EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Save CA & Client certificate to 1 file in pkcs12?

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#4112
Posted: 10/22/2007 09:34:02
by Ken Ivanov (EldoS Corp.)

Quote
Could it be the way I Load my certificates (LoadCertificate) into the TElX509Certificate object?

No. However (just in case) please check that all the certificates are loaded correctly (I suppose they are, as they will not go to the PFX otherwise).
#4113
Posted: 10/22/2007 10:01:59
by Ken Ivanov (EldoS Corp.)

We tried to reproduce the issue in our conditions. However, the chain we created was installed correctly for us (each certificate went to the needed store).

So please check the following to ensure that everything works right:
a) all certificates are loaded correctly (LoadFromBufferPEM() returns 0),
b) the memory storage does contain all the needed certificates, and the end-entity one has a corresponding private key.

You may also try the following:
a) open the CertDemo sample (SBB\Samples\PKI\Certificates),
b) create new memory storage,
c) load all the certificates forming the chain to it,
d) save the storage (using 'Save Storage As' menu command) to a PFX file,
e) try to install the created PFX and check if it exposes the same problem.
#4114
Posted: 10/22/2007 10:40:24
by Ken Ivanov (EldoS Corp.)

JFYI: the following article explains certificate installation algorithm used on Windows Mobile. It is very likely that the same algorithm is used on desktop versions of Windows.
#4133
Posted: 10/24/2007 03:42:44
by Farrel Coetzee (Basic support level)
Joined: 10/18/2007
Posts: 11

Thx, problem solved.

The solution was so simple, thanks to your sample code. I originally tried to load the root certificate and bug in my code was signing it with itself. Thats why the certificate was altered when I tried to install it again. I should have just loaded it and added it as below. Keep it simple. ;-)

Code
  
  sPwd := '';
  Stream := TFileStream.Create(aFileName, fmOpenRead or fmShareDenyWrite);
  try
    MyCA.LoadFromStreamPEM(Stream, sPwd);
    Cert.Add(MyCA);
  finally
    Stream.Free;
  end;

Reply

Statistics

Topic viewed 9929 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!