EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Why can't I see the certificate in Internet Explorer list?

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#26808
Posted: 10/15/2013 06:41:14
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

I add a certificate the following way:

Code
var
  storage: TElWinCertStorage;
  cert   : TElX509Certificate;
begin
  storage := TElWinCertStorage.Create(nil);
  try
    storage.SystemStores.Clear;
    storage.SystemStores.Add('MY');
    cert := TElX509Certificate.Create(nil);
    try
      cert.LoadFromFileAuto('certfilename.p12', 'some password');
      storage.Add(cert, False);
    finally
      cert.Free;
    end;
  finally
    storage.Free;
  end;
end;

In the certificate console in Windows (.msc) I can see the cert. But when I open the certificate list from Internet Explorer settings, it is not there.

I don't know if the problems are connected, but if the certificate is entered this way, an error 12157 (error in secure channel support) is raised. When I enter the same certificate through e g IE certificate handling, it works correctly.

Any ideas?

/Anders
#26809
Posted: 10/15/2013 06:48:48
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Try to change

Code
storage.Add(cert, False);


to

Code
storage.Add(cert, True);


This way a corresponding private key will be also added to the store. Most likelly this is the reason of your problem.
#26810
Posted: 10/15/2013 07:26:51
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

Thanks, that solved the problem(s), yes! And created new ones :-)

On call to storage.Add(cert, True) I am presented with a dialog I have never seen before. It is in Swedish, but says something like "A private Exchange key is imported" "A protected object is created by a program" and then I have the possibility the set security level and refuse or confirm the change. (If I refuse, I am back to original: cert is there, but doesn't work!)

If I enter the cert correctly (with private key), I get a new dialog when using: Confirm or deny the use of key.

Is there a way to put the cert in the list in a way, that I avoid those confirmation dialogs?

/Anders
#26811
Posted: 10/15/2013 07:29:48
by Eugene Mayevski (EldoS Corp.)

Not with SecureBlackbox. In general those questions are correct - as you are entering sensitive information to Windows, they ask the user (not the application!) to confirm that he wants this information in Windows and to choose how this information will be protected. As I understand "confirm use of the key" dialog comes not from import operation but from further use of the imported key.


Sincerely yours
Eugene Mayevski
#26812
Posted: 10/15/2013 07:31:59
by Vsevolod Ievgiienko (EldoS Corp.)

You may try to use another TElWinCertStorage.Add overload and pass false as its Protected parameter.
#26813
Posted: 10/15/2013 07:45:54
by Eugene Mayevski (EldoS Corp.)

Quote
Vsevolod Ievgiienko wrote:
You may try to use another TElWinCertStorage.Add overload and pass false as its Protected parameter.


Yet this can be a security risk.


Sincerely yours
Eugene Mayevski
#26814
Posted: 10/15/2013 07:50:42
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

Code
Storage.Add(crt, 'MY', True, False, False);

works just fine!

Thanks for a great support!
#26817
Posted: 10/15/2013 08:15:26
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

Quote
Eugene Mayevski wrote:
Yet this can be a security risk.

This is done in a dialog where the user opens a certificate and enters his PIN-code. This is just like the Windows open certificate dialog, where the user gets no extra questions. Any difference?
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 588 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!