IndyHTTPS and a signing token

[davidbaxter]

I want to make my Intraweb app work via https as well as http. Looking at the IndyHTTPS example (I don't have a license for HttpSys), it talks all about getting a self-signed certificate. I have a current code signing certificate, but it works with the usb token they sent me and the SafeNet application. How does one use the token with Intraweb to get an https finished app? Thank you.

[rlebeau]

You can't use a code signing certificate for HTTPs. You need a separate TLS certificate instead.

See: Code Signing Certificates vs TLS/SSL Certificates: Everything You Need to Know

You can use OpenSSL or other similar tools to create a TLS certificate that is usable with HTTPS. Self-signed just means that the certificate is signed with its own private key instead of from a trusted CA (certificate authority).

[davidbaxter]

I know I can generate a self-signed certificate, but doesn't it pop up a message when somebody uses the app? I'll admit ignorance, so do I ask my certificate provider if a TLS certificate comes with my couple hundred dollar token?

[rlebeau]

I know I can generate a self-signed certificate, but doesn't it pop up a message when somebody uses the app?

By default, yes. Anyone can create a self-signed TLS certificate. If the client and server don't both trust the signer then the connection can't be secured. So, if you want to avoid the warning then the client needs to install the root certificate that signed the server's TLS certificate. And vice versa if you want the server to verify the client.

I'll admit ignorance, so do I ask my certificate provider if a TLS certificate comes with my couple hundred dollar token?

I can't answer that.