Server SSL
Click here to see this page in full context

TsgcWebSocketServer | Server SSL

Server can be configured to use SSL Certificates, in order to get a Production Server with a server certificate, you must purchase a Certificate from a well known provider: Namecheap, godaddy, Thawte... For testing purposes you can use a self-signed certificate (check out in Demos/Chat which uses a self-signed certificate).

 

Certificate must be in PEM format, PEM (from Privacy Enhanced Mail) is defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. To create a single pem certificate, just open your private key file, copy the contents and paste on certificate file.

 

Example:

 

certificate.crt

 

-----BEGIN CERTIFICATE-----

.....

-----END CERTIFICATE-----

 

certificate.key

 

-----BEGIN PRIVATE KEY-----

.....

-----END PRIVATE KEY-----

 

certificate.pem

 

-----BEGIN PRIVATE KEY-----

.....

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

.....

-----END CERTIFICATE-----

 

 

To enable SSL, just enable SSL property and configure the paths to CertFile, KeyFile and RootFile. If certificate contains entire certificate (public key, private key...) just set all paths to the same certificate.

 

Another property you must set is SSLOptions.Port, this is the port used for secure connections.

 

Simple SSL Configuration

Example: configure SSL in IP 127.0.0.1 and Port 443

 


oServer := TsgcWebSocketServer.Create(nil);
oServer.SSL := true;
oServer.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.Port := 443;
oServer.Port := 443;
oServer.Active := true;

 

SSL and None SSL

You can configure the server to listen on more than one IP and port; check the Binding article which explains how it works. The server can be configured to allow SSL connections and non-SSL connections at the same time (of course, listening on different ports). You only need to bind to two different ports and configure one port for SSL connections and another port for non-SSL connections.

 

Example: configure server in IP 127.0.0.1, port 80 (none encrypted) and 443 (SSL)

 


oServer := TsgcWebSocketServer.Create(nil);
With oServer.Bindings.Add do
begin
  IP := '127.0.0.1';
  Port := 80;
end;
With oServer.Bindings.Add do
begin
  IP := '127.0.0.1';
  Port := 443;
end;
oServer.Port := 80;
oServer.SSL := true;
oServer.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.Port := 443;
oServer.Active := true;