Jump to content
Angus Robertson

Automatically order, download and install SSL/TLS certificates

Recommended Posts

ICS V8.58 added a new TSslX509Certs component allowing ICS servers to automatically order, download and install SSL/TLS certificates from various suppliers, including free certificates from Let's Encrypt, and commercial certificates for DigiCert, Comodo, Thawte and GeoTrust from CertCentre AG. It also acts as a private CA to issue local certificates.  

 

The TSslWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy and TIcsHttpProxy components can assign a TSslX509Certs component to support automatic certificate ordering of domain validated certificates with very little extra code. 

 

There is a new sample project OverbyteIcsX509CertsTst to demonstrate the TSslX509Certs component, which may be used as a standalone application to order X509 certificates from Let's Encrypt and CertCentre AG, and monitor the certificate orders database, and to issue own CA certificates.

 

http://wiki.overbyte.eu/wiki/index.php/FAQ_Order_SSL_Certificates

 

I'm about to revisit the TSslX509Certs component to support some Let's Encrypt changes like the new SSL challenge, so am interested in any feedback or suggestions from those that have used it,  Even just the sample application which can be used to order certificates for other web servers or applications.

 

Angus

  • Like 3
  • Thanks 1

Share this post


Link to post

Great! on question if you don't mind - are the installed certificates work with ICS only, or also can be integrated with other framework like mORMot? Thanks.

Share this post


Link to post

The X509 certificates are just files, in PEM, PCS12, or PCS7 single or bundle files, and can be copied to a UNC directory, where any server can pick them up.  They can be manually installed in the Windows store, but not automatically, yet.  The server is responsible for ordering new certificates, but the component includes a database with most of the information required.

 

Angus

  • Thanks 1

Share this post


Link to post
{ Next symbol enables automatic SSL/TLS ordering in SocketServer and other servers }
{ Unfortunately this adds a lot of other units, HTTPS REST, Json, OAuth2, etc }
{$DEFINE AUTO_X509_CERTS}

 

I wished to use the library without this functionality.  However when I remove the AUTO_X509_CERTS the library no longer builds in Borland C++ 2007 instead I'm forced to leave it in and also I then need to link to:

#pragma link "Crypt32.lib"
#pragma link "Cryptui.lib"

in my application.

 

 

Share this post


Link to post

I need to install a website certificate to be consumed for rest client.

 

The code to install certificate from devexpress works fine but not compatible with linux.

 

aCertificate := TdxX509Certificate.Create(aFile, aPassword);

 

Can please show me a sample code for this ?

 

Best regards.

Share this post


Link to post
8 hours ago, Donald Shimoda said:

The code to install certificate from devexpress works fine but not compatible with linux.

aCertificate := TdxX509Certificate.Create(aFile, aPassword);

Can please show me a sample code for this ?

You are in an ICS support forum, not a devexpress one. Please repost your question at the right place. Since devexpress is a commercial product, the best place is probably the support area at devexpress website (https://www.devexpress.com/).

Share this post


Link to post
On 10/2/2021 at 1:50 AM, FPiette said:

You are in an ICS support forum, not a devexpress one. Please repost your question at the right place. Since devexpress is a commercial product, the best place is probably the support area at devexpress website (https://www.devexpress.com/).

Hi Francois, thanks for your response.

 

Im not asking for support on devexpress. Just showing an example for what i need to do with ICS.

 

As i say, this is the way i install a certificate on windows, using devexpress libraries.

 

This way works on windows but is incompatible with linux.

 

Now, my question is: which is the code to install a certificate file, on linux and windowd, using ICS libraries.

 

Thanks in advance.

 

Share this post


Link to post

ICS is not supported on Linux, yet.   The FAQ at the top of this thread shows how to do it on Windows, there is a sample application with source code.

 

Angus

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×