In case anyone is struggling with getting a certificate running on your mac hosted Stand-alone web app and you are not a unix Guru,
here’s a short guide on how I did it.
In your App’s open event of the loading screen, you check if the session is connected securely by using something like this;
if Not Session.Secure then
Dim host as String = Session.Header(“Host”)
Dim url as String = “https://” + host
ShowURL(url)
end
This will cause anyone visiting the non SSL link to be re-routed to the SSL secured link, without them actually having to choose https:// as a start.
Obviously you also need a certificate added to your web App.
I did this using the Server App that comes with Mac server when bought from the Apple Store, which turns any mac into a server for 25 bucks.
From there you create a CSR file, that you have to provide to your CSA so they can make you an SSL certificate.
The cheapest one I could find works; around $10 dollars.
The name you want is the name of your URL for the App, so for instance myownsecureapp.com if your app is called myownsecureapp and you want to host it on myownsecureapp.com.
You obviously need to be the owner of the URL when you request a certificate from your CSA, as they will be e-mailing you to an email address on that domain.
What you get back from your CSA is certificates, that you can add to your Mac keychain Access App by double clicking them on the mac you want the WebApp to run.
After you have done that, you export the certificate from Keychain Access, which will be in .p12 format.
Luckily .p12 can be converted to ASCI using OpenSSL.
The reason you need to do this is that the file you get from your CSA does not contain your private key (that would be pretty unsafe at it is an ASCII readable file)
More info on how to do this can be seen on;
https://www.sslshopper.com/ssl-converter.html
It even allows you to covert it on-line (although that is obviously less safe then doing it from a terminal on your mac)
What you get then is an almost ready to use file, with both a certificate and private key.
You clean up any lines outside the certificate and private key lines so all you have is a clean text file (unformatted) that contains only the two sections looking like this;
BEGIN CERTIFICATE-----
MIICuzCCAiQCCQD+1X0TfzZ2qDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMC
VUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRkwFwYDVQQKDBBG
YWtlIENvbXBhbnkgTExDMQ0wCwYDVQQLDARGYWtlMR0wGwYDVQQDDBRmYWtlZG9t
YWluLmxvY2FsLmNvbTEnMCUGCSqGSIb3DQEJARYYZmFrZWFkbWluQGZha2Vkb21h
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDwYlw8zNP876/zHiGgCKTPvBAaEup41p67q7S8NoLSUnbkcnix
NSo1q1jM+UFzpxesNdjVsKkG1Juco50BtCA+nPpocPINPw/d0Of9TpDE1pACbXmG
O+C2wXYC5dXd//rFXETZECz396HdZEAfUbx9ys/zq8rBsmcDlsAgQqgV9QIDAQAB
-----END RSA PRIVATE KEY-----
For obvious reasons the above is not a complete .crt but it should make clear how it should look.
Your can have Xojo copy the .crt to your Apps root folder by using a CopyFiles step after the build in the OS X build settings.
To ensure your webApp can work with SSL, you have to launch it from the terminal using something like this;
/pathToApp/Appname --secureport=xxxx
Where xxxx is a port different from the standalone port you chose in your build settings,
so fo instance if your app is built to accept connections on port 8800, you could choose port 8801.
Now when someone visits the plain HTTP link, the lines in the open command of the loading screen will reload the App using an SSL connection.
The advantage of using standalone is speed; I found it to be significantly faster than cgi versions, including Xojo Cloud.
I find the whole process still a bit too ‘unix command line like’, but it works.