Need advice: Move from HTTPSocket to HTTPSecureSocket for Desktop app to Web app communication

Developing new functions - starting simple. I control both sides of the communication - Windows Desktop app communicating with Linux Web app.

I have everything working (2-way communication) with this simple command in the Desktop App…

[quote] TestSocket.Get(“,password,command”)
As you can see, I am implementing the HandleSpecialURL on the WebApp - all is working fine in the Debug environment.

This, of course is not secure, and I do not want to transmit name and password in the clear. So I now want to move my apps to secure communication - I assume that means implementing HTTPSecureSocket to replace the current version that is just using HTTPSocket.

I am a newbie to this area (secure web communication) and just need to know what are the obvious things I need to do to get this to work.
First, for my development/debug environment… (Developing on Windows PC) …

Do I need to change the port above from 8080 to something else?
Anything else I need to think about on the Desktop side?
What do I need to do on the WebApp side to accommodate this?

First, you’ll need an SSL certificate, and if it’ll be over the Internet, it should be a commercial one. How it gets created and used depends a lot on how you will be deploying your app. If it will be a Standalone app, it’s just a matter of putting the certificate next to the app and then launching the app with the --secureport=8081 option. From then on, you will connect to the new port using an HTTPSecureSocket.

dim h as new HTTPSecureSocket = true h.connectiontype = h.TLSv1 h.get("httpsocket://........")

Something to note… A bug was fixed in the framework recently which means you should be using at least 2014r3 for building the standalone web app with regards to the delivery of SSL certificates.

If you will be using cgi, you’ll need to get a certificate that works with your web server.

Would I do this as well for a CGI app? (assuming your later comment re: getting the appropriate certificate still stands - does the process for my code still look the same?)

No. When serving as cgi, the responsibility for ssl falls to the web server itself, and it forwards requests to your app.

OK - checking that out now.

How do I stage this in my debug environment? (understanding I have a CGI webapp)?