EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Retrieve and send certificates from windows system certificate storage

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#4304
Posted: 11/13/2007 15:56:17
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Hello,

I'm building an application that posts xml-files to a secure webserver (IIS 5.0, at least that's what the headers say) use TElHttpsClient. I've tested without a client certificate and that works fine.
But now I have to start using client certificates, and I have 3 of them.
I've loaded the certificates into the windows certificate storage and called the URL in internet explorer. I got to choose the certificate to use and the connection was made, so the certificates seem to be OK. But I cannot figure out how to do the same in Delphi with these certificates.

Can you/someone/anyone please help me, show me how it's done?

The certificates don't have to come from the windows certificate storage, I can also use the files.

With regards,
Peet Terluin
#4307
Posted: 11/14/2007 01:43:19
by Eugene Mayevski (EldoS Corp.)

Use ClientCertStorage property. Assign there a storage with your certificate. You can safely copy the certificate from ElWinCertStorage to ElMemoryCertStorage -- the certificate will remember where it was taken from and the private key will be accessible even when it's not exportable in Windows.


Sincerely yours
Eugene Mayevski
#4312
Posted: 11/14/2007 07:39:26
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Thanks a lot, this works.

It took some time to figure it out exactly however.
Maybe it 'll help some others to describe my solution here.
It only takes 3 steps:

1 Use a ElMemoryCertStorage and assign this to the ClientCertStorage property of the ElHttpsClient.

2 Fill the ElMemoryCertStorage with the complete certificate chain from ElWinCertStorage.

3 You don't need to use the OnCertificateNeededEx event handler of the ElHttpsClient.

And then, it works.

With regards,
Peet Terluin
#4316
Posted: 11/14/2007 10:23:23
by Eugene Mayevski (EldoS Corp.)

And which of the above steps made the difference for you?
Step 2 (complete certificate chain) is optional and in many cases not necessary. I'd say this is very server-specific.


Sincerely yours
Eugene Mayevski
#4318
Posted: 11/14/2007 10:32:26
by Peet Terluin (Standard support level)
Joined: 06/08/2007
Posts: 19

Step 1: assigning not to CertStorage but to CLIENTCertStorage was important

Step 2: Is indeed server specific, it worked on a different server without the complete chain, but the server I now have to work with does not think that enough.

I now run into new problems, but this solution for the certificates has helped me a lot.

Tanks again,
Peet Terluin
#4321
Posted: 11/14/2007 13:07:38
by Eugene Mayevski (EldoS Corp.)

I checked and I did write ClientCertStorage... Nevermind it's great that you've solved the problem.


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 2059 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!