Jump to content
Fredrik Larsson

Use TSimpleWebSrv for localhost with certificate

Recommended Posts

I have an OAuth2 where the callback needs to make a callback to https://localhost:44300 with a signed certificate.

Optimal I would use RestOAuth but that doesn't support SSL callbacks so I need to tweak that a bit and use my own server for the SSL part.

 

But I can't really figure out how to use TSimpleWebSrv fully in SSL mode. I get that I can listen to WebSrvPortSSL and that works but then what certificate to use?

It's these properties I get: 

 

SimpleWebSrv1.WebSrvCertPassword := 'password';
SimpleWebSrv1.WebSrvCertBundle := 'whattouse.pem';

 

Is there a simple way to create a self signed localhost certificate?

How would I use it?

I can't really figure it out from demos either.

 

Any input is appreciated.

 

Regards, Fredrik

 

Share this post


Link to post

Look at StartDomSrv in OverbyteIcsSslX509Certs.pas which sets up the simple web server with a newly generated localhost certificate, and CreateAcmeAlpnCert which will create a normal non-ALPN certificate if you leave KeyAuth blank, but that does not matter for your purposes.  

 

Which OAuth2 system requires HTTPS for the callback?  Seems over the top since only your local browser displays the result.  We should probably handle that in the REST component properly.

 

Angus

 

 

 

  • Thanks 1

Share this post


Link to post

Cool! I will look into that code and try it. Seems to make sense and fairly straight forward.

 

It's Visma which is a Swedish/Nordic accounting solution provider. I agree it's a bit over the top and I don't know why they have that requirement. Perhaps they are mostly considering online web applications.

 

For anyone else who needs it, this seems to work:

    SimpleWebSrv1.WebSrvCertPassword := '';
    SimpleWebSrv1.WebSrvCertBundle := '';

    lAppDir := ExtractFileDir(ParamStr(0));
    Log('Appdir=' + lAppDir);
    lCert := IncludeTrailingPathDelimiter(lAppDir) + 'cert-localhost.pem';

    if NOT FileExists(lCert) then
    begin
      if NOT SslX509Certs1.CreateAcmeAlpnCert(lCert, 'localhost', '') then
      begin

        Log('Failed to Create LocalHost Certificate: ' + lCert);
        Exit;
      end;

    end;

    SimpleWebSrv1.WebSrvCertBundle := lCert;

    if not SimpleWebSrv1.StartSrv then
      Log('Server not started)')
    else
      Log('Server started');

 

Edited by Fredrik Larsson

Share this post


Link to post

Using a self signed certificate for localhost is not going to be a very friendly OAuth2 user experience, since the browser will display certificate warnings, and not everyone can work out which buttons to click to display the real page. 

 

Does Visma have suggestions for that?  To me sounds like someone thought SSL would sound good without actually testing it.

 

Angus

 

Share this post


Link to post

Hi,

 

When I signed up it said:

 

Redirect URI: https://localhost:44300/callback

The redirect URI given above is only a temporary placeholder. Please contact us to register a redirect URI that is appropriate for your solution. Please keep in mind that we only support HTTPS protocol when you set up a redirect URI.

 

But I will write them an e-mail about desktop solutions.

 

Regards, Fredrik.

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×