ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

This content has been translated automatically.  Click here  to view the French version.
Help / WLanguage / WLanguage functions / Communication / Sockets
  • Overview
  • Creating a self-signed certificate
  • 1. Downloading and installing the OpenSSL library compiled for Windows
  • 2. Configuring OpenSSL
  • 3. Creating a certification authority
  • 4. Creating a server certificate that can be used with the SocketCreateSSL function
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
Creating an SSL certificate that can be used with SocketCreateSSL
Overview
To create an SSL server with SocketCreateSSL, you must use a signed certificate containing a private key.
Several solutions can be implemented:
  • Get an SSL certificate from an accredited certification organization (thawte or verisign for example). We recommend that you contact these entities to find out how to proceed. This certificate can be used with a deployed application for example.
  • Create a self-signed certificate. This certificate can be used for test and/or for a deployed application. To do so, you must use the OpenSSL open source library.
Creating a self-signed certificate

1. Downloading and installing the OpenSSL library compiled for Windows

For more details, see the following page: https://www.openssl.org/community/binaries.html
In the rest of this document, we will assume that:
  • OpenSSL is installed in the <DirInstallOpenSSL> directory
  • a PERL engine is installed on the computer (free PERL engines can be downloaded from Internet).

2. Configuring OpenSSL

  • Edit the file named <DirInstallOpenSSL>/bin/CA.pl
  • Replace the line:
    $CATOP="/.demoCA":
    by:
    $CATOP="./<MYAUTHORITY>";
  • Edit the OpenSSL.cfg file
  • Replace the line:
    [CA_default]
    dir = ./demoCA       # Where everything is kept

    by:
    [CA_default]
    dir = ./<MYAUTHORITY>       # Where everything is kept

3. Creating a certification authority

A certificate authority is an entity that has the power to sign certificates. The client must install the certificate authority in all the "trusted" companies in order for the certificates signed by this authority and not corrupted to be accepted.
  • Open a command line (run cmd).
  • Position in the <DirInstallOpenSSL>/bin directory
  • Enter:
    CA.pl -newca
  • Press Enter to create a new CA.
  • Type the password of private key (twice). This password is mandatory.
  • Enter the information about the certification authority currently created.
    • The country
    • The state or the region
    • The city
    • The company
    • The service
    • The name of the certification authority
    • An email address
    • A password to be supplied when requesting a certificate: as this is a self-signed certificate, no password is required.. Validate without entering anything.
    • A company name
    Then, you must re-enter the password that was entered beforehand.
  • At the end of the script, the <MYAUTHORITY> subdirectory was created in the ./bin directory of OpenSSL. You will find in this directory:
    ./cacert.pem (the public part of the certificate that will be used to sign the other ones).<br>
    ./private/cakey.pem (the private key).
  • Copy the "./cacert.pem" file and rename it to cacert.crt. This file must be installed on all the computers that use sockets connecting to servers whose certificate has been signed by this authority.

4. Creating a server certificate that can be used with the SocketCreateSSL function

The server certificate is a certificate that contains a private key and a public key, both signed by a known certificate authority (created in the previous step).
  • Create a certificate request. In the command line, type:
    CA.pl -newreq

    Press Enter and specify the following information:
    • A password for the certificate (note: this password must be entered to import the certificate into Windows).
      This password is mandatory, it must contain between 4 and 500 characters.
    • Country.
    • The state or the region.
    • The city.
    • The company.
    • The service.
    • The full name of server on which the certificate will be installed.
    • An email address.
    • A password to be supplied when requesting a certificate: as this is a self-signed certificate, no password is required.. Validate without entering anything.
    • A company name.
    Two files are then created in the <RepInstallOpenSSL>/directory: newreq.pem and newreq.key.
  • Sign the request with the authority created in the command line:
    CA.pl -sign

    The password of the certification authority is requested. Check the signature and the recording by answering "y" to the two following questions.
    The <DirInstallOpenSSL>/bin/newcert.pem file is created.
  • Create the full certificate:
    • In the command line, type:
      CA.pl -pkcs12 "use name"
    • Then, answer the questions by specifying:
      • The password of certification authority.
      • An export password: this password will be requested when exporting the certificate from the certificate store.
      The newcert.p12 file is created in the <RepInstallOpenSSL>/bin directory. This file must be installed on the server. To do so, simply:
      1. Copy the certificate to the computer.
      2. Double-click this file. The certificate will be visible in the certificate manager (certmgr.msc).
        Please note: the certificate must be installed using the user account for the application or service that will be using it.
During installation, do not check the "Enable enhanced security" box: if this option is checked, the private key password will be requested each time the SocketCreate function is called.
Minimum version required
  • Version 12
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 03/27/2025

Send a report | Local help