EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Save CA & Client certificate to 1 file in pkcs12?

Posted: 10/22/2007 09:34:02
by Ken Ivanov (Team)

Could it be the way I Load my certificates (LoadCertificate) into the TElX509Certificate object?

No. However (just in case) please check that all the certificates are loaded correctly (I suppose they are, as they will not go to the PFX otherwise).
Posted: 10/22/2007 10:01:59
by Ken Ivanov (Team)

We tried to reproduce the issue in our conditions. However, the chain we created was installed correctly for us (each certificate went to the needed store).

So please check the following to ensure that everything works right:
a) all certificates are loaded correctly (LoadFromBufferPEM() returns 0),
b) the memory storage does contain all the needed certificates, and the end-entity one has a corresponding private key.

You may also try the following:
a) open the CertDemo sample (SBB\Samples\PKI\Certificates),
b) create new memory storage,
c) load all the certificates forming the chain to it,
d) save the storage (using 'Save Storage As' menu command) to a PFX file,
e) try to install the created PFX and check if it exposes the same problem.
Posted: 10/22/2007 10:40:24
by Ken Ivanov (Team)

JFYI: the following article explains certificate installation algorithm used on Windows Mobile. It is very likely that the same algorithm is used on desktop versions of Windows.
Posted: 10/24/2007 03:42:44
by Farrel Coetzee (Basic support level)
Joined: 10/18/2007
Posts: 11

Thx, problem solved.

The solution was so simple, thanks to your sample code. I originally tried to load the root certificate and bug in my code was signing it with itself. Thats why the certificate was altered when I tried to install it again. I should have just loaded it and added it as below. Keep it simple. ;-)

  sPwd := '';
  Stream := TFileStream.Create(aFileName, fmOpenRead or fmShareDenyWrite);
    MyCA.LoadFromStreamPEM(Stream, sPwd);



Topic viewed 11362 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!