Server SSL
Click here to see this page in full context

TsgcWebSocketServer | Server SSL

Server can be configured to use SSL Certificates, in order to get a Production Server with a server certificate, you must purchase a Certificate from a well known provider: Namecheap, godaddy, Thawte... For testing purposes you can use a self-signed certificate (check out in Demos/Chat which uses a self-signed certificate).

 

Certificate must be in PEM format, PEM (from Privacy Enhanced Mail) is defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. To create a single pem certificate, just open your private key file, copy the contents and paste on certificate file.

 

Example:

 

certificate.crt

 

-----BEGIN CERTIFICATE-----

.....

-----END CERTIFICATE-----

 

certificate.key

 

-----BEGIN PRIVATE KEY-----

.....

-----END PRIVATE KEY-----

 

certificate.pem

 

-----BEGIN PRIVATE KEY-----

.....

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

.....

-----END CERTIFICATE-----

 

 

To enable SSL, just enable SSL property and configure the paths to CertFile, KeyFile and RootFile. If certificate contains entire certificate (public key, private key...) just set all paths to the same certificate.

 

Another property you must set is SSLOptions.Port, this is the port used for secure connections.

 

Simple SSL Configuration

Example: configure SSL in IP 127.0.0.1 and Port 443

 


oServer := TsgcWebSocketServer.Create(nil);
oServer.SSL := true;
oServer.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.Port := 443;
oServer.Port := 443;
oServer.Active := true;

 

SSL and None SSL

You can allow to server, to listening more than one IP and Port, check Binding article which explains how works. Server can be configured to allow SSL connections and None SSL connections at the same time (of course listening on different ports). You only need to bind to 2 different ports and configure port for ssl connections and port for none ssl connections.

 

Example: configure server in IP 127.0.0.1, port 80 (none encrypted) and 443 (SSL)

 


oServer := TsgcWebSocketServer.Create(nil);
With oServer.Bindings.Add do
begin
  IP := '127.0.0.1';
  Port := 80;
end;
With oServer.Bindings.Add do
begin
  IP := '127.0.0.1';
  Port := 443;
end;
oServer.Port := 80;
oServer.SSL := true;
oServer.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.Port := 443;
oServer.Active := true;