cHttpServer TLS/HTTPS Support

Overview

cHttpServer supports TLS certificate configuration through chained functions, upgrading HTTP service to HTTPS. Underlying uses cTlsReMaster (based on cTlsSocket), supports TLS 1.2/1.3.

Chained Functions

TlsCertFile — Certificate File Mode

Most commonly used method, supports PFX/P12 and PEM formats.

Public Function TlsCertFile( _
    ByVal CertFile As String, _
    Optional ByVal Password As String, _
    Optional ByVal AlpnProtocols As String = "http/1.1") As cHttpServer

Parameters:

Parameter	Type	Required	Description
CertFile	String	Yes	Certificate file path. PFX/P12 or PEM format, PEM supports | separated multiple files
Password	String	No	Certificate password, leave empty for PEM with unencrypted private key
AlpnProtocols	String	No	ALPN protocol negotiation, default "http/1.1", set to "h2,http/1.1" for HTTP/2

CertFile Format:

• PFX/P12: "C:\certs\server.pfx"
• PEM single file: "C:\certs\server.pem" (contains certificate and private key)
• PEM multiple files: "C:\certs\fullchain.pem|C:\certs\privkey.pem"

TlsCertSubject — Windows Certificate Store Mode

Lookup certificate from Windows system certificate store, suitable for enterprise environments.

Public Function TlsCertSubject( _
    ByVal CertSubject As String, _
    Optional ByVal AlpnProtocols As String = "http/1.1") As cHttpServer

Parameters:

Parameter	Type	Required	Description
CertSubject	String	Yes	Certificate subject name (e.g., "www.example.com")
AlpnProtocols	String	No	ALPN protocol negotiation, default "http/1.1"

TlsCertMemory — Memory Certificate Collection Mode

Advanced usage, load certificates from Collection in memory.

Public Function TlsCertMemory( _
    ByVal Certificates As Collection, _
    ByVal PrivateKey As Collection, _
    Optional ByVal AlpnProtocols As String = "http/1.1") As cHttpServer

Start Method

After refactoring, only retains port and IP parameters:

Public Function Start(Optional Port As Long = 80, Optional IP As String = "0.0.0.0") As Boolean

Usage Examples

PEM Certificate (Let's Encrypt Most Common)

Server.TlsCertFile("C:\certs\fullchain.pem|C:\certs\privkey.pem").Start 443

PFX with Password

Server.TlsCertFile("C:\certs\server.pfx", "my-password").WebRoot("C:\www").Start 443

Windows Certificate Store

Server.TlsCertSubject("www.example.com").Start 443

Pure HTTP (No TLS Functions Called)

Server.WebRoot("C:\www").Start 80

HTTP + HTTPS Dual Ports

' HTTP
Dim httpSvr As New cHttpServer
httpSvr.WebRoot("C:\www").Start 80

' HTTPS
Dim httpsSvr As New cHttpServer
httpsSvr.TlsCertFile("C:\certs\server.pfx", "pwd").WebRoot("C:\www").Start 443

Conditional Enable

If Config.EnableHTTPS Then
    If Config.CertFromStore Then
        Server.TlsCertSubject Config.CertSubject
    Else
        Server.TlsCertFile Config.CertPath, Config.CertPwd
    End If
End If
Server.WebRoot(Config.WebRoot).Start Config.Port, Config.BindIP

Internal Mechanism

TLS Mode Enum

Private Enum EnumTlsMode
    TlsNone          ' TLS not enabled (default)
    TlsModeCertFile  ' Certificate file
    TlsModeSubject   ' Windows Certificate Store
    TlsModeMemory    ' Memory certificate collection
End Enum

• Calling any Tls function = Set corresponding enum value
• Start() selects TCP or TLS protocol based on enum value
• StopMe() resets enum to TlsNone, clears all TLS/WebRoot intermediate variables

Backward Compatibility

When no TLS functions are called, behavior is completely consistent with before refactoring:

• Start(Port, IP) — Pure HTTP
• WebRoot() chained function replaces the original Start method's WebRoot parameter

Version Change

Starting from vbman 1.0.0.419, the Start() method no longer accepts a WebRoot parameter. Please use the chained function WebRoot() to configure the static files directory.

Certificate Source Documentation

Detailed introduction to three certificate modes, see TLS Certificate Configuration Overview:

Certificate Mode	Details
TlsCertFile (Certificate File)	Certificate File Mode
TlsCertSubject (Windows Certificate Store)	Windows Certificate Store Mode
TlsCertMemory (Memory Certificate Collection)	Memory Certificate Collection Mode

Underlying InitServerTls detects in the following priority:

1. Memory collection (Certificates + PrivateKey)
2. Certificate file (CertFile)
3. Windows Certificate Store (CertSubject)

Notes

1. Certificate Chain Completeness: PEM format needs to contain fullchain (server certificate + intermediate certificate)
2. ALPN Negotiation: Default "http/1.1", set to "h2,http/1.1" for HTTP/2 support
3. Error Handling: When certificate file doesn't exist/password error/certificate expired, Start returns False and sets LastError
4. StopMe Reset: After stopping, restarting as pure HTTP, no need to manually clear TLS configuration
5. TLS is completely transparent to HTTP protocol parsing: Other HttpServer class files need no changes