01-22-2024, 06:01 PM
How do I start my application (Main form) in secure mode (SSL + TLS) ?
Main form in Secure mode
|
01-22-2024, 06:01 PM
How do I start my application (Main form) in secure mode (SSL + TLS) ?
01-22-2024, 08:58 PM
Not sure if you are using Http.sys or Indy, anyway, these are the general things you need to configure (copied from another thread):
In this case, you just need to set: Code: ServerController.Port := (your HTTP port, default is 80) What will determine the behavior of the application is the property ServerController.SSLOptions.NonSSLRequest It can be either: nsAccept (default), nsRedirect and nsBlock nsAccept: incoming requests using HTTP port will be accepted and everything will run using HTTP only protocol nsRedirect: any incoming request using HTTP port will be redirected to HTTPS port (if HTTPS is enabled, i.e. you have ServerController.SSLOptions.Port > 0) nsBlock: any incomping request using HTTP port will be blocked. In this case the HTTP server won't even listen to the HTTP. No response for HTTP request will be generated. You can also have forms that are only accessible via HTTPS or HTTP and others that are accessibla via both protocols. In that case you need to use the property IWForm.ConnectionMode It can be either: cmAny (default): HTTP and HTTPS are accepted cmSecure: Form will only accept HTTPS cmNonSecure: Form will only accept HTTP The most common scenario is setting the whole application to work full time using HTTPS. In this case you should set: 1) ServerController.SSLOptions.Port = 443 2) ServerController.SSLOptions.NonSSLRequest = nsRedirect 3) All IWForms.ConnectionMode = cmSecure That's it. If the certificate is properly installed (it varies according to the application type), it will "just work"
That's it, Alexandre, thanks a lot!
Just add a single issue that was, I was loading these variables like this: gIWBSLibBootstrapCss := 'http://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css'; gIWBSLibBootstrapJs := 'http://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js'; and need to change them to: gIWBSLibBootstrapCss := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css'; gIWBSLibBootstrapJs := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js'; On a previous post I ask what IWBSLibSetCDNS function loads in terms of BS variables? I'm doing this: gIWBSLibJQueryJs := 'https://cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js'; gIWBSLibBootstrapCss := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css'; gIWBSLibBootstrapJs := 'https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js'; gIWBSLibPolyFillerJs := 'https://cdn.jsdelivr.net/npm/webshim@1.16.0/js-webshim/minified/polyfiller.min.js'; gIWBSLibIWBSCss := 'https://cdn.jsdelivr.net/gh/kattunga/IWBootstrapFramework@v2.0beta5/demo/bin/wwwroot/iwbs/iwbs.css'; gIWBSLibIWBSJs := 'https://cdn.jsdelivr.net/gh/kattunga/IWBootstrapFramework@v2.0beta5/demo/bin/wwwroot/iwbs/iwbs.js'; gIWBSLibDynamicTabsCss := 'https://cdn.jsdelivr.net/npm/bootstrap-responsive-tabs@2.0.3/dist/css/bootstrap-responsive-tabs.css'; gIWBSLibDynamicTabsJs := 'https://cdn.jsdelivr.net/npm/bootstrap-responsive-tabs@2.0.3/dist/js/jquery.bootstrap-responsive-tabs.min.js'; gIWBSLibSummerNoteCss := 'https://cdn.jsdelivr.net/npm/summernote@0.8.18/dist/summernote.css'; gIWBSLibSummerNoteJs := 'https://cdn.jsdelivr.net/npm/summernote@0.8.18/dist/summernote.js'; Can I, regarding each one of these variables, just call IWBSLibSetCDNS ?
I also converted my application from Indy to Http.sys with SSL.
Followed all instructions from https://www.atozed.com/intraweb/certmana...lications/ but when typing the name that I gave to the Certificate when creating it (Domain field), I always get the same error on the browser: ERR_CONNECTION_REFUSED The certificate is installed, is it added a binding to it, but no go. One question: When add SSL Binding, the port that I musto enter, is the port of the Servercontroller.Port, right? Must I set any properties of SSLOptions.Certificate, like CertFileName, Password, etc...? Must I copy any of the files that were created where creating the self signed certificate with iwcertificatemanager to the app folder? I'm lost here!
01-24-2024, 05:48 AM
01-24-2024, 05:51 AM
BTW, there is a video of one of our users Clederson Maia (in Portuguese, but you won't have problems with it ;-) showing how to generate and install a certificate using our tool IW Certificate Manager
https://www.youtube.com/watch?v=QN2AWoDx...D&index=26 (01-24-2024, 05:51 AM)Alexandre Machado Wrote: BTW, there is a video of one of our users Clederson Maia (in Portuguese, but you won't have problems with it ;-) showing how to generate and install a certificate using our tool IW Certificate Manager Hi Alexandre, I'm trying to create the certificate with iwCertificateManager with option "Request Let's Encrypt Certificate" like explained on the video, but I'm always getting this error: "Error executing requesting LE certificate: TIWLetsEncrypt.New_Order: Could not finalize certificate challenge within specific timeout" Why is that? I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use, when creating certificate? And witch kind of certificate? Self-signed or Let's Encrypt Certificate?
01-26-2024, 01:13 AM
(This post was last modified: 01-26-2024, 01:14 AM by Alexandre Machado.)
>> I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use,
>> when creating certificate? And witch kind of certificate? Self-signed or Let's Encrypt Certificate? No it is not possible. Let's Encrypt will send a request to your domain (whatever domain that you are using when requesting the certificate). That's how you "prove" that you own the domain, you see? Otherwise anyone could obtain a certificate for microsoft.com or apple.com... If you are only developing, you can test it with a self-signed certificate. It will work just like any other certificate if you install it on the browser or on the Windows certificate store. More about self-signed certificates here: https://www.atozed.com/intraweb/certmana...lications/
01-26-2024, 01:04 PM
(01-26-2024, 01:13 AM)Alexandre Machado Wrote: >> I'm trying to implement this on may machine, not on a server, just on my PC. Is it possible? If so, what's the domain that I must use, Ok, understood. So, on my Windows Server 2019, can you give an example on how to create a Let's Encrypt Certificate, because I already lost several hours trying this, but always get the same error: "Error executing requesting LE certificate: TIWLetsEncrypt.New_Order: Could not finalize certificate challenge within specific timeout" Maybe this is something trivial, but after create a subdomain on my server and hit the button "Hit here to test domain response" on the iwCertficateManager, it will pass, but when hitting Execute button to create the certificate, it will show the error above. Can you point me in the right direction? Thanks
02-01-2024, 04:05 AM
Are you able to call your application after installing it on your server?
I mean, if you install it on your server, are you able to call it normally via http, like http://yourdomain.com using the browser? |
« Next Oldest | Next Newest »
|