How to let KbmMw web server support https?
In fact, kbmmw supports https in several ways:
1. Use isapi to deploy to iis or apache, use the https function of iis or apache;
2. By proxy, use the https feature using iis or apache.
Today, https support is achieved through kbmmw’s native indy approach.
Because it is a test, it is impossible to use a real certificate service. To apply to commercial use, apply for a commercial certificate.
This is just an explanation of the implementation.
First we use our previous web server program.
Add a TkbmMWTCPIPIndyServerTransport to the server, rename it to sslt, set the binding port 443, and streamformat
Set to AJAX.
And set the event:
procedure TForm1.ssltConnect(AContext: TIdContext); begin if AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase then TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough:=false; end;
Put another TIdServerIOHandlerSSLOpenSSL and set the necessary parameters as shown in the figure;
Note that IdContext is added to the cell reference.
It should now be compiled, but ssl hasn’t worked yet.
Now you need to generate the relevant key and certificate files for ssl.
Since indy is implemented with openssl certificate. We have to download an openssl first.
Without Linux, you can use the windows version of the official website directly.
Download http://www.openssl.org/related/binaries.html here
The file I downloaded is named Win32OpenSSL-1_0_1h.exe.
Installed on the system, a black window will appear when running.
Enter the command genrsa -des3 -out kbmmw.key 1024
The screen lets you enter the password for the key and just enter a string. To lose twice, keep it consistent.
The key file is now generated and efforts continue to generate a certificate file.
Copy a copy of openssl.cfg in the openssl directory and name it openssl.cnf.
Or the command line:
Req -new -x509 -days 365 -key kbmmw.key -out kbmmw.crt -config openssl.cnf
Enter your password and fill in the appropriate country, organization, name, email, and more.
Once completed, a certificate is generated.
Put these two files in a fixed directory.
For example d:\crt.
Go back to our delphi program.
Start setting the relevant properties.
And join the event.
procedure TForm1.sslGetPassword(var Password: string); begin Password:='yourpassword'; end;
Finally, hook the ssl handler to the sslt object.
Before the server is activated, add the following code:
Ok, everything is set up and ready to launch.
Compile and run, start the server.
Note that you must turn off the 443 port program on your machine. For example vmware.
Enter https://127.0.0.1 in the browser.
Will appear for the first time
Explain that this certificate is fake and that our system is working properly.
Confirm this exception.
You can access the web normally through https.