how to get a working HTTPS site for stand alone - the idiots guide

  1. 10 months ago

    damon p

    18 Oct 2018 Pre-Release Testers, Xojo Pro
    Edited 10 months ago

    I call this the idiots guide as I am the chief idiot and it took me 2 days with help from the xojo windows forum.

    I am doing this for windows but I would imagine it works the same for MAC as well.
    There are really only a few steps and you should have it up and running within a few clicks and emails.

    First go to https://www.gogetssl.com/ and create an account.
    I have nothing to do with them so I am sure there will be a similar process with other providers.
    I use them as they have a FREE 3 month trial and if you follow the steps you will get the green padlock on your site.

    Once you are in your account click on "Create a new order"

    Scroll all the way down the bottom to the "65 GGSSL TrialSSL", once again free and lasts 3 months.
    Click on ORDER and you will be taken to step 1 of 4
    it should all say $0.00
    leave it all as it is and click on "Complete order"
    This will take you back to your Dashboard
    on the left hand side click on "SSL certificates" this will take you to "Manage SSL certificates"
    You should have one line which says incomplete , click on GENERATE
    You want to find this line ( in the third section - it is in orange)
    Online CSR Generator
    click it and you will taken to a new site and hopefully a new tab
    scroll down a bit and you will find "Common Name"
    Here is the first "gotcha" , this has to be the name of your site
    I.e. If your site is www.mysite.com.au then put in www.mysite.com.au
    If you use something else then you will get a padlock but it will be in orange as the domain does not match the domain the the SSL certificate
    Do NOT put a * at the start even though it says you can - it doesn't work for the next step.

    Fill in the information and ensure you use a real email as they send you the information via email as well as a verification code.

    Click on Generate CSR

    Second Gotcha
    This takes you to a new page on it you will find the CERTIFICATE REQUEST and the PRIVATE KEY
    copy the PRIVATE KEY and save it in a text file - call the file "my RSA private key.txt"
    copy the CERTIFICATE REQUEST and save it in a text file - call the file "my CERTIFICATE REQUEST.txt"

    copy means the whole lot including the -----
    I.e.
    -----BEGIN PRIVATE KEY-----
    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/iRymLhaLEfku
    ....
    ....
    QP+aia3dvsTXgLT6xvZ5Bg4=
    -----END PRIVATE KEY-----

    You will also get an email from GoGetSSL containing the information but if you do it now it works better
    subject line of email will be "CSR and SSL Private Key for ..."

    Since the last thing we copied was the CERTIFICATE REQUEST we can now go back to the first TAB and PASTE it into the third section, leave everything else the same
    Click on VALIDATE CSR

    the next step is to validate you own the domain. There is a drop down list of valid domain admins and you have the option of using a WHO IS lookup.
    I used admin@ but if none of them work for you then create yourself a new email which suits one they will let you select.

    click on "Next Step"

    type in your Administrative Contact details and click on "Complete Generation"
    I have never got any spam from them in case you are worried.

    Now we wait - it can take 5-10 minutes, you can close the other TAB now if you haven't already.

    They are going to send you an email with a link and a code.
    Subject line : ORDER #179357330 - Domain Control Validation for ....

    copy the code and click on the link.
    Paste the code
    click the button and it will validate, click on close window.

    If the email doesn't come you can click on the INFO button under "SSL Certificates" and check the email address you gave.
    I found that during this test the email didn't arrive so I just cancelled the order and started again. :(

    Once you validate the code they will send you two emails ( only a few minutes )
    Look for the one with the subject line : ORDER #179357330 - Your Free SSL Certificate for ...
    in the TEXT of the email you will see the certificate, copy the certificate (including the ----) and paste it into a new text document
    can the text file "certificate.txt"

    We now have everything we need.

    make a new TEXT file and copy/paste everything from "Certificate.txt" then a blank line and copy/paste everything from "my RSA private key.txt" then a blank line

    change -----BEGIN PRIVATE KEY----- to -----BEGIN RSA PRIVATE KEY-----
    change -----END PRIVATE KEY----- to -----END RSA PRIVATE KEY-----

    save the file and paste it into the folder where you have your WEB Stand alone app.
    if your app is called "My Site ABC.exe" then rename your SSL file as "My Site ABC.crt"

    here is the last gotcha
    when you run your site/app you need to do it from the command line

    in windows open a CMD window and drag the icon for your app into the command line window. This will paste in the full path to your app, then put a space and type this
    --secureport=443
    and hit enter.
    It should look something like this
    "C:\Users\damon\Desktop\The EDI Cloud\my site abc.exe" --secureport=443
    (two - signs)

    (set up your firewall / port forwarding etc... in your router if required.)
    Your app will run and you can use it in HTTP mode as normal but you will also have https:// all in the one app.
    Those folks at XOJO are smart arn't they!!

    if you are already using port 443 then change it to any other port, I have to use 4430
    the url would then be https://www.mysite.com.au:4430 , works perfectly fine as well

    Lastly, if you need to do the process again the information in "my CERTIFICATE REQUEST.txt" can be used again so you dont need to type the information in again.

    Hope this helps someone one day and you all get a green lock.

    thanks
    Damon

    Damon can I suggest you ask @Paul L to link to this on the dev site? Detailed instructions such as these are worth their weight in gold, but can be difficult to find here.

  2. Wayne G

    18 Oct 2018 Pre-Release Testers, Xojo Pro Answer New Zealand axisdirect.nz

    Damon can I suggest you ask @Paul L to link to this on the dev site? Detailed instructions such as these are worth their weight in gold, but can be difficult to find here.

  3. damon p

    18 Oct 2018 Pre-Release Testers, Xojo Pro

    will do

  4. damon p

    20 Oct 2018 Pre-Release Testers, Xojo Pro

    have done

  5. 7 months ago

    damon p

    20 Jan 2019 Pre-Release Testers, Xojo Pro

    Hi Guys,
    in 3 months you will need to buy a new certificate, you can tell as your site will no longer have the green lock.

    First go to https://www.gogetssl.com/ and log into your account
    I have nothing to do with them so I am sure there will be a similar process with other providers.
    They are really cheap at under 9 dollars for 2 years.
    Process the order and use your CSR which you can get off the website, it is the same CSR that you used for the TRIAL account.

    One you have validated your email etc... you will get an email with a subject like this
    New SSL Certificate [GOGETSSL] ORDERID: S0942237

    In the email you will find 3 sections which contain

    -----BEGIN CERTIFICATE-----
    MIIGiTCCBXGgAwIBAgIRALXF8GpSnu2HqGLeJ9EDfE4wDQYJKoZIhvcNAQELBQAw
    ...
    ...
    gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
    -----END CERTIFICATE-----

    copy all three just as they are.

    open your certificate file I.e. "My Site ABC.crt" in a text editor and DELETE the section(s) which have a
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    BUT LEAVE the one with the -----BEGIN RSA PRIVATE KEY-----

    Now paste your new ones into the top of the text file, if it is like mine you will have 3 -----BEGIN CERTIFICATE----- and 1 -----BEGIN RSA PRIVATE KEY-----

    save the file and replace the current certificate with the new one.
    No need to rerun your app.
    When you go to your SSL site you should have your green lock back
    hope this helps.

    Damon

  6. Or get free certificates from letsencrypt.org (there are a lot of reviews around)

or Sign Up to reply!