In previous articles, I introduced KBMMW as a Web server.
A few days ago, red fish did not want me to make him a Web server that supports HTTPS.
In fact, KBMMW supports HTTPS in several ways:
1. Use ISAPI to deploy to IIS or Apache, using the HTTPS functionality of IIS or Apache;
2. Use the HTTPS feature of IIS or Apache using proxy mode.
HTTPS support is implemented today through the native indy mode of KBMMW.
Because it is a test, it is impossible to use real Certificate Services. To apply to commercial use, apply for a commercial certificate.
This is just a description of how it is implemented.
First we take advantage of our previous Web server programs.
Add a tkbmmwtcpipindyservertransport on this server, rename sslt, set the binding port 443, and Streamformat
Set to Ajax.
and set the event:
Procedure Tform1.ssltconnect (acontext:tidcontext); begin If AContext.Connection.IOHandler is Tidssliohandlersocketbase then tidssliohandlersocketbase (AContext.Connection.IOHandler). Passthrough:=false;end;
Then put a tidserveriohandlersslopenssl, set the necessary parameters;
Note that the idcontext is added to the cell reference.
It should be possible to compile now, but SSL has not yet worked.
Now you need to generate the relevant key and certificate file for SSL.
Since Indy is a certificate implemented with OpenSSL. We want to download a OpenSSL first.
Without Linux, you can use the Windows version of the official website directly.
Download the http://www.openssl.org/related/binaries.html here
The file I downloaded is named Win32openssl-1_0_1h.exe.
Installed on the system, a black window will appear when running.
Input command Genrsa-des3-out Kbmmw.key 1024
The screen lets you enter the key's password and randomly loses a string. This is xalion. To lose two times, keep the same.
Now that the key file is generated, continue working to generate the certificate file.
A copy of the openssl.cfg in the OpenSSL directory is named OPENSSL.CNF.
or the command line:
req-new-x509-days 365-key kbmmw.key-out kbmmw.crt -config openssl.cnf
Enter the password, and then fill in the appropriate country, organization, name, mail and other information.
After filling out, a certificate is generated.
Put these two files in a fixed directory.
such as D:\CRT.
Back to our Delphi program earlier.
Start setting the related properties.
and join the event.
Procedure Tform1.sslgetpassword (var password:string); Begin password:= ' xalion '; end;
Finally, attach the SSL processing to the Sslt object.
Before the server activates, add the following code:
Sslt. Idtcpserver.iohandler:=ssl;
OK, everything is set and ready for launch.
Compile the run and start the server.
Note that you must turn off the 443-port program on your machine. For example, VMware.
Enter https://127.0.0.1 inside the browser.
The first time there will be
Stating that the certificate is false and that our system is working properly.
Confirm the exception.
You can access the web normally via HTTPS
All right, that's all.