Atozed Forums
SSL - Where to get instructions - Printable Version

+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: SSL - Where to get instructions (/thread-1286.html)



SSL - Where to get instructions - Quinn Anderson - 10-04-2019

Greetings, my IW Compadres



Has anyone done a standalone server with SSL recently?

Hunted high and low and gathered information from various search results.

Tried everything we have read plus everything we could think of.

The problem is not the certificates / pem files.

Wrote a test app in another language to prove that.

Err is - Cannot load root certificates

Is there a definitive instruction document for activating SSL in IW ?






Thanks, q.


RE: SSL - Where to get instructions - kudzu - 10-04-2019

==== copied from other posts ====
Basic SSL configuration for IW
From: https://forums.embarcadero.com/thread.jspa?messageID=873918#873918

Daniel:

You might want to purchase a UCC certificate, which would allow you to secure up to 99 additional Subject Alternative Names (SANs) in a single certificate. With that you could cover the IP and the sub-domain in question.

Once you get the certificate installed it is very easy to implement in your application. You just go to the ServerController.SSLOptions. You set CertificatePassword, Port and SSLVersion properties. You then have to set your application's first form's ConnectionType to cmSecure. I usually do that with my splash screen (page). All pages that the user navigates to will remain secured unless you specifically turn off the security in code.

I have all of my applications hosted at Rackspace and my domains and SSL certificates are through Go Daddy.

Daniel:

I'm sure you know there is more detail involved in the certificate request. Here are the steps that have worked best for me.
I. Generate a CSR. The link below is really detailed on each step of this process.
http://www.techrepublic.com/blog/how-do-i/how-do-i-request-and-install-ssl-certificates-in-iis-70/

II. Export a PFX file from your IIS server.

1. Run mmc.exe
2. Click the 'Console' menu and then click 'Add / Remove Snap-in'.
3. Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
4. Select 'Computer Account' then click 'Next'.
5. Select 'Local Computer' and then click 'OK'.
6. Click 'Close' and then click 'OK'.
7. Expand the menu for 'Certificates' and click on the 'Personal' folder.
8. Right click on the certificate that you want to export and select 'All tasks' -> 'Export'.

A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file. From here you get cert.pem and key.pem files. I have to go back through my notes for the details on this step. I have not had to do this in a while. I'll update this step later.
III. Create root.pem

1. Open MMC and add the certificates snap-in.
2. Expand Console Root to
a. Intermediate Certificate Authorities
i. Certificates
3. Select "Go Daddy Secure Authority - G2".
a. Do not select the Go Daddy Root certificate!
4. Right-click and select Export
a. Select the Base 64 format
b. Save to root.crt

Rename root.crt to root.pem

IV. Install into your application

1. Copy root.pem, cert.pem and key.pem into the project folder for your application.
2. Go to ServerController and set the SSLOptions: CertificatePassword, Port and SSLVersion.
3. Set your application's main form ConnectionMode to cmSecure.

If you have IIS running on this server, you cannot use port 443 for your application because IIS is using it. You can use any other available port, like 8443.
Also see:
https://forums.embarcadero.com/thread.jspa?messageID=884440#884440