EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate request - response- whats next

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#24154
Posted: 03/19/2013 01:13:05
by Jens Heinrich (Basic support level)
Joined: 03/19/2013
Posts: 2

I'm evaluating at the moment the PKIBlackBox.
i created with TELCertificateRequest class an CertificateRequest, sended the p10 file by mail to the CA and get back a Certificate, but i really don't know what to do now.
i saved the CertificateRequest and with KeyMaterial.SaveKey also the private key, but how do i get my private key into the recieved Certificate?

Regards
Jens
#24155
Posted: 03/19/2013 01:28:52
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

Simply put, you don't.

What you have now is a certificate in DER format (possibly base64-encoded) and a separate private key. And that's fine for some operations.

For other operations you might want to get a PFX (PKCS#12) file which includes one or several certificate(s) with private key(s). To do this, you need to
a) create an instance of TElX509Certificate
b) load the certificate and the private key from the corresponding files using one of TElX509Certificate's methods.
c) use SaveTo*PFX() method to save the certificate with the private key to PFX file.

If you need to add a CA certificate to the PFX, the procedure gets more complicated. Instead of © above, you do the following:

c) create another instance of TElX509Certificate.
d) load the CA certificate to the second instance.
e) Create an instance of TElMemoryCertStorage and add certificates there using Add method of the storage
f) save the storage to PFX using its SaveToStreamPFX method.


Sincerely yours
Eugene Mayevski
#24156
Posted: 03/19/2013 02:54:49
by Jens Heinrich (Basic support level)
Joined: 03/19/2013
Posts: 2

i think i don't need the CA Certificate.

So if i understand everything right
i create a TELX509Certificate and load the Certificate they created from my p10 file and the i load my private key to the Certificate and i save this as pfx. Thats all? So i don't need my originally saved p10 file?
#24157
Posted: 03/19/2013 02:59:58
by Eugene Mayevski (EldoS Corp.)

Yes, that's all and you don't need PKCS#10 to construct a PFX.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 498 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!