EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Save CA & Client certificate to 1 file in pkcs12?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 10/22/2007 09:34:02
by Ken Ivanov (EldoS Corp.)

Could it be the way I Load my certificates (LoadCertificate) into the TElX509Certificate object?

No. However (just in case) please check that all the certificates are loaded correctly (I suppose they are, as they will not go to the PFX otherwise).
Posted: 10/22/2007 10:01:59
by Ken Ivanov (EldoS Corp.)

We tried to reproduce the issue in our conditions. However, the chain we created was installed correctly for us (each certificate went to the needed store).

So please check the following to ensure that everything works right:
a) all certificates are loaded correctly (LoadFromBufferPEM() returns 0),
b) the memory storage does contain all the needed certificates, and the end-entity one has a corresponding private key.

You may also try the following:
a) open the CertDemo sample (SBB\Samples\PKI\Certificates),
b) create new memory storage,
c) load all the certificates forming the chain to it,
d) save the storage (using 'Save Storage As' menu command) to a PFX file,
e) try to install the created PFX and check if it exposes the same problem.
Posted: 10/22/2007 10:40:24
by Ken Ivanov (EldoS Corp.)

JFYI: the following article explains certificate installation algorithm used on Windows Mobile. It is very likely that the same algorithm is used on desktop versions of Windows.
Posted: 10/24/2007 03:42:44
by Farrel Coetzee (Basic support level)
Joined: 10/18/2007
Posts: 11

Thx, problem solved.

The solution was so simple, thanks to your sample code. I originally tried to load the root certificate and bug in my code was signing it with itself. Thats why the certificate was altered when I tried to install it again. I should have just loaded it and added it as below. Keep it simple. ;-)

  sPwd := '';
  Stream := TFileStream.Create(aFileName, fmOpenRead or fmShareDenyWrite);
    MyCA.LoadFromStreamPEM(Stream, sPwd);



Topic viewed 9789 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!