KeePassRest Configuration

This document describes the steps to change the base address of the HTTPS RESTful web service. The base address has a similar syntax as a URI and tells the service the IP address and port it should be listening to. By default the setup configures the service to use this base address: https://localhost:12984/keepass/.

Important: The KeePassRest setup installs and configures everything so that no manual configuration is required to run the web service with the default base address.

KeePass.config.xml: Web Service Base Address

To change the base address the web service is listening to, merge the following xml snipped into the root node in the KeePass.exe.config file:
<Custom>
	<Item>
		<Key>KeePassRest.BaseAddress</Key>
		<Value>https://localhost:12984/keepass/</Value>
	</Item>
</Custom>

HTTP Configuration: Set server certificate

Ensure that the server certificate to be used has already been installed into the Personal store of the Local Machine. The certificate is identified by the thumbprint that is displayed in the certificate properties. Run the command below and do not forget to replace the base address and the certificate thumbprint:

Pre-Windows Vista

httpcfg set ssl -i 0.0.0.0:12984 -h 6acc34a69961aa4c29fa7011e657e6412aeda276

Windows Vista and higher

netsh http add sslcert ipport=0.0.0.0:12984 certhash=6acc34a69961aa4c29fa7011e657e6412aeda276 appid={9aa80290-a376-4b4e-bc6a-588b2317eeed}

HTTP Configuration: Register namespace

The permissions for the namespace must be setup because by default only applications with Administration privileges are able to run the web service.

Pre-Windows Vista

httpcfg.exe set urlacl /u https://+:12984/keepass/ /a "D:(A;;GX;;;WD)

Windows Vista and higher

netsh http add urlacl url=https://+:12984/keepass/ user=\Everyone sddl=D:(A;;GX;;;WD)

Testing

To test the setup, start SmartFTP, go to the menu: Tools - Settings. Then go to the KeePass dialog. Enter the base address and click the Test button.

Alternatively you can also test it with a web browser if it allows you to select a client certificate for the HTTPS connection. Then query a random entry:
https://localhost:12984/keepass/entry/ADC47124AADFCB489F812F1A413BAAAA