SSL/TLS (Delphi)

Setting up the Transport-Level Security (TLS) for your Remoting SDK server is very easy.

Using TLS allows your clients to connect with the more secure https://, superhttps://, tcps:// and supertcps:// protocols.

Indy-based servers

You should create/drop TIdServerIOHandlerSSLOpenSSL component, setup it and link it with correspondent property of internal Indy component:

  • TROIndyHTTPServer:
ROIndyHTTPServer1.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
  • TROIndyTCPServer:
ROIndyTCPServer1.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
  • TROIndySuperTCPServer:
ROIndySuperTCPServer1.Server.IOHandler := IdServerIOHandlerSSLOpenSSL1;

Note: the Server property of TROIndySuperTCPServer wasn't published so assigning isn't possible in designtime via Object Inspector.

See Indy help about using TIdServerIOHandlerSSLOpenSSL component Note: SSL support requires OpenSSL 1.0.2.

Check the Binaries (wiki.openssl) article for sites where you can download OpenSSL binaries.
https://indy.fulgan.com/SSL/ url is recommended for Indy.

Native (socket) servers

You should set OpenSSL.SSLEnabled to True. A certificate can be either loaded from a storage file on startup, or auto-generated the first time the server is run. If provided via file, it should be a PEM certificate. Password for certificate can be specified via correspondent the OnPassword event.

Note: SSL support requires OpenSSL 1.1.x.

Check the Binaries (wiki.openssl) article for sites where you can download OpenSSL binaries.

WinHttp-based server

This server can be configured with netsh or HttpSysManager utility.


PEM certificate should contain server certificate and private key like:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

optionally, it can include server CA and root CA like:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----