EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate PrivateKeyExists

Posted: 06/23/2014 15:05:05
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Hi guys,

I have an issue with a client-side certificate authorization. Here is the process:
- In MMC I request for a non-exportable certificate
- The CA provider sends back a .CER file which is manually imported in (Local Computer)MY/Certificates. After doing the import, by opening the certificate in MMC I see that I have a private key corresponding to this certificate.

I have to attach this certificate to a HTTPS SOAP-XML.
Here is a piece of my code:
  FWinCert := TElWinCertStorage.Create(nil);
    FWinCert.AccessType := atLocalMachine;
for i := 0 to FWinCert.Count - 1 do begin
  if AnsiPos('ABCDEF',UpperCase(FWinCert.Certificates[i].SubjectName.CommonName))<>0 then
    if FWinCert.Certificates[i].PrivateKeyExists then  // <-- false

I don’t understand why I can see the certificate but I it keep telling me the private key does not exist.
I’m using SBB version 7.1 and Delphi CodeGear2007.

Posted: 06/24/2014 01:15:54
by Eugene Mayevski (Team)

If you have a license, please link the license ticket to your user account before we continue. The ticket itself and the procedure of its use are specified in the registration e-mail that was sent to you upon license purchase. If you don't have the license ticket, please contact the person from which you have obtained the license key (the one in your source code) for a license ticket.

NOTE: please don't post license keys and license tickets to the forum. If you need to clarify something about your license, please use HelpDesk ( http://www.eldos.com/helpdesk/ ).

Sincerely yours
Eugene Mayevski
Posted: 06/24/2014 06:26:14
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

I can't, it says:
The number of users, who already use this ticket, is equal to the number of developers, that the license was issued to. Before you can link this ticket to your user account, someone else needs to unlink the ticket from his account.
The guy who purchase the license doesn't work here anymore.
Posted: 06/24/2014 06:43:18
by Eugene Mayevski (Team)

About your initial question - operations with Windows certificate storages have been significantly reworked in later versions of SecureBlackbox. You are welcome to test your problem with the evaluation version of SecureBlackbox 11. If version 11 doesn't work for you, then we'll be able to investigate deeper what's wrong with it. If it works, then this means that the problem is solved. In both cases you will need to upgrade - old version can not be fixed.

Sincerely yours
Eugene Mayevski
Posted: 06/24/2014 06:55:12
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Are there any fees related to the upgrade?
Posted: 06/24/2014 06:56:06
by Eugene Mayevski (Team)

Yes, upgrade will be paid. There's a 15% discount offered in your case.

Sincerely yours
Eugene Mayevski
Posted: 06/24/2014 08:13:03
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

OK, I installed the latest version and FWinCert.Certificates[i].PrivateKeyExists return TRUE.
The issue I have now is during the HTTPS POST.
Part of my code:

FCert:= FWinCert.Certificates[I];
if FCert.PrivateKeyExists then // TRUE
if FMemCert.Certificates[0].PrivateKeyExists then //TRUE

The error I got is inside the ElHTTPSClient1Error, Error=0.

Note: without the certificate the POST works well.
Posted: 06/24/2014 08:17:29
by Vsevolod Ievgiienko (Team)


What is ElHTTPSClient1Error? Is it ElHttpsClient1.OnError event handler?

Also are you sure that client side certificate should be used as in your code?
Posted: 06/24/2014 08:20:31
by ChrisM (Standard support level)
Joined: 06/23/2014
Posts: 13

Yes, it is the OnError event:
procedure TForm1.ElHTTPSClient1Error(Sender: TObject; ErrorCode: Integer; Fatal,
  Remote: Boolean);
  UnusualError(InttoStr(Error),'Error from ElHTTPSClient1Error object');
Posted: 06/24/2014 08:23:10
by Eugene Mayevski (Team)

Looks like the SSL/TLS error code is not propagated. What are the values of Fatal and Remote parameters?

On a side note please use CODE button to mark the beginning and the end of the code block in your messages.

Sincerely yours
Eugene Mayevski



Topic viewed 2731 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!