EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate PrivateKeyExists

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#29878
Posted: 06/23/2014 15:05:05
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Hi guys,

I have an issue with a client-side certificate authorization. Here is the process:
- In MMC I request for a non-exportable certificate
- The CA provider sends back a .CER file which is manually imported in (Local Computer)MY/Certificates. After doing the import, by opening the certificate in MMC I see that I have a private key corresponding to this certificate.

I have to attach this certificate to a HTTPS SOAP-XML.
Here is a piece of my code:
Code
  FWinCert := TElWinCertStorage.Create(nil);
  FWinCert.SystemStores.BeginUpdate();
  try
    FWinCert.SystemStores.Clear();
    FWinCert.AccessType := atLocalMachine;
    FWinCert.SystemStores.Add('MY');
  finally
    FWinCert.SystemStores.EndUpdate();
  end;
for i := 0 to FWinCert.Count - 1 do begin
  if AnsiPos('ABCDEF',UpperCase(FWinCert.Certificates[i].SubjectName.CommonName))<>0 then
    if FWinCert.Certificates[i].PrivateKeyExists then  // <-- false


I don’t understand why I can see the certificate but I it keep telling me the private key does not exist.
I’m using SBB version 7.1 and Delphi CodeGear2007.

Regards
#29880
Posted: 06/24/2014 01:15:54
by Eugene Mayevski (EldoS Corp.)

If you have a license, please link the license ticket to your user account before we continue. The ticket itself and the procedure of its use are specified in the registration e-mail that was sent to you upon license purchase. If you don't have the license ticket, please contact the person from which you have obtained the license key (the one in your source code) for a license ticket.

NOTE: please don't post license keys and license tickets to the forum. If you need to clarify something about your license, please use HelpDesk ( http://www.eldos.com/helpdesk/ ).


Sincerely yours
Eugene Mayevski
#29890
Posted: 06/24/2014 06:26:14
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

I can't, it says:
The number of users, who already use this ticket, is equal to the number of developers, that the license was issued to. Before you can link this ticket to your user account, someone else needs to unlink the ticket from his account.
The guy who purchase the license doesn't work here anymore.
#29891
Posted: 06/24/2014 06:43:18
by Eugene Mayevski (EldoS Corp.)

About your initial question - operations with Windows certificate storages have been significantly reworked in later versions of SecureBlackbox. You are welcome to test your problem with the evaluation version of SecureBlackbox 11. If version 11 doesn't work for you, then we'll be able to investigate deeper what's wrong with it. If it works, then this means that the problem is solved. In both cases you will need to upgrade - old version can not be fixed.


Sincerely yours
Eugene Mayevski
#29892
Posted: 06/24/2014 06:55:12
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Are there any fees related to the upgrade?
#29893
Posted: 06/24/2014 06:56:06
by Eugene Mayevski (EldoS Corp.)

Yes, upgrade will be paid. There's a 15% discount offered in your case.


Sincerely yours
Eugene Mayevski
#29894
Posted: 06/24/2014 08:13:03
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

OK, I installed the latest version and FWinCert.Certificates[i].PrivateKeyExists return TRUE.
The issue I have now is during the HTTPS POST.
Part of my code:

....
FCert:=TElX509Certificate.Create(nil);
FCert:= FWinCert.Certificates[I];
if FCert.PrivateKeyExists then // TRUE
FMemCert.Add(FCert,True);
if FMemCert.Certificates[0].PrivateKeyExists then //TRUE
........
ElHttpsClient1.ClientCertStorage:=FMemCert;
........
iResp:=ElHttpsClient1.Post(sHttpURL,FS,False);

The error I got is inside the ElHTTPSClient1Error, Error=0.

Note: without the certificate the POST works well.
#29896
Posted: 06/24/2014 08:17:29
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
ElHTTPSClient1Error

What is ElHTTPSClient1Error? Is it ElHttpsClient1.OnError event handler?

Also are you sure that client side certificate should be used as in your code?
#29897
Posted: 06/24/2014 08:20:31
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Yes, it is the OnError event:
Code
procedure TForm1.ElHTTPSClient1Error(Sender: TObject; ErrorCode: Integer; Fatal,
  Remote: Boolean);
begin
  UnusualError(InttoStr(Error),'Error from ElHTTPSClient1Error object');
end;
#29898
Posted: 06/24/2014 08:23:10
by Eugene Mayevski (EldoS Corp.)

Looks like the SSL/TLS error code is not propagated. What are the values of Fatal and Remote parameters?

On a side note please use CODE button to mark the beginning and the end of the code block in your messages.


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 2080 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!