webapp+ssl = CONNECTION_REFUSED

So I am trying to get this combo to work, but I am failing.

To go thru the learning curve first thing I tried is to run the example project in Xojo’s example’s folder.
I’ve followed the instructions on the project and everything seems ok, except that when I open the browser and type https://localhost:8082/ I get a ERR_CONNECTION_REFUSED

I’ve been using the certificate provided by Xojo, so that should not be a problem.
Any ideas ?
Thanks

You need to change the App Name to SSLTest, then build for your platform and run it from the terminal or command line like:

./SSLTest --secureport=8082

In your browser then you can enter:

http://localhost:8081 https://localhost:8082

ok… I made a little improvement…

I can now connect to the app, but I still get a big warning about the connection not being secure.
The problem seems to be related to the certificate issuer “SEC_ERROR_UNKNOWN_ISSUER”. Looks like the dummy cert that xojo provides is the problem here.

Ok, so next question would be… Is there something like “creating your own certificate for dummies”? I’ve seen some posts showing how to get/create your own certificate and I found them quite difficult to follow… I need to get a free certificate… I am not sure this project will flourish or get me any money, so for now I’d rather not put money on it.

free certificate : https://letsencrypt.org

I use openssl to generate test certs https://developer.xero.com/documentation/api-guides/create-publicprivate-key.

Right… and that’s where his error comes from. Modern browsers consider those “not secure”

They’re fine for testing, but you need a real certificate from letsencrypt or a certificate authority for production work.

Ok, I think I got it. The problem with letsencrypt.org is that to create a new certificate I need to verify the ownership of my domain. Since I am now just making tests and evaluating the app I do not have a registered domain and so I can’t create a certificate.
Is there a solution for this ?
R

No, the certificate is issued for the domain or domains. The browser will reject the certificate if the common name does not match the domain connecting to, that’s why ownership of the domain is required. So while developing, if a domain is not an option, then you’ll have to use the self-signed certificates and ignore the errors.

ok. One last question regarding this issue…
I’ve seen that to prove ownership you asked to put some text file with some given hash in some directory of your server.
How can I do that with a webapp in xojo ?
There’s no Public_Html folder, I can’t access anything like a directory tree… How would I do that process ?
Thanks all

If your app is standalone, you can respond to this request in the App.HandleUrl event.

I am bringing this subject up again, because again I am facing the same issue.

I am trying to get the SSL example project to work but the app does not connect. All I get is a ERR_CONNECTION_REFUSED in the browser as I originally posted.

I am following the exact steps that are explained in the project to no avail.
In my second message in this thread I stated that I had been able to connect to the app but I don’t remember how I did that and I am unable to do it again.
Why does the SSL example does not work out of the box ? or what could I be doing wrong ?
Thanks.

Roman, what platform are you testing on?
What of the 2 options are you using to test?
Option 1 build app as standalone and Option 2 run the app from Xojo using Run Paused?

Hey Alberto,
I’m testing now on Windows 10 (tried windows server 2012 r2 as well)
Option 2.

Roman, your .crt should match the name of the app.

Let’s say that you changed the name of the App to SSLTest (to match SSLTest.crt), when using the Option 2 on Windows, the debug application will be called DebugSSLTest but the cert is named SSLTest.crt, so you need to copy SSLTest.crt to DebugSSLTest.crt so you can successfully run the example code with the included certificate.

Take note that the browser will complain about the cert and that the page is not secure, trying to force you not to visit the page.

Hope this helps.

Edit: when you load examples the application name for each platform is ‘My Application’, so remember to change the build settings (Windows App Name) for your platform to SSLTest

Already did this. It’s not what causing the issue.
Can you get the SSL example included with Xojo to actually connect and show the https page ?

Well, something is missing on what you did.

What I did is what I told you before. I usually use mac and used option 1 before. So I went for my old Window 10 laptop and tried Option 2 for the first time. Here are some screen captures that may help you:

List of the files with the duplicate dummy certificate and the command line used to execute the server

Browser warning that the page is not secure

After clicking ‘detalles’ and confirm that I want to visit the page anyway, that I know the risks and I don’t blame Microsoft if my computer gets infected or blow up (I added the red line where it is confirmed that I am connected with https)

Alright. Alberto thanks a lot!!

Here’s what is wrong :
In this link from the Xojo blog :

https://blog.xojo.com/2014/01/14/at-long-last-web-standalone-ssl/

It states something which is plain wrong:

That is why I could not make it work.
Changing the .crt file to exactly the same name as the exe (in my case “DebugSSLTest.crt”) did the trick.

Xojo should definitely update the information on that post.
Thanks a lot, Alberto.
So many hours wasted in this… :frowning:

Glad this helped you make it work.

That note is for mac and it works like that.
For Windows, the debug application is called DebugMyBestApp.exe and the .crt should be named DebugMyBestApp.crt

I think that many times there is a gap between the information provided and the expertise of new users. Is not easy to write good documentation for new users that don’t know how things work when you already understand how things work. I tend to use screen captures because there is a language barrier too.

In that case it should be left clear it is only for mac users.