TScHttpWebRequest SSLOptions CACertificateName

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
[email protected]
Posts: 2
Joined: Fri 20 Jul 2018 15:13

TScHttpWebRequest SSLOptions CACertificateName

Post by [email protected] » Fri 20 Jul 2018 16:16

Hi

I am trying to connect as a client to a external host that requieres a valid client certificate, I will need to use GET and POST to exchange information.

So I am trying to use TScHttpWebRequest (SecureBridge 8.2.4)
I have 2 ceritificates CACertificate and ClientCertificate, both are with DER file extension.
Using OpenSSL I have converted in PEM format.

here an example of what i am doing

var
Request: TScHttpWebRequest;
Response: TScHttpWebResponse;
begin
Request := TScHttpWebRequest.Create(aAPI_URL_Call);
Request.SSLOptions.Storage := ScRegStorage1;//in this storage I added the 2 certificates
Request.SSLOptions.CACertificateName := aCACertificateFile;
Request.SSLOptions.ClientCertificateName := aClientCertificateFile;
Response := Request.GetResponse;

And I have the error: "If a certificate is specified, it must have a private key"

Any Help?

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: TScHttpWebRequest SSLOptions CACertificateName

Post by ViktorV » Wed 25 Jul 2018 11:34

The private key of the client certificate is needed during the SSL handshake to prove that the client owns the certificate. Therefore, you should use a private key associated with the certificate specified in the ClientCertificateName property. To work with the private key, you must first pre-import it.
You can the associated private key into the runtime using the TScCertificate.ImportFrom method. For example:

Code: Select all

var
  Cert: TScCertificate;
...
  Cert := ScRegStorage1.Certificates.FindCertificate(aClientCertificateFile);
  if Cert <> nil then
    Cert.Key.ImportFrom(aPrivateKeyName);

[email protected]
Posts: 2
Joined: Fri 20 Jul 2018 15:13

Re: TScHttpWebRequest SSLOptions CACertificateName

Post by [email protected] » Mon 30 Jul 2018 22:04

Thanks, It works!!!!

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: TScHttpWebRequest SSLOptions CACertificateName

Post by ViktorV » Tue 31 Jul 2018 08:35

It is good to see that the problem has been solved.
Feel free to contact us if you have any further questions about our products.

Post Reply