Delphi XE2 DataSnap Server - HTTPS 'Could not load certificate'

3
votes

I have an existing DataSnap server (Windows service) which is running fine on HTTP, and I now want to add HTTPS as an additional protocol. I've obtained and installed an SSL certificate and generated a certificate file (.crt) and private key file (.key). As a test, when using the Delphi XE2 DataSnap Server wizard and ticking 'HTTPS' to get the certificate page, I can reference the 2 files and click the 'Test' button which succeeds. I've added an additional TDSHTTPService component and linked it to a TDSCertFiles component. In my service startup event I'm setting the path to the 2 certificate files before starting the DSServer, in the DSCertFiles.CertFile and DSCertFiles.KeyFile properties. When trying to start the service I get the error :

Could not load certificate. error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

Is there something I'm missing?

2
delphihttpscertificatedatasnap
Does your code verify that the service actually can "see" the certificate files (it might be a path or permission problem)? - mjn
Hi, see my comment to Remy's answer - the component seems to look for the certificates in the path set at design-time only (maybe a bug?). - Jonathan Wareham
You can verify if it is a bug - if the error disappears as soon as you place the files in the design-time defined location. Otherwise, something is wrong with the service environment - mjn
Yes the error disappears when ensuring the files are in the design-time location. - Jonathan Wareham

2 Answers

5
votes

There is a well known bug in XE2 and XE3.

I've found this workaround.

After set the TDSCert properties and before start the DSHTTPServer, call this method:

DSCertFiles2.SetServerProperties(DSHTTPService2.HttpServer); //WORK AROUND
1
votes

Error code 0x140AD002 means SSL_CTX_use_certificate_file() was not able to open the file.