EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Display a certificate including full chain

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 04/21/2016 08:25:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 172


I have this situation: in a small utility, I'm displaying a certificate that I grab from a URL. I have written a small class that connects to said URL, records all certificates in the chain and then uses the TElX509CertificateEx.View method to show the standard windows certificate dialog.

This works just fine with one problem: if any of the certificate in the trust chain is missing from the local store and if Windows is unable to download it directly (which is frequent for intermediate CAs), then the certificate is marked as invalid.

Is there a way to have that dialog box uses the certificate chain I provide (which comes from the server)?
Posted: 04/21/2016 11:06:25
by Ken Ivanov (EldoS Corp.)

Hi Stephane,

While SecureBlackbox doesn't implement the corresponding functionality officially, you can tweak the code yourself to implement it. This should not be too difficult, at least at first glance.

First, add the Chain : HCERTSTORE parameter to your TElX509Certificate.View() method. You will use this parameter to pass the chain.

Next, modify the following lines of the View() method implementation in the following way:

pCertViewInfo.cStores := 0;
pCertViewInfo.rghStores := nil;


if Chain <> nil then
  pCertViewInfo.cStores := 1;
  pCertViewInfo.rghStores := @Chain;
  pCertViewInfo.cStores := 0;
  pCertViewInfo.rghStores := nil;

View() method should now get use of the chain passed via its Chain parameter.

Next, add the following method to TElWinCertStorage class:

function GetStoreContext(Index: integer): HCERTSTORE;

...and implement it in the following way:

function TElWinCertStorage.GetStoreContext(Index: integer): HCERTSTORE;
  Result := FSystemStoresCtx[Index];

That's all about SBB component modifications. To use the new features, first add all your chain certificates to a brand new TElWinCertStorage object, with its StorageType set to stMemory:

  CS := TElWinCertStorage.Create(nil);
  CS.StorageType := stMemory;

Then call the View() method in the following way:

  Cert.View(0, CS.GetStoreContext(0));

This should work.

Posted: 04/22/2016 03:04:33
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 172

Excellent! Thank you very much



Topic viewed 1895 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!