EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Display a certificate including full chain

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 04/21/2016 08:25:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 173


I have this situation: in a small utility, I'm displaying a certificate that I grab from a URL. I have written a small class that connects to said URL, records all certificates in the chain and then uses the TElX509CertificateEx.View method to show the standard windows certificate dialog.

This works just fine with one problem: if any of the certificate in the trust chain is missing from the local store and if Windows is unable to download it directly (which is frequent for intermediate CAs), then the certificate is marked as invalid.

Is there a way to have that dialog box uses the certificate chain I provide (which comes from the server)?
Posted: 04/21/2016 11:06:25
by Ken Ivanov (Team)

Hi Stephane,

While SecureBlackbox doesn't implement the corresponding functionality officially, you can tweak the code yourself to implement it. This should not be too difficult, at least at first glance.

First, add the Chain : HCERTSTORE parameter to your TElX509Certificate.View() method. You will use this parameter to pass the chain.

Next, modify the following lines of the View() method implementation in the following way:

pCertViewInfo.cStores := 0;
pCertViewInfo.rghStores := nil;


if Chain <> nil then
  pCertViewInfo.cStores := 1;
  pCertViewInfo.rghStores := @Chain;
  pCertViewInfo.cStores := 0;
  pCertViewInfo.rghStores := nil;

View() method should now get use of the chain passed via its Chain parameter.

Next, add the following method to TElWinCertStorage class:

function GetStoreContext(Index: integer): HCERTSTORE;

...and implement it in the following way:

function TElWinCertStorage.GetStoreContext(Index: integer): HCERTSTORE;
  Result := FSystemStoresCtx[Index];

That's all about SBB component modifications. To use the new features, first add all your chain certificates to a brand new TElWinCertStorage object, with its StorageType set to stMemory:

  CS := TElWinCertStorage.Create(nil);
  CS.StorageType := stMemory;

Then call the View() method in the following way:

  Cert.View(0, CS.GetStoreContext(0));

This should work.

Posted: 04/22/2016 03:04:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 173

Excellent! Thank you very much



Topic viewed 2032 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!