EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Problem with SaveToStreamPFX with Self-signed certificates

Posted: 11/04/2008 13:54:36
by Nathan Sutcliffe (Standard support level)
Joined: 09/13/2006
Posts: 14

We're using self-signed certificates to secure SSL communication. We use the self-signed certificate at the server, generate a certificate from the server certificate for the client, then use TElX509Certificate.ValidateWithCA to validate certificates at runtime.

That seems to work.

We also want to make the self-signed certificates portable, so we have an option to export the server certificate via TElMemoryCertStorage.SaveToStreamPFX and then import using TElMemoryCertStorage.LoadFromStreamPFX.

Here's the problem: If we generate a self-signed server certificate, export it, import it, then use it to generate a client certificate, we get an "Unsupported algorithm (32767)" error when we call ValidateWithCA.

(Delphi 2007 with SecureBlackbox version 5.1.112)

What am I doing wrong?

When I look at the TElX509Certificate instance in the debugger before and after exporting/importing, I notice that the FSigningKey and FSignatureAlgorithmInt instance variables are nil/zero after importing. Could that have something do do with it?

Thanks for any advice.
Posted: 11/04/2008 14:05:25
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

At first please try to do the same with our CertDemo.
Posted: 11/05/2008 13:10:58
by Nathan Sutcliffe (Standard support level)
Joined: 09/13/2006
Posts: 14

I didn't know how to do this with the CertDemo, so I went back to the drawing board.

I thought I had duplicated the original problem by calling SaveToStreamPFX and LoadFromStreamPFX, but now I can't. I think I'll have to chalk it up to a certificate that became corrupted somehow.

Thanks for your help.



Topic viewed 1314 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!