SignalR with Self-Signed SSL and Self-Host


I believe its all working for me now. Here is a run down of the steps I took to get things flowing:


SSL & SignalR (Owin WebApplication) requires binding a certificate to a port.

  1. Use IIS to generate an self-signed cert, this should place the certificate into the LOCAL COMPUTER > Personal > Certificates folder in CERTMGR
  2. In CERTMGR shift+drag certificate to LOCAL COMPUTER > Trusted Root Certification Authorities > Certificates folder, which should make a copy of it there
  3. Run the following command to bind the SSL certificate to

    netsh http add sslcert ipport= certhash=123456f6790a35f4b017b55d09e28f7ebe001bd appid={12345678-db90-4b66-8b01-88f7af2e36bf} 
    netsh http show urlacl > D:\urlacl.txt


    Reserved URL            : https://*:8080/ 
    User: SOMEWHERE\Administrator
    Listen: Yes
    Delegate: No
    SDDL: D:(A;;GX;;;S-1-5-21-138209071-46972887-2260295844-1106) 
  4. Run the following NETSH command to reserve all IP addresses for port 8080 to the My Service application ID and service account

    netsh http add urlacl url=https://*:8080/ user=SOMEWHERE\Administrator listen=yes
    netsh http show sslcert > D:\sslcert.txt


    IP:port                 : 
    Certificate Hash        : 123456f6790a35f4b017b55d09e28f7ebe001bd
    Application ID          : {12345678-db90-4b66-8b01-88f7af2e36bf} 
    Certificate Store Name  : (null) 
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0 
    URL Retrieval Timeout   : 0 
    Ctl Identifier          : (null) 
    Ctl Store Name          : (null) 
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled
  5. Update the MyServices.exe.config file to use https protocol (These are appSetting keys used to dynamically set the protocol and port of SignalR when My Service starts)

    <add key="SrProtocol" value="https" />
    <add key="SrPort" value="8080" />
  6. Start the My Service using the NETSTAT START command

  7. Run the following NETSH command to show the service state is occupying the registered url

    netsh http show servicestate > D:\servicestate.txt


    Server session ID: C300000320000039
    Version: 2.0
    State: Active
        Max bandwidth: 4294967295
            Entity body timeout (secs): 120
            Drain entity body timeout (secs): 120
            Request queue timeout (secs): 120
            Idle connection timeout (secs): 120
            Header wait timeout (secs): 120
            Minimum send rate (bytes/sec): 150
    URL groups:
    URL group ID: C600000340000138
        State: Active
        Request queue name: Request queue is unnamed.
            Max bandwidth: inherited
            Max connections: inherited
                Timeout values inherited
            Number of registered URLs: 1
            Registered URLs:

My application does NOT depend on IIS, but once I used IIS to temporarily create a port binding to my SSL certificate, my application started to work, and I was able to inspect the NETSH servicestate to see how IIS does it. I have since dropped the IIS binding and ran through the setup notes, and still have success.

My Owing startup looks somethign like this:

private void configureMessaging()
    string registerUrl = string.Format("{0}://*:{1}", Service.Server.SrProtocol, Service.Server.SrPort);

        //  Starts an owin web application to host SignalR, using the protocol and port defined.
    catch (Exception ex)
        Logger.Logs.Log(string.Format("Failed to configure messaging.  Exception: {0}", ex.RecurseInnerException()), LogType.Error);            

        if (ex is HttpListenerException || ex.InnerException is HttpListenerException)
                Process p = new Process();
                p.StartInfo.UseShellExecute = false;
                p.StartInfo.RedirectStandardOutput = true;
                p.StartInfo.FileName = "netsh.exe";
                p.StartInfo.Arguments = string.Format("netsh http delete urlacl url={0}"
                    , registerUrl
            catch (Exception exP)
                Logger.Logs.Log(string.Format("Failed to delete urlacl {0}.  Exception: {1}"
                    , registerUrl
                    , exP.RecurseInnerException()
                    , LogType.Error

                retries = 5;

    if (retries < 5)

        Logger.Logs.Log(string.Format("Attempting to configure messaging again.  Attempt No. {0}", retries), LogType.Warn);


        Logger.Logs.Log(string.Format("Exceeded total number of retries to configure messaging.", retries), LogType.Error);



And self-hosted HubConnetion instances look like this:

    public IHubProxy MyHubProxy
            if (this._MyHubProxy == null)
                var connection = new HubConnection(string.Format("{0}://{1}:{2}/"
                    , Settings.GetSetting(Settings.Setting.SrProtocol)
                    , MyHub.GetLocalhostFqdn(null)
                    , Settings.GetSetting(Settings.Setting.SrPort)
                this._MyHubProxy = connection.CreateHubProxy("MyHub");

                if (File.Exists("My.cer")
                    && Settings.GetSetting(Settings.Setting.SrProtocol).Equals("https", StringComparison.InvariantCultureIgnoreCase))


            return this._MyHubProxy;

There is a little more code here than relevant, but hopefully it may be of help!