EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSClient Add CA certificate

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#33483
Posted: 05/29/2015 11:23:54
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

I'm using SSLClient to request on a web service.
The problem is the certificate validation, if i use a certificate from a file, with the certification authority inside, the service works ok. But if i use a PKI certificate storage, the server responds with "Alert (Level: Fatal, Description Unknown CA)"
How can i send the CA certificate to the web service?

Thanks in advance!
Marcelo
#33486
Posted: 05/29/2015 14:28:20
by Eugene Mayevski (EldoS Corp.)

When you use a certificate storage, it's a good idea to put all certificates you need to send to the instance of TElMemoryCertStorage and use this instance for client-side authentication by assigning it to ClientCertStorage property of the client-side TLS component.


Sincerely yours
Eugene Mayevski
#33493
Posted: 06/01/2015 04:38:27
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Thanks for your answer

So, I've to create a TElMemoryCertStorage class, add the certificate readed from token, and add the CA certificate from file. Is this the right way?
I must define the certificate chain?

Marcelo
#33494
Posted: 06/01/2015 04:41:26
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Quote
So, I've to create a TElMemoryCertStorage class, add the certificate readed from token, and add the CA certificate from file. Is this the right way?

Yes this is corrent.

Quote
I must define the certificate chain?

No. The chain will be built automatically using certificates from a TElMemoryCertStorage instance.
#33495
Posted: 06/01/2015 05:12:20
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

I'm still getting the same error, "Alert level: Fatal, Description: Unknown CA" . I trace the connection with wireshark.
Any idea?

Marcelo.
#33497
Posted: 06/01/2015 05:23:30
by Vsevolod Ievgiienko (EldoS Corp.)

Its possible that the chain is not complete. You can check this in runtime using TElMemoryCertStorage.Chains property (https://www.eldos.com/documentation/sb...ains.html).
#33500
Posted: 06/01/2015 07:12:32
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

After added the certificate and the CA certificate, on the mem cert storage i get ChainCount=2. Is this right? or maybe i have to get 1 chain (with 2 certificates)?
#33502
Posted: 06/01/2015 07:29:23
by Vsevolod Ievgiienko (EldoS Corp.)

Looks like certificates are not related. You should get ChainCount=1.
#33504
Posted: 06/01/2015 08:16:18
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

The certificate issuer name is the same of CA certificate name. How is the component create the chain?
If you prefer i can send you the certificates on private.
#33506
Posted: 06/01/2015 08:31:37
by Vsevolod Ievgiienko (EldoS Corp.)

I welcome you to continue the conversation in the Helpdesk ( https://www.eldos.com/helpdesk/ ). I've already created a ticket for you where you can post the certificates.

Helpdesk is our easy-to-use ticketing system that allows communicating and exchanging sample data with our support personnel privately. You will also get e-mail notifications about updates of your support ticket.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 2015 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!