How to enable Indy OpenSSL self-signed HTTPS in StandAlone IntraWeb or non-IntraWeb applications

1. To put it plainly, let you use the Indy SSL library based on Open SSL:

https://www.atozed.com/intraweb/download/ssl/

https://opendec.wordpress.com/

https://www.openssl.org/source/

2. Certificate format conversion tool:

Indy uses OpenSSL, which uses a different certificate format than the default certificate format provided by most SSL providers. To convert them, you can use the following methods:

SSL Buddy-a free UI utility that can perform conversion:

https://sslbuddy.software.informer.com/

Manual conversion-explain how to use the OpenSSL command line tool to convert the SSL format .cer and .pem:

https://jingyan.baidu.com/article/9989c746d1681bf648ecfebe.html

3. Self-signed Https method and steps:

1) Set ServerController.SSLOptions.Port = 443 (you can also use any other port, but 443 is the standard HTTPS port)

2) Generate a certificate. During the development process, you can use a self-signed certificate.
Get one for free here: https://zerossl.com
3) If you get a self-signed certificate from ZeroSSL.com, rename the file to: crt.txt->cert.pem key.txt->key. pem

4) Download "Let's Encrypt Root Certificate". You can find it here: https://letsencrypt.org/certificates/
click on the link "ISRG Root X1 (self-signed)" and save.

5) Rename the root certificate obtained in (4) to root.pem.

6) Save all 3 PEM files (from 3-5 above) to the folder where the IW EXE is located (*not* in the wwwroot folder!)

7) Download OpenSSL from here: https://indy.fulgan.com/SSL/ and
choose the latest version compatible with your server. Remember, 32-bit applications require 32-bit DLLs, and 64-bit applications require 64-bit DLLs.
Therefore, Indy Fulgan DLL has Win32 and Win64 suffixes.

8) Unzip the OpenSSL archive and copy libeay32.dll and ssleay32.dll to the folder where the IW EXE is located.

9) Build and run your application. Please note that all browsers will warn you that your self-signed certificate is invalid.
This is normal and expected. Self-signed certificates work the same as ordinary certificates, but they are not trusted by browsers.
You need to add this certificate as an exception so that the browser can accept it as a normal certificate.

Note:
Other related attributes:
a) ServerController.SSLOptions.NonSSLRequest->The possible values are: -nsAccept: HTTP (non-secure) requests will be accepted. HTTPS requests will also work. -nsBlock: requests using HTTP (non-secure) will be blocked, and HTTPS (secure) requests will work -nsRedirect: requests using HTTP will be redirected to HTTPS requests. Except for the protocol, the same URL will be used,

For sample code to set this property, see the ServerController.OnConfig event.

b) TIWForm.ConnectionMode->The possible values are: -cmAny: This form will accept both HTTP and HTTPS requests -cmSecure: This form will only accept HTTPS requests -cmNonSecure: This form will only accept HTTP (non-secure) requests