> Message: 1
> Date: Wed, 23 May 2018 12:35 +0100 (BST)
> From: "Angus Robertson - Magenta Systems Ltd" <an...@magsys.co.uk>
> To: twsocket@lists.elists.org
> Subject: [twsocket] Major new automatic SSL/TLS X509 certificate
>       component
> Message-ID: <memo.20180523123522.15...@magsys.adsl.magsys.co.uk>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> SVN and the overnight zip have been updated with a new TSslX509Certs
> component that automatically downloads SSL/TLS X509 certificates from
> various suppliers, and a new sample application to test it. This is
> still a beta component, with a number of planned improvements that
> should be done in June, but is fully functional now for free single
> domain certificates from Let's Encrypt and commercial certifications
> from CertCentre AG.
> 
> The new component uses the recent REST, OAuth2 and Jose units, which
> also have minor changes and fixes from practical use. The Let's Encrypt
> functions use Json REST and Json Web Signatures signed by private keys,
> while the CertCentre AG functions use OAuth2 with unsigned Json REST
> requests.  There is a new sample that will order and download
> certificates, but currently none of this is integrated into
> SocketServer, which will happen in June so the process is automatic in
> background. 
> 

Hello Angus,

that sound like quite some works!
Even if I don't know whether I'll need most of it ever: many thanks for
implementing this!

TLS support in general may come in handy, but this certificate thing
requires I guess that you have a real webserver with a real non local
DNS name.

I have one DataSnap based application which provides some RestAPIs to
other apps (and it implements a simplistic status webpage as well), but
this is normally only used in a LAN and my app is not a real webserver
app. So there's no domain name (that I know of) or each customer would
have his own one and thus I used OpenSSL to generate some certificate to
allow for using TLS with my "integrated server" as well. This mostly
works but of course it brings up these "certificate is not to be
trusted" warnings. Without a proper DNS name I don't know how to solve
it. As of now the application is distributed most times for free to the
customer and it's nice if a working certificate is contained in my
installer as most of these users wouldn't know much of these certificate
things anyway.

Any better ideas?

Greetings

Markus
-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to