EldoS | Feel safer!

Software components for data protection, secure storage and transfer

List certificates

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#5637
Posted: 03/27/2008 09:41:23
by Marcos Lima (Standard support level)
Joined: 12/21/2007
Posts: 13

Gentlemen

We have the following code:

FListaCertDig := TElWinCertStorage.Create(nil);
TElWinCertStorage.GetAvailableStores( FListaCertDig.SystemStores );

for xCont := 0 to FListaCertDig.Count - 1 do begin
if FListaCertDig.Certificates[xCont].PrivateKeyExists then
Add(GetInfoCertDig(FListaCertDig.Certificates[xCont]));
end;

This code adds all the certificates that has privateKey to a list that is shown to user.

When I run this code under the administrator account, it reads all the certificates.
When I run it using SYSTEM account (under a service), it returns nothing.

Do you have any suggestions? I already give permition (using winhttpcertcfg to the SYSTEM account) to the LOCAL_MACHINE repository - where I installed the certificates.

Best regards.
#5638
Posted: 03/27/2008 10:40:54
by Eugene Mayevski (EldoS Corp.)

The certificates are likely to be stored under Administrator's user account. And in this case they are not visible by other accounts.


Sincerely yours
Eugene Mayevski
#5639
Posted: 03/27/2008 11:14:29
by Marcos Lima (Standard support level)
Joined: 12/21/2007
Posts: 13

Eugene

But, is there any way to give SYSTEM the permission to read the repository?

Best regards
#5641
Posted: 03/27/2008 11:28:28
by Ken Ivanov (EldoS Corp.)

Certificates stored under the Administrator account are not accessible from the SYSTEM account. Please consider installing the certificates into the local machine certificate store, you will be able to access them from any account then. Set TElWinCertStorage.AccessType to atLocalMachine to list the certificates stored under the local machine account.
#5642
Posted: 03/27/2008 11:28:31
by Marcos Lima (Standard support level)
Joined: 12/21/2007
Posts: 13

Or maybe any property to list the certificates stored on the LOCAL_MACHINE repository (maybe it's reading the CURRENT_USER repository)?
#5645
Posted: 03/27/2008 11:35:56
by Eugene Mayevski (EldoS Corp.)

AccessType


Sincerely yours
Eugene Mayevski
#5661
Posted: 03/28/2008 09:08:11
by Marcos Lima (Standard support level)
Joined: 12/21/2007
Posts: 13

I have changed the code to the following:

TElWinCertStorage.GetAvailableStores( FListaCertDig.SystemStores, atLocalMachine );

It works (reads all the certificates) but it only read the "Trusted Root Certification Authorities" and we need to read the "Personal" certificates. All those certificates are stored on the LOCAL_MACHINE repository.

Is there a field that must be changed to enable this procedure?

Best regards
#5662
Posted: 03/28/2008 09:19:00
by Ken Ivanov (EldoS Corp.)

Use SystemStores property to set the list of stores to be opened:

Storage.SystemStores.BeginUpdate();
try
Storage.SystemStores.Clear();
Storage.SystemStores.Add('MY'); // 'MY' name stands for the 'Personal' store
finally
Storage.SystemStores.EndUpdate();
end;
#5666
Posted: 03/28/2008 17:47:47
by Marcos Lima (Standard support level)
Joined: 12/21/2007
Posts: 13

Eugene

My code is below.

FListaCertDig := TElWinCertStorage.Create(nil);
with FListaCertDig do begin
SystemStores.BeginUpdate();
try
SystemStores.Clear();
SystemStores.Add('MY'); // 'MY' name stands for the 'Personal' store
finally
SystemStores.EndUpdate();
end;
end;
// TElWinCertStorage.GetAvailableStores( FListaCertDig.SystemStores, atLocalMachine );

for xCont := 0 to FListaCertDig.Count - 1 do begin
Add(GetInfoCertDig(FListaCertDig.Certificates[xCont]));
end;

With this code, it returns nothing.

When I change to the following code:

FListaCertDig := TElWinCertStorage.Create(nil);
TElWinCertStorage.GetAvailableStores( FListaCertDig.SystemStores, atLocalMachine );

for xCont := 0 to FListaCertDig.Count - 1 do begin
Add(GetInfoCertDig(FListaCertDig.Certificates[xCont]));
end;

It returns only the "Trusted Root Certification Authorities" folder's certificates.

I have moved one client certificate from the Personal folder to the the "Trusted Root Certification Authorities" folder and it reads it normally.

I don't know what I missing...
#5667
Posted: 03/29/2008 03:56:38
by Ken Ivanov (EldoS Corp.)

The following code:

FListaCertDig := TElWinCertStorage.Create(­nil);
TElWinCertStorage.GetAvai­lableStores( FListaCertDig.SystemStore­s, atLocalMachine );

makes TElWinCertStorage access certificates stored in *all* the existing system stores (Personal, Trusted Root and all other stores available under local machine account).

Please check if the certificates are really present in the Personal system store using MMC.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 5431 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!