EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSClient Add CA certificate

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#33483
Posted: 05/29/2015 11:23:54
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

I'm using SSLClient to request on a web service.
The problem is the certificate validation, if i use a certificate from a file, with the certification authority inside, the service works ok. But if i use a PKI certificate storage, the server responds with "Alert (Level: Fatal, Description Unknown CA)"
How can i send the CA certificate to the web service?

Thanks in advance!
Marcelo
#33486
Posted: 05/29/2015 14:28:20
by Eugene Mayevski (EldoS Corp.)

When you use a certificate storage, it's a good idea to put all certificates you need to send to the instance of TElMemoryCertStorage and use this instance for client-side authentication by assigning it to ClientCertStorage property of the client-side TLS component.


Sincerely yours
Eugene Mayevski
#33493
Posted: 06/01/2015 04:38:27
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Thanks for your answer

So, I've to create a TElMemoryCertStorage class, add the certificate readed from token, and add the CA certificate from file. Is this the right way?
I must define the certificate chain?

Marcelo
#33494
Posted: 06/01/2015 04:41:26
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Quote
So, I've to create a TElMemoryCertStorage class, add the certificate readed from token, and add the CA certificate from file. Is this the right way?

Yes this is corrent.

Quote
I must define the certificate chain?

No. The chain will be built automatically using certificates from a TElMemoryCertStorage instance.
#33495
Posted: 06/01/2015 05:12:20
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

I'm still getting the same error, "Alert level: Fatal, Description: Unknown CA" . I trace the connection with wireshark.
Any idea?

Marcelo.
#33497
Posted: 06/01/2015 05:23:30
by Vsevolod Ievgiienko (EldoS Corp.)

Its possible that the chain is not complete. You can check this in runtime using TElMemoryCertStorage.Chains property (https://www.eldos.com/documentation/sb...ains.html).
#33500
Posted: 06/01/2015 07:12:32
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

After added the certificate and the CA certificate, on the mem cert storage i get ChainCount=2. Is this right? or maybe i have to get 1 chain (with 2 certificates)?
#33502
Posted: 06/01/2015 07:29:23
by Vsevolod Ievgiienko (EldoS Corp.)

Looks like certificates are not related. You should get ChainCount=1.
#33504
Posted: 06/01/2015 08:16:18
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

The certificate issuer name is the same of CA certificate name. How is the component create the chain?
If you prefer i can send you the certificates on private.
#33506
Posted: 06/01/2015 08:31:37
by Vsevolod Ievgiienko (EldoS Corp.)

I welcome you to continue the conversation in the Helpdesk ( https://www.eldos.com/helpdesk/ ). I've already created a ticket for you where you can post the certificates.

Helpdesk is our easy-to-use ticketing system that allows communicating and exchanging sample data with our support personnel privately. You will also get e-mail notifications about updates of your support ticket.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 2027 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!