Build ssl website with Delphi Unigui
1.C++Builder10.2.2 tokyo
2. FMSoft_uniGUI_Complete_Professional_1.10.0build1462 (Genuine)
This article will introduce how to implement https encrypted access in the UniGUI program, the contents of this part of the FMSOFT help files have a detailed explanation, help files in the unigui installation directory C:\Program Files (x86)\FMSoft\Framework\uniGUI\Docs,Website Security Certificate You can either purchase a certificate from an authoritative certification center or create your own certificate for research purposes. This article will use OPENSSL to create your own certificate.
I. Create a certificate
Visit the OPENSSL website at https://slproweb.com/products/Win32OpenSSL.html to download an installer, I downloaded the fourth 64-bit full installer package. After downloading the package, it will be installed by default.
Then go to the dos directory C:\OpenSSL-Win64\bin and follow the instructions below to create the certificate.
- Create a root certificate openssl genrsa -out root.key 1024
You can also create a root certificate with a password.
openssl genrsa -des3 -out root.key 1024- Then sign the root certificate.
openssl req -x509 -days 365 -new -nodes -key root.key -out root.pem
If your root certificate has a password then use the following command
openssl req -x509 -days 365 -new -key root.key -out root.pem
Now you will be prompted to provide several details needed to sign your certificate. You will also be prompted for a password if your root.key file was created with a password in the first step.
Enter pass phrase for root.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FMSoft
Organizational Unit Name (eg, section) []:R&D
Common Name (eg, YOUR name) []:Farshad Mohajeri
Email Address []:info@fmsoft.net
Note: 365 is the number days the certificate will remain valid.
This will place a new root.pem file in the current folder. This file will be used in your uniGUI server.
3. Create a self-signed key
The next step is to generate a self-signed key. This step will produce the key.pem and cert.pem files.
At command prompt issue the following command:
openssl req -x509 -days 365 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem
Again, you’ll be asked several questions.
Loading ‘screen’ into random state – done
Generating a 1024 bit RSA private key
……..++++++
…..++++++
writing new private key to ‘key.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FMSoft
Organizational Unit Name (eg, section) []:R&D
Common Name (e.g. server FQDN or YOUR name) []:Farshad Mohajeri
Email Address []:info@fmsoft.net
To create the same key with a password use this command:
openssl req -x509 -days 365 -newkey rsa:1024 -keyout key.pem -out cert.pem
This time you’ll have to enter a password:
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
This password should be assigned to SSL->SSLPassword parameter of UniServerModule. (See SSL Configuration )
When all above procedures are completed, you will end up with three files named root.pem, key.pem and cert.pem which are required to setup and run your project in SSL mode. These files must be placed in the same folder as your server executable binary.
Collect the root.pem, key.pem, and cert.pem files created above, and copy them to the execution file statistics directory D:\testSSL\Win32\Debug of the project created later.
At the same time, copy the uniGUI installation directory C:\Program Files (x86)\FMSoft\Framework\uniGUI\SSL\dll\x86 under the files libeay32.dll and ssleay32.dll to D:\testSSL\Win32\Debug.
Second, create a WEB project
1.Create a project with the following interface layout, save it under d:\testSSL
Place some uni controls under MainForm in the main window to demonstrate WEB.
- Set SSL properties of ServerModule
SSL->Enabled = True
SSL->SSLOptions->CertFile = cert.pem
SSL->SSLOptions->KeyFile = key.pem
SSL->SSLOptions->RootCertFile = root.pem
SSL->Method=sslvSSLv3
If the certificate sets a password, set the password property SSL->SSLPassword = [Password]
1) If ServerModule->SSL->SSLPort = 0, then the system defaults to using ServerModule->Port = 8077 as the https port, then the access address is:
At this point, 8077 can be modified to 443 for portless https access.
2) If you want to support both http and https, you can set ServerModule->SSL->SSLPort and ServerModule->Port port at the same time.
ServerModule->SSL->SSLPort = 443 (SSL default port)
ServerModule->Port = 80(non-SSL default port)
The access address at this time is.
III. Operational Results
(After testing, Google Chrome does not support this type of encryption interaction, I have not further replaced the other encryption algorithm type test, 360 can.)
1.https access
2. http access
This, a web site that supports both http access and https access will be completed.
