SSL setup for Windows

  1. 6 weeks ago

    Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    I see a few posts about SSL but not too much that's recent. With the new browsers like FireFox showing messages when connecting to sites that are not running SSL, it seems like now is the time to get my site using SSL.

    I am running one site, on Windows 2012 R2 on a dedicated server with 1and1.com. I am using a stand alone Xojo Web App.

    Is there a definitive guide or someplace where I can get very clear steps on how to set it up the SSL and App on my server? I don't even know for example if IIS needs to have the cert installed, but I assume it does. Obviously if the user goes to http without the https I would want it to switch to the https site. I have seen this behavior on all the other sites so I assume it's normal but thought I'd mention it.

    Any help would be appreciated and I'm sure others would appreciate it also in the future as this becomes much more important.

    If no one has a good step by step on how to do this, maybe Paul would be interested in doing a webinar on it???

    Thanks
    Alan

  2. Kevin W

    Feb 15 Pre-Release Testers, Xojo Pro

    I think there is some info on how to run SSL with a stand alone app in the forums or docs. I know I tested it at one point. I'm too lazy to look it up. I run my stand alone web apps through haproxy on linux or mac, so I use that to handle SSL.

    I'm not sure what you are using IIS for since you say you're running the app stand alone, but if you are using it to proxy to the web app locally, then you would install your SSL cert in IIS. In that case I would just google or search the IIS docs for how to properly point IIS to a cert.

  3. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Right now I am using IIS to point www.domainname.com to www.domainname.com:9000

    I am pretty sure I can get the cert setup on IIS.

    The main question is really how to get xojo stand alone to work, but I can go back to some of the older posts and see if I can figure it out.

  4. Kevin W

    Feb 15 Pre-Release Testers, Xojo Pro

    https://forum.xojo.com/8355-standalone-web-ssl

    http://blog.xojo.com/2014/01/14/at-long-last-web-standalone-ssl/

    Had an extra minute or two. I think the blog post and that forum thread are what I used to get my test working a couple of years ago. HTH.

  5. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Thanks, I'll take a look and give it a shot

  6. Tomas J

    Feb 15 Pre-Release Testers, Xojo Pro Europe (Germany)

    @Alan S Right now I am using IIS to point www.domainname.com to www.domainname.com:9000

    One big point: do not use other ports than standard port 80 and 443. Your website might be blocked away. And when finished with configuration do not forget to check your site with Mozilla Observatory and SSLabs.com

  7. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Wouldn't that mean that I could only run one website on my server?
    The port 9000 should be transparent to the user I think, but it's not my expertise so others can chime in.
    Alan

  8. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Let me get SSL working and I'll check those out since most of the errors I'm seeing on Mozilla is because it's not ssl

  9. Wayne G

    Feb 15 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    If you are using IIS URL rewrite then you are using IIS to proxy your web application. Get the certificate for the IIS website and bind port 443 to that site.

  10. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Wayne, if i do that do i still need to use command line options on the xojo app for secure socket, etc?

  11. Wayne G

    Feb 15 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    No. IIS will secure the connection back to the browser, the Web App will listen on its own port. So you're offloading the SSL work to IIS and leaving your app to do its thing.

  12. Alan S

    Feb 15 Pre-Release Testers, Xojo Pro Western New York, USA

    Thanks, I'll give it a shot in the next few days and report back here how it works.

    I started using IIS because of the wanting to get rid of the port number so the user doesn't see it.

    Alan

  13. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Wayne and others,
    The SSL is installed, and things are sort of working but not really.
    If anyone is willing to help me, I would appreciate it. I don't want to post the url here as it then becomes available to the world, but if you are able and willing to help me, please IM me here and I'll go over what's working and what's not.

    Thanks
    Alan

  14. Kevin W

    Feb 16 Pre-Release Testers, Xojo Pro

    If you don't need IIS for proxy then you can run on port 443 directly. Should make things simpler.

  15. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Here is what I would like to have happen. Seems like a lot of normal websites work this way, so this is what I'm hoping that I can do.

    If the user types http://www.domain.com I want it to go to https://www.domain.com:9000 ( or whatever so my app running on port 9000 can run)
    If the user types https://www.domain.com I want it to go to https://www.domain.com:9000 ( or whatever so my app running on port 9000 can run)

    I would like to have the site show the pad lock so everything is indeed encrypted

    In addition I guess http://domain.com should also go to https://www.domain.com

    Is this all possible? If so, can someone explain what the best way to do it is, from an IIS standpoint and from the stand alone xojo app as far as if any command line options are needed?

  16. Kevin W

    Feb 16 Pre-Release Testers, Xojo Pro
    Edited 6 weeks ago by Kevin W

    For using the standalone app, you can just use MyWebApp --port=80 --secureport=443. Then put the MyWebApp.crt file in the same directory as the app.

    For redirect you could do something like this in the session.open event.

    if not session.secure then
    ShowURL "https://www.domain.com"
    end if

    Forgot to add that in order for that to work, those ports have to be free. So IIS would need to be shut down, and anything else that might happen to be using the default web ports of 80 and 443. HTH

  17. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    Kevin, By using port 80 does that mean I could only use one site on my server? It's a dedicated server and really will need to have many sites including php sites on it.

  18. Tomas J

    Feb 16 Pre-Release Testers, Xojo Pro Europe (Germany)

    @Oliver O made a good PDF how to implement Xojo Web behind an IIS, as far as I know he did this with URL Rewriter and Reverse Proxy Rules:

    Here's my copy of his PDF, maybe he's reading this and can add everything which is new:
    https://cloud.jakobssystems.de/u/tom/xojo/XojoOnIIS.pdf

  19. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    @Tomas, I have gotten the actual site to work on IIS using Reverse Proxy, so http://www.domain.com actually goes to http://www.domain.com:9000 but now I'm wanting to now use SSL and I don't think Olivers PDF addresses that.

  20. Alan S

    Feb 16 Pre-Release Testers, Xojo Pro Western New York, USA

    @Wayne, do you think if I continued to use my reverse proxy so that www.domain.com goes to www.domain.com:9000 and then tried running the app with secure port 443 would work?? I apologize for asking all these questions but I'm sure there is a perfect way to do this so if I ever need this again, it will be a piece of cake, but it's just not something I'm very familiar with.

  21. Newer ›

or Sign Up to reply!