> Message: 1 > Date: Wed, 23 May 2018 12:35 +0100 (BST) > From: "Angus Robertson - Magenta Systems Ltd" <an...@magsys.co.uk> > To: twsocket@lists.elists.org > Subject: [twsocket] Major new automatic SSL/TLS X509 certificate > component > Message-ID: <memo.20180523123522.15...@magsys.adsl.magsys.co.uk> > Content-Type: text/plain; charset="iso-8859-1" > > SVN and the overnight zip have been updated with a new TSslX509Certs > component that automatically downloads SSL/TLS X509 certificates from > various suppliers, and a new sample application to test it. This is > still a beta component, with a number of planned improvements that > should be done in June, but is fully functional now for free single > domain certificates from Let's Encrypt and commercial certifications > from CertCentre AG. > > The new component uses the recent REST, OAuth2 and Jose units, which > also have minor changes and fixes from practical use. The Let's Encrypt > functions use Json REST and Json Web Signatures signed by private keys, > while the CertCentre AG functions use OAuth2 with unsigned Json REST > requests. There is a new sample that will order and download > certificates, but currently none of this is integrated into > SocketServer, which will happen in June so the process is automatic in > background. >
Hello Angus, that sound like quite some works! Even if I don't know whether I'll need most of it ever: many thanks for implementing this! TLS support in general may come in handy, but this certificate thing requires I guess that you have a real webserver with a real non local DNS name. I have one DataSnap based application which provides some RestAPIs to other apps (and it implements a simplistic status webpage as well), but this is normally only used in a LAN and my app is not a real webserver app. So there's no domain name (that I know of) or each customer would have his own one and thus I used OpenSSL to generate some certificate to allow for using TLS with my "integrated server" as well. This mostly works but of course it brings up these "certificate is not to be trusted" warnings. Without a proper DNS name I don't know how to solve it. As of now the application is distributed most times for free to the customer and it's nice if a working certificate is contained in my installer as most of these users wouldn't know much of these certificate things anyway. Any better ideas? Greetings Markus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
