Discuss this help topic in SecureBlackbox Forum

Use the chain

Certificate chain is represented in SecureBlackbox by TElX509CertificateChain class (it appeared in SecureBlackbox 5).

The chain class is used in SSL/TLS, and for validation of certificate chains.

To use the certificate chain for validation, you need to first build the chain as described in the corresponding how-to article. After that call Validate() method. The chain will validate the certificates, contained in the chain. Please note that the validation is done only by checking certificate validity dates and certificate signatures. In other words, no revocation information is checked.

TElX509CertificateChain is used by SSL/TLS classes to pass the chain to/from event handlers, which were originally designed for operations with just one certificate. For this purpose, the certificate has got a Chain property. When the event handler is passed a certificate, you need to check the value of the Chain property. If the property is set, then this certificate is an end-entity certificate and the chain contains this certificate and the rest of certificates.

To pass the chain instead of the single certificate, you need to build a chain, then pass the certificates, taken from TElX509CertificateChain.Certificates[0] property. The SSL/TLS class will take this certificate and find out, that the certificate is part of the chain.

How To articles about certificate chains

Discuss this help topic in SecureBlackbox Forum