Luc 0409

Member since: Tuesday, 03 May 2016
Last login: 3 years ago
Profile viewed: 184 views

No Rank
Points: 0

Luc 0409 created a new topic ' SSL client certificate and TWinHTTPClient' in the forum. 3 years ago

The Delphi unit "System.Net.HttpClient.Win" contains a class TCertificateStore which connects to the "My" certificatestore of the current user using the following statement :
FStore := CertOpenSystemStore(0, 'MY');
This CertificateStore contains the certificates of the current user and it is being used by TWinHTTPClient during the process of authentication of a client by a server, asking the client for a certifcate.
TWinHTTPClient will only look for the certificate in the available certificates of this "My" certificatestore of the current user. It will not look in the certificates available in the "My" certificatestore of the local machine. We do however have to store certificates at the local machine level because our application is a windows service and runs in the "Network Service" context. (We have not yet found out how to store certificates in the "My" certificatestore of the "Network Service" user, there does not seem to be an easy way it any at all).
We did find a way to get access to this certificate in the certificatestore of the local machine using the following statement :
Store := CertOpenStore(CERT_STORE_PROV_SYSTEM_W,0,0,CERT_STORE_READONLY_FLAG OR CERT_SYSTEM_STORE_LOCAL_MACHINE,PChar('MY'));
If you include the readonly flag in this statement, you get a list of certificates from the "My" store of the local machine (permissions must have been set correct as well) which is what we are looking for.
Is there a way to change the behaviour of the the TCertificateStore class so that it looks up certificates this way in the local machine certificatestores instead of in the current user certificatestores?

Read More...