In fact, kbmmw supports https in several ways:

1. Use isapi to deploy to iis or apache, use the https function of iis or apache;

2. By proxy, use the https feature using iis or apache.


Today, https support is achieved through kbmmw’s native indy approach.

Because it is a test, it is impossible to use a real certificate service. To apply to commercial use, apply for a commercial certificate.

This is just an explanation of the implementation.


First we use our previous web server program.

Add a TkbmMWTCPIPIndyServerTransport to the server, rename it to sslt, set the binding port 443, and streamformat

Set to AJAX.

And set the event:

procedure TForm1.ssltConnect(AContext: TIdContext);
  if AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase then

Put another TIdServerIOHandlerSSLOpenSSL and set the necessary parameters as shown in the figure;

Note that IdContext is added to the cell reference.

It should now be compiled, but ssl hasn’t worked yet.


Now you need to generate the relevant key and certificate files for ssl.


Since indy is implemented with openssl certificate. We have to download an openssl first.

Without Linux, you can use the windows version of the official website directly.

Download here

The file I downloaded is named Win32OpenSSL-1_0_1h.exe.

Installed on the system, a black window will appear when running.

Enter the command genrsa -des3 -out kbmmw.key 1024

The screen lets you enter the password for the key and just enter a string.  To lose twice, keep it consistent.

The key file is now generated and efforts continue to generate a certificate file.

Copy a copy of openssl.cfg in the openssl directory and name it openssl.cnf.

Or the command line:

Req -new -x509 -days 365 -key kbmmw.key -out kbmmw.crt -config openssl.cnf

Enter your password and fill in the appropriate country, organization, name, email, and more.

Once completed, a certificate is generated.

Put these two files in a fixed directory.

For example d:\crt.

Go back to our delphi program.

Start setting the relevant properties.

And join the event.

procedure TForm1.sslGetPassword(var Password: string);

Finally, hook the ssl handler to the sslt object.

Before the server is activated, add the following code:


As shown

Ok, everything is set up and ready to launch.

Compile and run, start the server.


Note that you must turn off the 443 port program on your machine. For example vmware.

Enter in the browser.

Will appear for the first time

Explain that this certificate is fake and that our system is working properly.

Confirm this exception.

You can access the web normally through https.