EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Retrieve and send certificates from windows system certificate storage

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#4304
Posted: 11/13/2007 15:56:17
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Hello,

I'm building an application that posts xml-files to a secure webserver (IIS 5.0, at least that's what the headers say) use TElHttpsClient. I've tested without a client certificate and that works fine.
But now I have to start using client certificates, and I have 3 of them.
I've loaded the certificates into the windows certificate storage and called the URL in internet explorer. I got to choose the certificate to use and the connection was made, so the certificates seem to be OK. But I cannot figure out how to do the same in Delphi with these certificates.

Can you/someone/anyone please help me, show me how it's done?

The certificates don't have to come from the windows certificate storage, I can also use the files.

With regards,
Peet Terluin
#4307
Posted: 11/14/2007 01:43:19
by Eugene Mayevski (EldoS Corp.)

Use ClientCertStorage property. Assign there a storage with your certificate. You can safely copy the certificate from ElWinCertStorage to ElMemoryCertStorage -- the certificate will remember where it was taken from and the private key will be accessible even when it's not exportable in Windows.


Sincerely yours
Eugene Mayevski
#4312
Posted: 11/14/2007 07:39:26
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Thanks a lot, this works.

It took some time to figure it out exactly however.
Maybe it 'll help some others to describe my solution here.
It only takes 3 steps:

1 Use a ElMemoryCertStorage and assign this to the ClientCertStorage property of the ElHttpsClient.

2 Fill the ElMemoryCertStorage with the complete certificate chain from ElWinCertStorage.

3 You don't need to use the OnCertificateNeededEx event handler of the ElHttpsClient.

And then, it works.

With regards,
Peet Terluin
#4316
Posted: 11/14/2007 10:23:23
by Eugene Mayevski (EldoS Corp.)

And which of the above steps made the difference for you?
Step 2 (complete certificate chain) is optional and in many cases not necessary. I'd say this is very server-specific.


Sincerely yours
Eugene Mayevski
#4318
Posted: 11/14/2007 10:32:26
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Step 1: assigning not to CertStorage but to CLIENTCertStorage was important

Step 2: Is indeed server specific, it worked on a different server without the complete chain, but the server I now have to work with does not think that enough.

I now run into new problems, but this solution for the certificates has helped me a lot.

Tanks again,
Peet Terluin
#4321
Posted: 11/14/2007 13:07:38
by Eugene Mayevski (EldoS Corp.)

I checked and I did write ClientCertStorage... Nevermind it's great that you've solved the problem.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 2066 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!