Setting up SSL on Windows

Follow this guide to add a self-signed certificate to EventStoreDB.

Generate a certificate

First, create a certificate using PowerShell, and copy the thumbprint from the output:

New-SelfSignedCertificate -DnsName eventstore.org, localhost -CertStoreLocation cert:\CurrentUser\My
1

The cert:\CurrentUser\My certificate location contains values to be used for CertificateStoreLocation (CurrentUser) and CertificateStoreName (My) settings.

The eventstore.org value should be used for the CertificateSubjectName setting, and localhost is the default value for the SslTargetHost setting.

Trust the certificate

To trust the new certificate, you have to import the certificate into the Trusted Root Certification Authorities:

  1. Press WindowsKey + R, and enter certmgr.msc.

Open certmgr.msc

  1. Navigate to Certificates -> Current User -> Personal -> Certificates.

  2. Locate the certificate 'eventstore.com'.

Find certificate

  1. Right click on the certificate and click on All Tasks -> Export. Follow the prompts.

Export certificate

  1. Navigate to Certificates -> Current User -> Trusted Root Certification Authorities -> Certificates.
  2. Right click on the Certificates folder menu item and click All Tasks -> Import. Follow the prompts.

Find certificate

Configure the server

Start EventStoreDB with the following configuration in the eventstore.conf file:

CertificateStoreLocation: CurrentUser
CertificateStoreName: My
CertificateThumbPrint: {Insert Thumb Print from Step 1}
CertificateSubjectName: CN=eventstore.com
ExtSecureTcpPort: 1115
1
2
3
4
5

Read more about server security settings on this page.

Connect to secure node

When connecting to the secure node, you need to tell the client to use the secure connection.

var settings = ConnectionSettings
    .Create()
    .UseSslConnection("eventstore.com", true);

using var conn = EventStoreConnection
    .Create(settings, new IPEndPoint(IPAddress.Loopback, 1115));
await conn.ConnectAsync();
1
2
3
4
5
6
7