Jump to content
Json

TWebBrowser - how catch or ignore ssl and certificate errors?

By Json, in Cross-platform

Recommended Posts

Json    0

Json
Posted

Trying to load a website with TWebBrowser, the site have self signed certificates which will be flagged as not safe.

I am ending up with a blank page.  TWebBrowser.OnDidFailLoadWithError never trigger.

 

The blank page occur on IOS and Android. On Windows there is a warning page, (NET::ERR_CERT_AUTHORITY_INVALID)

 

What is the best way of catching the certificate errors or even better ignore them so the page can load?

The application is only talking with its own web servers so the security isn't a problem here.

 

Share this post

Link to post

Angus Robertson    547

Angus Robertson
Posted

The best solution is for the web server to provide valid SSL certificates, Let's Encrypt for public hosts, your own CA for internal domains.   For your own CA, the root certificate needs to be installed on client devices, easy for Windows, less easy for mobiles. 

 

The ICS component library does all this automatically for ICS web servers, but can also generate certificates for other web servers.

 

Angus

 

Share this post

Link to post

Brandon Staggs    231

Brandon Staggs
Posted
6 hours ago, Json said:

Trying to load a website with TWebBrowser, the site have self signed certificates which will be flagged as not safe.

I am ending up with a blank page.  TWebBrowser.OnDidFailLoadWithError never trigger.

 

The blank page occur on IOS and Android. On Windows there is a warning page, (NET::ERR_CERT_AUTHORITY_INVALID)

 

What is the best way of catching the certificate errors or even better ignore them so the page can load?

The application is only talking with its own web servers so the security isn't a problem here.

 

Angus is right. If you want to ignore the self-signed SSL then you should just use a plain http connection in the first place. If you've gone through the trouble of installing a self-signed cert on the server, you may as well add it to the client so you complete the circle. If you can't use a self-signed cert on your client devices, then use Let's Encrypt instead of self-signing.

Share this post

Link to post

Json    0

Json
Posted

Yes I agree with you all.

 

The problem is customer tends to use that sort of solutions in their test environments.

So at least catch the errors is needed.

 

More code to look after but will be replacing TWebBrowser with my own TcatchSSLErrorWebBrowser.

 

 

 

 

 

Share this post

Link to post

Angus Robertson    547

Angus Robertson
Posted

ICS used to use self signed SSL/TLS certificates when there was nothing better, but issuing your own CA signed certificates is almost as easy and more friendly.

 

ICS has a sample that does it manually, or the servers do it automatically, there is also a function to install the ICS root CA into the Windows store for clients. 

 

Angus

 

  • Thanks 1

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Cross-platform
×