EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElAS2Client - how to send a message via https

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#21219
Posted: 08/28/2012 09:23:52
by medax (Standard support level)
Joined: 08/28/2012
Posts: 36

Hello,
I try sample application from folder "Samples\Delphi\EDIBlackbox\AS2\Sender". In tab "I. Encode data into AS2 message" I created AS2 message. In tab "II. Send the message and receive a receipt" Into URL I set address "https://..." and I clicked to button "Send the message". After a while returned error "Connection failed due to error (75784) (error code is 75784)". I found in the help, that error code 75784 means ERROR_SSL_BAD_CERTIFICATE.
I am a newbie in AS2 communication. How to properly use TElAS2Client and where I can set certificates for secure communication?

Thank you, Martin.
#21220
Posted: 08/28/2012 09:28:49
by Eugene Mayevski (EldoS Corp.)

The error is sent by the server and supposedly means that your server requires client-side TLS authentication using certificate. Is this correct? Can you check this with server admin?


Sincerely yours
Eugene Mayevski
#21221
Posted: 08/28/2012 09:33:17
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Try to assign Client.OnCertificateValidate event handler and add only one line of code there: Validate := true;
#21222
Posted: 08/28/2012 10:25:41
by medax (Standard support level)
Joined: 08/28/2012
Posts: 36

Quote
Eugene Mayevski wrote:
The error is sent by the server and supposedly means that your server requires client-side TLS authentication using certificate. Is this correct? Can you check this with server admin?

Yes, server requires client-side TLS authentication using certificate. I have installed correct certificates in my computer. How to set in a client application which certificate to use for authentication to server?

Quote
Vsevolod Ievgiienko wrote:
Hello. Try to assign Client.OnCertificateValidate event handler and add only one line of code there: Validate := true;

I added to the code OnCertificateValidate event handler with "Validate := true;" and returned error "Connection lost (error code is 100353)".
I found in the help, that error code 100353 means SB_HTTP_ERROR_CONNECT_FAILED.

Thank you, Martin.
#21224
Posted: 08/28/2012 12:55:56
by Eugene Mayevski (EldoS Corp.)

You can either load the certificate from file or copy it from Windows Certificate Storage.

To load the certificate from file, use one of TElX509Certificate.LoadFromStream*() methods.

To copy the certificate from Windows Certificate Storage, find it using TElWinCertStorage.FindFirst() and FindNext() methods.

Once you have an instance of TElX509Certificate, you need to create an instance of TElMemoryCertStorage and use its Add method to add your certificate to the storage (remember to add the certificate with a private key, this is specified in parameter off TElMemoryCertStorage.Add() method)

When you have TElMemoryCertStorage, assign it to ClientCertStorage property of TElAS2SSLOptions class (see TElAS2Client.SSL property).

To summarize, sample code can look like

Code
var
  Cert : TElX509Certificate;
  MemoryStorage: TElMemoryCertStorage;
...
Cert.LoadFromStreamPFX('Filename', 'password');
MemoryStorage.Add(Cert);
AS2Client.SSL.ClientCertStorage := MemoryStorage;


Sincerely yours
Eugene Mayevski
#21227
Posted: 08/29/2012 03:39:20
by medax (Standard support level)
Joined: 08/28/2012
Posts: 36

I modified the code according to your example and it works successfully. Thank you very much. Martin
#21232
Posted: 08/29/2012 04:32:00
by medax (Standard support level)
Joined: 08/28/2012
Posts: 36

I try decode and analyze returned receipt. In sample application I set receipt file name, set certifiace to verify signature a clicked on button "Load the receipt and verify its signature". After a while returned error "'message/disposition-notification' is not a valid content type (error code is 10037)". Same error returned, when I did not set certifiace to verify signature.

Thank you, Martin.
#21233
Posted: 08/29/2012 04:40:52
by Alexander Ionov (EldoS Corp.)

Moved to HelpDesk


--
Best regards,
Alexander Ionov
#35003
Posted: 11/13/2015 02:41:20
by Juraj Majtan (Standard support level)
Joined: 11/09/2015
Posts: 7

I am trying to solve similar problem. Our partner uses https and reverse proxy (WebSeal) with userid and password. I use code below to send AS2 message but I receive: The message was not sent successfully. Return code: 401 If I use a browser and enter the same userid and password I can connect to server

// save AS2 message to the file
as2Message.Save(dataFile, Path.ChangeExtension(dataFile, ".as2m"));

// create client
TElAS2Client as2Client = new TElAS2Client();
as2Client.OnError += as2Client_OnError;
as2Client.OnCertificateValidate += as2Client_OnCertificateValidate;

// set user name and password
SBHTTPSClient.TElHTTPSClient httpsClient = new SBHTTPSClient.TElHTTPSClient();
httpsClient.RequestParameters.Username = "name";
httpsClient.RequestParameters.Password = "pass";
TElAS2SSLOptions ssl = new TElAS2SSLOptions(httpsClient);
as2Client.SSL = ssl;

// load certificate
string certFileName = @"e:\cer\serverCertificate.pem";
TElX509Certificate cert = new TElX509Certificate();
FileStream stream = new FileStream(certFileName, FileMode.Open);
try
{
cert.LoadFromStreamPEM(stream, "", 0);
}
finally
{
stream.Close();
}
TElMemoryCertStorage cerStore = new TElMemoryCertStorage();
cerStore.Add(cert, false);
as2Client.SSL.ClientCertStorage = cerStore;

// send data
int result = as2Client.Send(url,
Path.ChangeExtension(dataFile, ".as2m"),
Path.ChangeExtension(dataFile, ".as2r"));
#35004
Posted: 11/13/2015 04:28:06
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Please try to enable TElHTTPSClient.UseDigestAuth or TElHTTPSClient.UseNTLMAuth properties and check if this solves the problem.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 5163 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!