Discuss this help topic in SecureBlackbox Forum

TLS: Authenticate with the client certificate

The client authentication is requested by the SSL/TLS server. It can be mandatory or optional. Sending the client-side certificate if the server didn't request it makes no sense.

There exist several ways to provide the certificate to the server:

  1. Store the certificate(s) that you want to use for client-side authentication in the an instance of TElMemoryCertStorage class and assign this instance to ClientCertStorage property of the TLS-enabled client class.
  2. If you have a certificate chain, represented by the instance of TElX509CertificateChain class, set Certificate parameter of the event handler to the end-entity certificate, located in the chain. This is always 0'th certificate in the TElX509CertificateChain class. If you pass the certificate, which belongs to the chain, the OnCertificateNeededEx event will not be fired for the second time during the same handshake.
  3. Pass the certificates one by one. The OnCertificateNeededEx event is fired again and again, letting you pass more certificates. Pass null/Nothing/nil in Certificate parameter of the event handler to stop the event from firing more during the same handshake.

How To articles about client-side HTTPS questions

Discuss this help topic in SecureBlackbox Forum