tags:

views:

589

answers:

1
+2  Q: 

How to have an SSL Certificate installed in an Indy Server and seen as trusted?

Using Delphi 2007, Indy 9 to build a standalone Server working in Secure mode.

I used SSLBuddy to generate the certificate request, got a root certificate and a standard certificate from GoDaddy, a MyDomain.crt, (I selected the "other" type as web server).
I then used SSLBuddy to generate the key and cert files passed to the TIdServerIOHandlerSSL.SSLOptions with the root cert.

The server starts OK and loads the certificate, but from the calling client, I get a warning that my certificate is not from a trusted authority, even if I manually add the (GoDaddy) root certificate to the Trusted Root Certification Authorities.

Is this the correct way of doing it or what did I do wrong?
Why is my GoDaddy certificate rejected as untrusted?

Any help VERY MUCH appreciated...

+1  A: 

I have and Indy9 based web server that also handles SSL. I made it like this:

if FProxyObject.ProxySettings.SSLEnabled then
begin
  FIOHandlerSSL := TIdServerIOHandlerSSL.Create(nil);
  FIOHandlerSSL.SSLOptions.RootCertFile := FProxyObject.Certificates.RootCert;
  FIOHandlerSSL.SSLOptions.CertFile := FProxyObject.Certificates.ServerCert;
  FIOHandlerSSL.SSLOptions.KeyFile := FProxyObject.Certificates.ServerKey;
  FIOHandlerSSL.OnGetPassword := IOHandlerSSLGetPassword;
  FIOHandlerSSL.SSLOptions.Method := sslvSSLv23;
  FIOHandlerSSL.SSLOptions.Mode := sslmServer;

  FHTTPSSLServer := TIdHTTPServer.Create(nil);
  FHTTPSSLServer.ListenQueue := FProxyObject.ProxySettings.ListenQueue;
  FHTTPSSLServer.DefaultPort := FProxyObject.ProxySettings.SSLPort;
  FHTTPSSLServer.ServerSoftware := 'WebSurveyingSystem';
  FHTTPSSLServer.OnCommandGet := ServerCommandGetSSL;
  FHTTPSSLServer.IOHandler := FIOHandlerSSL;
  FHTTPSSLServer.Active := True;
end;

So you need a server certificate and a root certificate. Booth need to be from a trusted authority. You also need to define OnGetPassword like this:

procedure TProxyMain.IOHandlerSSLGetPassword(var Password: string);
begin
  Password := // set your certificate password here
end;

And that is all. From here on everything is as in normal HTTP connection as far as code goes. Just make sure your certificates are trusted and more important valid for you site URL.

Runner  2009-08-13 08:46:23
Thanks Runner, that's what I have in the code (without a proxy tho). The server starts fine and loads the certificate. The problem is that the client (not my code) considers the cert not to be from a trusted source (GoDaddy). Did you use SSLBuddy to manage the certicate?
François  2009-08-13 16:52:48
No as long as I remember (it was two years ago) I got both certificates from a trusted source. I will ask the admin, maybe he remembers what we did back then. But I did not have any problems with the certificates
Runner  2009-08-14 14:38:14

related questions

How do you implement Levenshtein distance in Delphi?
Reintroducing functions in Delphi
Does Delphi call inherited on overridden procedures if there is no explicit call
HelpInsight documentation in Delphi 2007
Is it possible to deploy a native Delphi application with ClickOnce
In Delphi 7, why can I assign a value to a const?
Best way to sort an array in delphi
What's the best Delphi book for a newbie?
Visual Studio equivalent to Delphi bookmarks
What's the idiomatic way to do async socket programming in Delphi?
64bit Memory allocation
Documenting Delphi
How to implement Type-safe COM enumerations in Delphi ?
TClientDataSet Aggregates specification aren't added automatically when creating an Aggregate field.
Multiple form Delphi applications and dialogs
Unit testing in Delphi - how are you doing it ?
How to keep track of the references to an object?
Delphi and COM: TLB and maintenance issues
Changing CURRENT save/default directory in Delphi 2007 without using Save-As
What is the best way to make a Delphi Application completely full screen ?
Are there any "mind mapping" components for Delphi? (native VCL preferably)
Delphi resources for existing .NET developer.
What is needed to get Delphi back on top?
Delphi MDI Application and the titlebar of the MDI Children
Can a windows dll retrieve its own filename?