Json 0 Posted June 25 Trying to load a website with TWebBrowser, the site have self signed certificates which will be flagged as not safe. I am ending up with a blank page. TWebBrowser.OnDidFailLoadWithError never trigger. The blank page occur on IOS and Android. On Windows there is a warning page, (NET::ERR_CERT_AUTHORITY_INVALID) What is the best way of catching the certificate errors or even better ignore them so the page can load? The application is only talking with its own web servers so the security isn't a problem here. Share this post Link to post
Angus Robertson 574 Posted June 25 The best solution is for the web server to provide valid SSL certificates, Let's Encrypt for public hosts, your own CA for internal domains. For your own CA, the root certificate needs to be installed on client devices, easy for Windows, less easy for mobiles. The ICS component library does all this automatically for ICS web servers, but can also generate certificates for other web servers. Angus Share this post Link to post
Brandon Staggs 278 Posted June 25 6 hours ago, Json said: Trying to load a website with TWebBrowser, the site have self signed certificates which will be flagged as not safe. I am ending up with a blank page. TWebBrowser.OnDidFailLoadWithError never trigger. The blank page occur on IOS and Android. On Windows there is a warning page, (NET::ERR_CERT_AUTHORITY_INVALID) What is the best way of catching the certificate errors or even better ignore them so the page can load? The application is only talking with its own web servers so the security isn't a problem here. Angus is right. If you want to ignore the self-signed SSL then you should just use a plain http connection in the first place. If you've gone through the trouble of installing a self-signed cert on the server, you may as well add it to the client so you complete the circle. If you can't use a self-signed cert on your client devices, then use Let's Encrypt instead of self-signing. Share this post Link to post
Json 0 Posted June 26 Yes I agree with you all. The problem is customer tends to use that sort of solutions in their test environments. So at least catch the errors is needed. More code to look after but will be replacing TWebBrowser with my own TcatchSSLErrorWebBrowser. Share this post Link to post
Angus Robertson 574 Posted June 26 ICS used to use self signed SSL/TLS certificates when there was nothing better, but issuing your own CA signed certificates is almost as easy and more friendly. ICS has a sample that does it manually, or the servers do it automatically, there is also a function to install the ICS root CA into the Windows store for clients. Angus 1 Share this post Link to post