Can't make web app with ssl to connect

I’m following the instructions at : UserGuide:SSL for Web Apps - Xojo Documentation

it’s for a server on a private network, so I’m using a self-signed certificate
done with the instructions on the above link.
seems to work I have my webapp.crt file I put in the same folder as the webapp.

I launch ./webapp --secureport=(mysslport)
and I can connect using http (and the provided http port)
but can’t connect with https and the secure provided port. it says “connexion refused”

what did I miss ?

Are you specifying the path of your crt and key? Is the port you are using open and not “occupied” by something else? Are you specifying the used port in your url, in case it is not the standard port 443?

I only specify the path to the .cer certificate with the --certificate=/path… option
how should I specify the path to the .crt and .key files ?

yes the secured port is not used by anything else.

the server is a mac mini with a fresh macos 10.13 and only the web app on it.

I’ve been doing this: Simply merge all certificates (private key and intermediates) into a single file (it’s just text) and name it .crt [I put the intermediates first, then the private key, but I don’t know if the order matters). Then launch the app with the --certificate= option. Works great


That’s what I do also and works like a charm

thanks Mike.
do you need the --secureport option or not ?
the secureport is specified in the shared items section of the project
do you need to specify it again in the command line ?

also does it work if you omit the --certificate option and put the crt file just beside the webapp and the same name as the app ?

it’s still weird that there is only a laconic message “application is ready” and no error message if something is wrong …

I just use the full path to the crt file:

./MyBestApp --secureport=8081 --certificate=/full/path/to/file.crt

1 Like

isn’t it /full/path/to/MyBestApp.crt ?
and do you use a self signed certificate, or a “real” one ?

correct as I always name the crt the name of the webApp

self signed in some situations and also issued from Lets Encrypt

couldn’t find any simple “how to” get a certificate from let’s encrypt.
easy when it’s pre-build in some servers or nas
never understand how to get one from the command line…

You can’t for internal networks. You must have a public facing domain/subdomain. They also will not issue certificates for IP addresses.


i use a build step to copy the .crt file beside the exe.
i also set the ssl port in shared/build propertys.
i use a “free” (one click a month) dyn dns from
and a self sign signed certificate for a web app that i use by my own.
i forward this secure port in my router.
the web service i run at windows in a user context for file access.

not complete trustful certificate but at least https for test its ok.

1 Like
Forum for Xojo Programming Language and IDE. Copyright © 2021 Xojo, Inc.