Discuss this help topic in SecureBlackbox Forum

Plug system stores into TElX509CertificateValidator

On most systems, the validation will pick system certificate stores automatically when UseSystemStorages property is on (default value). The following stores are typically added on Windows:

  • 'Trusted' stores: Root, Trust, TrustedPublishers, AuthRoot, TrustedPeople.
  • 'Known' stores: CA, UserDS, AddressBook.
  • 'Blocked' store: Disallowed.
Sometimes there is a need to provide your own set of trusted or known certificates. In such case please load your trusted, known and blocked certificates (if any) to the three independent TElMemoryCertStorage objects (cf this article). Pass these objects to the AddTrustedCertificates(), AddKnownCertificates() and AddBlockedCertificates() methods of your certificate validator.

Note, initialization of system stores might take quite some time (especially if they contain lots of certificates). The very first validation performed by TElX509CertificateValidator may take longer than you expect. You may therefore consider initializing the system stores beforehand with InitializeWinStorages(), InitializeAppleStorages(), or InitializeAndroidStorages() methods. This way, you will have them ready at the time of the validation.

How To articles about TElX509CertificateValidator

Discuss this help topic in SecureBlackbox Forum