompt. So I made the windows equivalent:


Node solid server setup and login
#14

I have not evaluated on the nature of the solid line command. It worked from the box as expected. Could your Windows user’s path environment variable have not been set properly when installing the solid module?


#15

I don’t think node-soild-server was written and tested for windows yet


#16

You have got eyes to see. Do you perhaps not believe your eyes?


#17

?
I’m running node-solid-server on windows


#18

Well done!


#19