I see a few posts about SSL but not too much that’s recent. With the new browsers like FireFox showing messages when connecting to sites that are not running SSL, it seems like now is the time to get my site using SSL.
I am running one site, on Windows 2012 R2 on a dedicated server with 1and1.com. I am using a stand alone Xojo Web App.
Is there a definitive guide or someplace where I can get very clear steps on how to set it up the SSL and App on my server? I don’t even know for example if IIS needs to have the cert installed, but I assume it does. Obviously if the user goes to http without the https I would want it to switch to the https site. I have seen this behavior on all the other sites so I assume it’s normal but thought I’d mention it.
Any help would be appreciated and I’m sure others would appreciate it also in the future as this becomes much more important.
If no one has a good step by step on how to do this, maybe Paul would be interested in doing a webinar on it???
I think there is some info on how to run SSL with a stand alone app in the forums or docs. I know I tested it at one point. I’m too lazy to look it up. I run my stand alone web apps through haproxy on linux or mac, so I use that to handle SSL.
I’m not sure what you are using IIS for since you say you’re running the app stand alone, but if you are using it to proxy to the web app locally, then you would install your SSL cert in IIS. In that case I would just google or search the IIS docs for how to properly point IIS to a cert.
One big point: do not use other ports than standard port 80 and 443. Your website might be blocked away. And when finished with configuration do not forget to check your site with Mozilla Observatory and SSLabs.com
Wouldn’t that mean that I could only run one website on my server?
The port 9000 should be transparent to the user I think, but it’s not my expertise so others can chime in.
Alan
If you are using IIS URL rewrite then you are using IIS to proxy your web application. Get the certificate for the IIS website and bind port 443 to that site.
No. IIS will secure the connection back to the browser, the Web App will listen on its own port. So you’re offloading the SSL work to IIS and leaving your app to do its thing.
Wayne and others,
The SSL is installed, and things are sort of working but not really.
If anyone is willing to help me, I would appreciate it. I don’t want to post the url here as it then becomes available to the world, but if you are able and willing to help me, please IM me here and I’ll go over what’s working and what’s not.
Is this all possible? If so, can someone explain what the best way to do it is, from an IIS standpoint and from the stand alone xojo app as far as if any command line options are needed?
For using the standalone app, you can just use MyWebApp --port=80 --secureport=443. Then put the MyWebApp.crt file in the same directory as the app.
For redirect you could do something like this in the session.open event.
if not session.secure then
ShowURL "https://www.domain.com"
end if
Forgot to add that in order for that to work, those ports have to be free. So IIS would need to be shut down, and anything else that might happen to be using the default web ports of 80 and 443. HTH
Kevin, By using port 80 does that mean I could only use one site on my server? It’s a dedicated server and really will need to have many sites including php sites on it.
@Tomas, I have gotten the actual site to work on IIS using Reverse Proxy, so http://www.domain.com actually goes to http://www.domain.com:9000 but now I’m wanting to now use SSL and I don’t think Olivers PDF addresses that.
@Wayne, do you think if I continued to use my reverse proxy so that www.domain.com goes to www.domain.com:9000 and then tried running the app with secure port 443 would work?? I apologize for asking all these questions but I’m sure there is a perfect way to do this so if I ever need this again, it will be a piece of cake, but it’s just not something I’m very familiar with.