Reputation: 6364
Simple TIdHttpServer Example supporting SSL
Hoping someone can provide me a simple TIdHttpServer example which supports SSL. Using Delphi2007 and Indy10. I have the following to create/setup the server and ioHandler:
ServerIOHandler := TIdServerIOHandlerSSLOpenSSL.Create(self);
ServerIOHandler.SSLOptions.CertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.KeyFile := 'mycert.pem';
ServerIOHandler.SSLOptions.RootCertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.Method := sslvSSLv23;
ServerIOHandler.SSLOptions.Mode := sslmServer;
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
IdHTTPServer1 := TIdHTTPServer.Create;
IdHTTPServer1.AutoStartSession := True;
IdHTTPServer1.SessionState := True;
IdHTTPServer1.OnCommandGet := IdHTTPServer1CommandGet;
idHttpServer1.ParseParams := True;
idHttpServer1.DefaultPort := 80;
idHttpServer1.IOHandler := ServerIOHandler;
IdHTTPServer1.Active := True;
mycert.pem was created using openssl with this command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
Right away I think there is something wrong because I am using the same file for CertFile, KeyFile, RootCertFile.
I entered blanks for prompts with the exception being the common name. That I was sure to set to the domain name I am using (let's say hypothetically it is myexample.com).
In a browser if I hit http://myexample.com results in exception: Error accepting connection with SSL. Hitting https://myexample.com never makes it to my code.
January 30 NOTE - I used sslbuddy to generate the keys. And this still did not work. I then commented out the following lines and it worked:
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
Upvotes: 4
Views: 14976
Answers (1)
Reputation: 8088
If you want to listen on 443, you need to bind to it... (If you want normal HTTP traffic as well bind also to 80)
IdHTTPServer1.Bindings.Add.Port := 80;
IdHTTPServer1.Bindings.Add.Port := 443;
If listening to more than one port for HTTP and HTTPS, when processing connections you need to allow for either normal or encrypted traffic depending on the port number. There's an OnQuerySSLPort event that you need to use to disable SSL on port 80.
About certificates... it depends if you are using your own CA or using a well established public CA. Just be aware you should also be setting the OnGetPassword event (ServerIOHandler) in order to tell the server your key password.
Upvotes: 4
Related Questions
- Delphi 11 TIdHTTP.Get results in Could not load SSL Library
- How can I support SSL and non-SSL traffic on the same port using TIdHTTPServer and OpenSSL?
- Using Indy 10 IdHTTP with TLS 1.2
- Can't connect to Indy TIdHttpServer with TLS
- Indy TIdhttp.Get is not loading proper version of SSL
- TIdHTTP and TLS SNI doesnt work
- Cannot connect to TIdHTTPServer from TIdHTTP in delphi
- SSL TIdHTTP with Socks
- TIdTCPClient to SSL
- Authorization failure TIdHTTP over HTTPS