Automatically order, download and install SSL/TLS certificates

[Angus Robertson 574]

ICS V8.58 added a new TSslX509Certs component allowing ICS servers to automatically order, download and install SSL/TLS certificates from various suppliers, including free certificates from Let's Encrypt, and commercial certificates for DigiCert, Comodo, Thawte and GeoTrust from CertCentre AG. It also acts as a private CA to issue local certificates.  

 

The TSslWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy and TIcsHttpProxy components can assign a TSslX509Certs component to support automatic certificate ordering of domain validated certificates with very little extra code. 

 

There is a new sample project OverbyteIcsX509CertsTst to demonstrate the TSslX509Certs component, which may be used as a standalone application to order X509 certificates from Let's Encrypt and CertCentre AG, and monitor the certificate orders database, and to issue own CA certificates.

 

http://wiki.overbyte.eu/wiki/index.php/FAQ_Order_SSL_Certificates

 

I'm about to revisit the TSslX509Certs component to support some Let's Encrypt changes like the new SSL challenge, so am interested in any feedback or suggestions from those that have used it,  Even just the sample application which can be used to order certificates for other web servers or applications.

 

Angus

[Edwin Yip 154]

Great! on question if you don't mind - are the installed certificates work with ICS only, or also can be integrated with other framework like mORMot? Thanks.

[Angus Robertson 574]

The X509 certificates are just files, in PEM, PCS12, or PCS7 single or bundle files, and can be copied to a UNC directory, where any server can pick them up.  They can be manually installed in the Windows store, but not automatically, yet.  The server is responsible for ordering new certificates, but the component includes a database with most of the information required.

 

Angus

[nSolvePaul 0]

{ Next symbol enables automatic SSL/TLS ordering in SocketServer and other servers }
{ Unfortunately this adds a lot of other units, HTTPS REST, Json, OAuth2, etc }
{$DEFINE AUTO_X509_CERTS}

 

I wished to use the library without this functionality.  However when I remove the AUTO_X509_CERTS the library no longer builds in Borland C++ 2007 instead I'm forced to leave it in and also I then need to link to:

#pragma link "Crypt32.lib"
#pragma link "Cryptui.lib"

in my application.

 

 

[Angus Robertson 574]

Sorry no idea, I don't do C++ and the C++ packages are unsupported.

 

Angus

 

[Donald Shimoda 0]

I need to install a website certificate to be consumed for rest client.

 

The code to install certificate from devexpress works fine but not compatible with linux.

 

aCertificate := TdxX509Certificate.Create(aFile, aPassword);

 

Can please show me a sample code for this ?

 

Best regards.

[FPiette 383]

8 hours ago, Donald Shimoda said:

The code to install certificate from devexpress works fine but not compatible with linux.

aCertificate := TdxX509Certificate.Create(aFile, aPassword);

Can please show me a sample code for this ?

You are in an ICS support forum, not a devexpress one. Please repost your question at the right place. Since devexpress is a commercial product, the best place is probably the support area at devexpress website (https://www.devexpress.com/).

[Donald Shimoda 0]

On 10/2/2021 at 1:50 AM, FPiette said:

You are in an ICS support forum, not a devexpress one. Please repost your question at the right place. Since devexpress is a commercial product, the best place is probably the support area at devexpress website (https://www.devexpress.com/).

Hi Francois, thanks for your response.

 

Im not asking for support on devexpress. Just showing an example for what i need to do with ICS.

 

As i say, this is the way i install a certificate on windows, using devexpress libraries.

 

This way works on windows but is incompatible with linux.

 

Now, my question is: which is the code to install a certificate file, on linux and windowd, using ICS libraries.

 

Thanks in advance.

 

[Angus Robertson 574]

ICS is not supported on Linux, yet.   The FAQ at the top of this thread shows how to do it on Windows, there is a sample application with source code.

 

Angus