bg-tutorials

How to Install an SSL certificate on 4D server

In this tutorial, you will learn how to install an SSL certificate on 4D Server. 4D secures its built-in web server with two PEM files, cert.pem (your certificate) and key.pem (your private key), placed next to the project folder, after which you enable HTTPS in the 4D settings.

Generate a CSR code on 4D Server

A CSR (Certificate Signing Request) is a block of encoded text with your contact data that a Certificate Authority requires to validate and issue your SSL certificate. You have two options:

Open your CSR file with a text editor and copy its contents into the corresponding box during the SSL order process. Submit the CSR to the Certificate Authority, and once the CA validates it and issues your certificate, continue with the installation below.

Install an SSL certificate on 4D Server

4D uses its own files for TLS rather than a configuration directive. You provide the certificate and key as PEM files in a fixed location, add any intermediate certificates, and then turn on HTTPS in the settings.

Step 1: Prepare your PEM files

After the Certificate Authority delivers your certificate by email, download the ZIP archive and extract it. 4D accepts certificates only in PEM format (plain-text x509). The file names are fixed:

  • cert.pem: your domain certificate. If your CA sent a .crt file, open it in a text editor and save the contents into a plain-text file named cert.pem. The file name must be exactly cert.pem.
  • key.pem: the private key you generated together with the CSR. The file name must be exactly key.pem.

A PEM certificate is plain text bounded by header and footer lines, like this:

-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRA...
...your encoded certificate...
-----END CERTIFICATE-----

Where to put the files. With 4D or 4D Server in local mode, place cert.pem and key.pem next to the project folder (the folder that holds your database structure). For a 4D client in remote mode, place them in the client database folder on the remote machine. If you build the path in code, the Get 4D folder command returns the active 4D folder so you can locate the right directory.

Step 2: Add the intermediate and root certificates

Browsers need the full chain, so the CA bundle (intermediate, and sometimes root) must be available alongside your certificate. On 4D you have two ways to supply it:

  • Separate PEM files (recommended). Save each intermediate (and root) certificate as its own .pem file in the same folder as cert.pem. The extra files can use any name as long as the extension is .pem. 4D reads every .pem file in that folder and assembles the chain.
  • One combined file. Alternatively, paste your certificate followed by each intermediate (in order, leaf first) into a single cert.pem, keeping every BEGIN/END line intact.

Keep the folder clean. 4D loads every .pem file it finds next to the project folder. Delete any leftover .pem files from a previous certificate, because a stale or mismatched file can make the web server refuse HTTPS connections.

Older 4D versions. Releases before the current PEM-folder model required a TLS component to be present: 4DSLI.DLL on Windows (next to the 4D or 4D Server executable) or 4DSLI.bundle on macOS (in the Native Components subfolder of the 4D package). Current 4D versions handle TLS internally, so you no longer add this component manually. If you run an older build, confirm the component is in place before enabling HTTPS.

Step 3: Enable HTTPS in the 4D settings

With the files in place, turn on HTTPS for the 4D web server:

  1. Open Settings (in current 4D, the Design or Structure menu; in older versions this dialog is called Database Settings).
  2. Select the Web section.
  3. Open the Configuration page and check Enable HTTPS. Leave the HTTPS Port at its default of 443 unless your setup needs another port.
  4. Click OK to save.

By default the minimum protocol accepted by 4D is TLS 1.2. You can raise this floor to TLS 1.3 with the minTLSVersion web server property if your security policy requires it, or lower it only if you must support older clients. Keep the minimum at TLS 1.2 or higher.

Step 4: Restart the web server and verify

Stop and start the 4D web server so it loads the certificate files. On the first HTTPS start, if a dhparams.pem file does not already exist, 4D generates one (2048-bit) and places it next to cert.pem and key.pem. This can take a minute or two, so let it finish.

Open your site at https:// and confirm the padlock appears. After installation, scan the certificate for chain or configuration problems with our SSL Checker, which returns an instant report on the certificate and how it is served. A missing intermediate is the most common issue, and a checker catches it immediately.

Optional, enable HSTS. Once HTTPS works reliably, you can tell browsers to always use the secure version. In Settings open the Web section, go to the Options (II) page, and check Enable HSTS. Turn this on only after you confirm HTTPS is stable, because it is hard to reverse while the policy is cached in browsers.

Frequently Asked Questions

What file format does 4D Server need for SSL certificates?

PEM only. The certificate and key must be plain-text PEM files named cert.pem and key.pem. If your Certificate Authority sent a .crt or .cer file, open it in a text editor and save the contents into a file named cert.pem. The text must keep its —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.

Where do I put the certificate files on 4D Server?

Place cert.pem and key.pem next to the project folder (the folder containing your database structure) for 4D or 4D Server in local mode. For a 4D client in remote mode, place them in the client database folder on the remote machine. Any intermediate or root certificates go in the same folder as separate .pem files.

How do I add the intermediate (CA bundle) certificate on 4D?

Save each intermediate and root certificate as its own .pem file in the same folder as cert.pem. The extra files can use any name as long as the extension is .pem, and 4D assembles the chain from every .pem file it finds. Remove any leftover .pem files from an old certificate, because a stale file can make the web server reject HTTPS connections.

How do I enable HTTPS in 4D?

Open Settings (called Database Settings in older versions), select the Web section, open the Configuration page, and check Enable HTTPS. The default HTTPS port is 443. Save, then restart the 4D web server so it loads the certificate files.

Why does the first HTTPS start take so long?

If 4D does not find a dhparams.pem file, it generates one (2048-bit) the first time you start HTTPS and saves it next to cert.pem and key.pem. That generation can take a minute or two. Let it finish, and later starts will be fast.

My browser shows the site is not secure. What is wrong?

The usual causes are a missing intermediate certificate, a cert.pem and key.pem that do not match, or a stale .pem file left in the folder. Confirm the chain is complete, that the key matches the certificate, and that only the current certificate files are present, then restart the web server. Run our SSL Checker to see exactly which part of the chain is missing.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.