Configure Compute to use HTTPS
Windows only

Overview

In this guide, we will walk through the process of creating a valid SSL certificate so that Rhino.Compute can communicate with clients using the HTTPS protocol.

Prerequisites

The following must be completed:

  1. You must have an active virtual machine (VM) instance. Use the following guides to walk through setting up a VM.

  2. The VM must be accessible to the web (open port 80, and 443).

  3. A static public IPv4 address must be associated with your virtual machine. To learn more about configuring static IP address, use the following links:

  4. You must have an existing domain and have access to its DNS settings. An A record in your DNS settings must point to the public IPv4 address of your virtual machine.

Note
For this guide, I have assoicated an elastic IP address with my virtual machine instance. I have also setup an A record in my DNS settings to point rhino.compute.rhino3d.com at the IP address of my virtual machine.

Modify the Host Name

Before we step through the process of generating an SSL certificate, we need to make one modification to our existing IIS configuration for Rhino.Compute.

  1. If you have not already done so, log into your VM (via RDP). See the section Connect via RDP for more details.

  2. On the Start menu, click in the search area and type Internet Information Services (IIS) Manager. Click to launch the app.

  3. In the IIS Manager, click on the web server node in the Connections panel on the left to expand the menu tree. Then click on the Sites node to expand the sub-menu. Lastly, select the Rhino.Compute node from the menu tree to adjust its settings.

  4. In the Actions pane on the right, click Bindings. https://developer.rhino3d.com/images/Site_Binding_2.png

  5. In the Site Bindings pane, select the row whose Type is set to http. On the right-hand side, click the Edit button.

  6. In the Host name text field, type in the subdomain name that you created when setting up the A-Record. Click OK when done. https://developer.rhino3d.com/images/Site_Binding_1.png

Generate the Certificate

The next step in the process is to create and install an SSL certificate for the local IIS server. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. It is required in order to use the HTTPS protocol.

To generate the certificate, we recommend using Win-ACME. Win-ACME is a simple interactive client which can create and install the certificate as well as handle renewing the certificate when needed.

  1. Download the Win-ACME Client on the virtual machine. Note: Win-ACME is distributed as .zip file.

  2. Right-click on the download .zip file and select Extract All. It doesn’t really matter what directory you choose to extract the files to as we will manually move/rename them in the next step. Click Extract.

  3. Select the newly extracted directory and type Ctrl+X to Cut and then Ctrl+V to Paste this folder into the root C:\ drive.

  4. Now, right-click on the directory that you just copied to the C:\ drive and select Rename from the menu. Shorten the folder name to just “win-acme”. https://developer.rhino3d.com/images/win_acme_1.png

  5. Click on the Windows Start menu and type in “Powershell”. In the menu that appears, right-click on the Windows Powershell app and choose Run As Administrator.

  6. Type in the following command and hit Enter to launch the Win-ACME application.

    C:\win-acme\wacs.exe
  1. You should see an interactive menu appear with a set of instructions which can be run by typing in a specific letter. https://developer.rhino3d.com/images/win_acme_2.png

  2. Type the letter N and hit Enter to create a certificate with the default settings. You should see a list of available IIS sites that are available. If you do not see an entry for Rhino.Compute (1 binding) then it is likely that you have not set the host name correctly in the previous step. See the section on modifying the host name. https://developer.rhino3d.com/images/win_acme_3.png

  3. Type the number associated with the row for Rhino.Compute (1 binding) and hit Enter.

  4. Hit Enter again to accept the default Pick all bindings.

  5. When prompted to Continue with this selection? hit Enter or type Y for yes. https://developer.rhino3d.com/images/win_acme_4.png

  6. When prompted to Open in default application? hit Enter or type Y for yes.

  7. When prompted Do you agree with the terms? hit Enter or type Y for yes.

  8. Enter a valid email(s) address to receive notifications about problems or abuses with this certificate. Hit Enter when the email address has been provided. https://developer.rhino3d.com/images/win_acme_5.png

Congratulations. If successful, the application will then run a series of authorization and validation tests to confirm host is secure. Win-ACME will then generate the SSL certificate and install it with IIS and add a new binding (*:443) to the Rhino.Compute site. The SSL certificate will be valid for 90 days. However, the Win-ACME application will create a task scheduler which will try to renew the certificate after 60 days. You should now be able to send an HTTPS request to your Rhino.Compute server and get a valid response back.

https://developer.rhino3d.com/images/win_acme_6.png