I call this the idiots guide as I am the chief idiot and it took me 2 days with help from the xojo windows forum.
I am doing this for windows but I would imagine it works the same for MAC as well.
There are really only a few steps and you should have it up and running within a few clicks and emails.
First go to https://www.gogetssl.com/ and create an account.
I have nothing to do with them so I am sure there will be a similar process with other providers.
I use them as they have a FREE 3 month trial and if you follow the steps you will get the green padlock on your site.
Once you are in your account click on “Create a new order”
Scroll all the way down the bottom to the “65 GGSSL TrialSSL”, once again free and lasts 3 months.
Click on ORDER and you will be taken to step 1 of 4
it should all say $0.00
leave it all as it is and click on “Complete order”
This will take you back to your Dashboard
on the left hand side click on “SSL certificates” this will take you to “Manage SSL certificates”
You should have one line which says incomplete , click on GENERATE
You want to find this line ( in the third section - it is in orange)
Online CSR Generator
click it and you will taken to a new site and hopefully a new tab
scroll down a bit and you will find “Common Name”
Here is the first “gotcha” , this has to be the name of your site
I.e. If your site is www.mysite.com.au then put in www.mysite.com.au
If you use something else then you will get a padlock but it will be in orange as the domain does not match the domain the the SSL certificate
Do NOT put a * at the start even though it says you can - it doesn’t work for the next step.
Fill in the information and ensure you use a real email as they send you the information via email as well as a verification code.
Click on Generate CSR
Second Gotcha
This takes you to a new page on it you will find the CERTIFICATE REQUEST and the PRIVATE KEY
copy the PRIVATE KEY and save it in a text file - call the file “my RSA private key.txt”
copy the CERTIFICATE REQUEST and save it in a text file - call the file “my CERTIFICATE REQUEST.txt”
copy means the whole lot including the -----
I.e.
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/iRymLhaLEfku
…
…
QP+aia3dvsTXgLT6xvZ5Bg4=
-----END PRIVATE KEY-----
You will also get an email from GoGetSSL containing the information but if you do it now it works better
subject line of email will be “CSR and SSL Private Key for …”
Since the last thing we copied was the CERTIFICATE REQUEST we can now go back to the first TAB and PASTE it into the third section, leave everything else the same
Click on VALIDATE CSR
the next step is to validate you own the domain. There is a drop down list of valid domain admins and you have the option of using a WHO IS lookup.
I used admin@ but if none of them work for you then create yourself a new email which suits one they will let you select.
click on “Next Step”
type in your Administrative Contact details and click on “Complete Generation”
I have never got any spam from them in case you are worried.
Now we wait - it can take 5-10 minutes, you can close the other TAB now if you haven’t already.
They are going to send you an email with a link and a code.
Subject line : ORDER #179357330 - Domain Control Validation for …
copy the code and click on the link.
Paste the code
click the button and it will validate, click on close window.
If the email doesn’t come you can click on the INFO button under “SSL Certificates” and check the email address you gave.
I found that during this test the email didn’t arrive so I just cancelled the order and started again. 
Once you validate the code they will send you two emails ( only a few minutes )
Look for the one with the subject line : ORDER #179357330 - Your Free SSL Certificate for …
in the TEXT of the email you will see the certificate, copy the certificate (including the ----) and paste it into a new text document
can the text file “certificate.txt”
We now have everything we need.
make a new TEXT file and copy/paste everything from “Certificate.txt” then a blank line and copy/paste everything from “my RSA private key.txt” then a blank line
change -----BEGIN PRIVATE KEY----- to -----BEGIN RSA PRIVATE KEY-----
change -----END PRIVATE KEY----- to -----END RSA PRIVATE KEY-----
save the file and paste it into the folder where you have your WEB Stand alone app.
if your app is called “My Site ABC.exe” then rename your SSL file as “My Site ABC.crt”
here is the last gotcha
when you run your site/app you need to do it from the command line
in windows open a CMD window and drag the icon for your app into the command line window. This will paste in the full path to your app, then put a space and type this
–secureport=443
and hit enter.
It should look something like this
“C:\Users\damon\Desktop\The EDI Cloud\my site abc.exe” --secureport=443
(two - signs)
(set up your firewall / port forwarding etc… in your router if required.)
Your app will run and you can use it in HTTP mode as normal but you will also have https:// all in the one app.
Those folks at XOJO are smart arn’t they!!
if you are already using port 443 then change it to any other port, I have to use 4430
the url would then be https://www.mysite.com.au:4430, works perfectly fine as well
Lastly, if you need to do the process again the information in “my CERTIFICATE REQUEST.txt” can be used again so you dont need to type the information in again.
Hope this helps someone one day and you all get a green lock.
thanks
Damon