Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Main form in Secure mode
#1
How do I start my application (Main form) in secure mode (SSL + TLS) ?
Reply
#2
Not sure if you are using Http.sys or Indy, anyway, these are the general things you need to configure (copied from another thread):

In this case, you just need to set:


Code:
ServerController.Port := (your HTTP port, default is 80)
ServerController.SSLOptions.Port := (your HTTPS port, default is 443)


What will determine the behavior of the application is the property

ServerController.SSLOptions.NonSSLRequest

It can be either: nsAccept (default), nsRedirect and nsBlock

nsAccept: incoming requests using HTTP port will be accepted and everything will run using HTTP only protocol
nsRedirect: any incoming request using HTTP port will be redirected to HTTPS port (if HTTPS is enabled, i.e. you have ServerController.SSLOptions.Port > 0)
nsBlock: any incomping request using HTTP port will be blocked. In this case the HTTP server won't even listen to the HTTP. No response for HTTP request will be generated.

You can also have forms that are only accessible via HTTPS or HTTP and others that are accessibla via both protocols. In that case you need to use the property

IWForm.ConnectionMode

It can be either:

cmAny (default): HTTP and HTTPS are accepted
cmSecure: Form will only accept HTTPS
cmNonSecure: Form will only accept HTTP


The most common scenario is setting the whole application to work full time using HTTPS. In this case you should set:

1) ServerController.SSLOptions.Port = 443

2) ServerController.SSLOptions.NonSSLRequest  = nsRedirect

3) All IWForms.ConnectionMode = cmSecure

That's it. If the certificate is properly installed (it varies according to the application type), it will "just work"
Reply
#3
That's it, Alexandre, thanks a lot!
Just add a single issue that was, I was loading these variables like this:
  gIWBSLibBootstrapCss := 'http://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css';
  gIWBSLibBootstrapJs :=  'http://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js';
and need to change them to:
  gIWBSLibBootstrapCss := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css';
  gIWBSLibBootstrapJs :=  'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js';

On a previous post I ask what IWBSLibSetCDNS function loads in terms of BS variables?
I'm doing this:
  gIWBSLibJQueryJs := 'https://cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js';

  gIWBSLibBootstrapCss := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css';
  gIWBSLibBootstrapJs :=  'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js';

  gIWBSLibPolyFillerJs :=  'https://cdn.jsdelivr.net/npm/webshim@1.16.0/js-webshim/minified/polyfiller.min.js';

  gIWBSLibIWBSCss :=        'https://cdn.jsdelivr.net/gh/kattunga/IWBootstrapFramework@v2.0beta5/demo/bin/wwwroot/iwbs/iwbs.css';
  gIWBSLibIWBSJs :=        'https://cdn.jsdelivr.net/gh/kattunga/IWBootstrapFramework@v2.0beta5/demo/bin/wwwroot/iwbs/iwbs.js';

  gIWBSLibDynamicTabsCss := 'https://cdn.jsdelivr.net/npm/bootstrap-responsive-tabs@2.0.3/dist/css/bootstrap-responsive-tabs.css';
  gIWBSLibDynamicTabsJs :=  'https://cdn.jsdelivr.net/npm/bootstrap-responsive-tabs@2.0.3/dist/js/jquery.bootstrap-responsive-tabs.min.js';

  gIWBSLibSummerNoteCss :=  'https://cdn.jsdelivr.net/npm/summernote@0.8.18/dist/summernote.css';
  gIWBSLibSummerNoteJs :=  'https://cdn.jsdelivr.net/npm/summernote@0.8.18/dist/summernote.js';

Can I, regarding each one of these variables, just call IWBSLibSetCDNS ?
Reply
#4
I also converted my application from Indy to Http.sys with SSL.
Followed all instructions from https://www.atozed.com/intraweb/certmana...lications/
but when typing the name that I gave to the Certificate when creating it (Domain field), I always get the same error on the browser: ERR_CONNECTION_REFUSED

The certificate is installed, is it added a binding to it, but no go.
One question: When add SSL Binding, the port that I musto enter, is the port of the Servercontroller.Port, right?
Must I set any properties of SSLOptions.Certificate, like CertFileName, Password, etc...?
Must I copy any of the files that were created where creating the self signed certificate with iwcertificatemanager to the app folder?

I'm lost here!
Reply
#5
Hi there,


the binding must be done using the ServerController.SSLOptions.Port (usually, and I recommend that you keep it that way, unless in a test environemtn, is 443). See below:

   
Reply
#6
BTW, there is a video of one of our users Clederson Maia (in Portuguese, but you won't have problems with it ;-) showing how to generate and install a certificate using our tool IW Certificate Manager

https://www.youtube.com/watch?v=QN2AWoDx...D&index=26
Reply
#7
(01-24-2024, 05:51 AM)Alexandre Machado Wrote: BTW, there is a video of one of our users Clederson Maia (in Portuguese, but you won't have problems with it ;-) showing how to generate and install a certificate using our tool IW Certificate Manager

https://www.youtube.com/watch?v=QN2AWoDx...D&index=26

Hi Alexandre,

I'm trying to create the certificate with iwCertificateManager with option "Request Let's Encrypt Certificate" like explained on the video, but I'm always getting this error:
"Error executing requesting LE certificate: TIWLetsEncrypt.New_Order: Could not finalize certificate challenge within specific timeout"

Why is that?

I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use, when creating certificate? And witch kind of certificate? Self-signed or Let's Encrypt Certificate?
Reply
#8
>> I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use,
>> when creating certificate? And witch kind of certificate? Self-signed or Let's Encrypt Certificate?

No it is not possible. Let's Encrypt will send a request to your domain (whatever domain that you are using when requesting the certificate). That's how you "prove" that you own the domain, you see? Otherwise anyone could obtain a certificate for microsoft.com or apple.com...

If you are only developing, you can test it with a self-signed certificate. It will work just like any other certificate if you install it on the browser or on the Windows certificate store.

More about self-signed certificates here: https://www.atozed.com/intraweb/certmana...lications/
Reply
#9
(01-26-2024, 01:13 AM)Alexandre Machado Wrote: >> I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use,
>> when creating certificate? And witch kind of certificate? Self-signed or Let's Encrypt Certificate?

No it is not possible. Let's Encrypt will send a request to your domain (whatever domain that you are using when requesting the certificate). That's how you "prove" that you own the domain, you see? Otherwise anyone could obtain a certificate for microsoft.com or apple.com...

If you are only developing, you can test it with a self-signed certificate. It will work just like any other certificate if you install it on the browser or on the Windows certificate store.

More about self-signed certificates here: https://www.atozed.com/intraweb/certmana...lications/

Ok, understood.
So, on my Windows Server 2019, can you give an example on how to create a Let's Encrypt Certificate, because I already lost several hours trying this, but always get the same error:
"Error executing requesting LE certificate: TIWLetsEncrypt.New_Order: Could not finalize certificate challenge within specific timeout"

Maybe this is something trivial, but after create a subdomain on my server and hit the button "Hit here to test domain response" on the iwCertficateManager, it will pass, but when hitting Execute button to create the certificate, it will show the error above.
Can you point me in the right direction?
Thanks
Reply
#10
Are you able to call your application after installing it on your server?

I mean, if you install it on your server, are you able to call it normally via http, like http://yourdomain.com using the browser?
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)