MTKor 0 Posted June 5 Hello, I am working on a Delphi (11.3) project where there is a need to make HTTP Requests (PUT, GET, PATCH) to a service that requires Client authentication solely with certificate files and using TLS version 1.2 at minimum. There are .csr, .p12, .key and .pem Client Certificate files and a .pem Root Certificate file. The problem is that the company policy is to use the REST Client, but despite extensive search for information here, Embarcadero, Google, Stack OverFlow etc, I have been unable to locate useful information, guides or examples on how to implement this kind of authentication with the REST Client. This is a quite urgent issue and I would be most grateful for help on it. Share this post Link to post
Angus Robertson 574 Posted June 5 Your management may need to concede that the components offered by Embarcadero are often missing features in third party components, which is why there are so many of them. Angus Share this post Link to post
mvanrijnen 123 Posted June 6 (edited) At what point you are stuck? You can use the "TRestClient.OnNeedClientCertificate" event, simple example code: We check the certificate name, which has to begin with a certain value (stored in the CNST_CERT_PREFIX constant), and of course it has to be a valid certificate. (i believe you need the client certificate installed in "user" context, not sure about that, long time ago i was busy with this). procedure TMyProgram.DoOnClientCertificateNeeded(const Sender: TObject; const ARequest: TURLRequest; const ACertificateList: TCertificateList; var AnIndex: Integer); var idx : integer; begin if CNST_CERT_PREFIX.IsEmpty then raise Exception.Create('[TMyProgram.DoOnClientCertificateNeeded] CNST_CERT_PREFIX is empty.'); for idx := 0 to ACertificateList.Count - 1 do begin if ACertificateList[idx].CertName.StartsWith(CNST_CERT_PREFIX) then begin if (ACertificateList[idx].Start<=Now) and (ACertificateList[idx].Expiry>Now) then begin AnIndex := idx; break; end else raise Exception.Create('[TMyProgram.DoOnClientCertificateNeeded] Client Certificate Expired.'); end; end; end; Edited June 6 by mvanrijnen Share this post Link to post
MTKor 0 Posted June 6 Thank you for this example code, I will check it in due course. Share this post Link to post
MTKor 0 Posted June 7 @mvanrijnen Thank you very much. After I first installed the .p12 certificate on the client computer, I got the authorization working with this example, so that a specific certificate is chosen based on its name. However, this raises another question: How to adjust the code so that, when the service that we are using i.e. sending REST requests to it (GTE, PUT, PATCH) asks for an authorization key in order to establish a connection between the processes, the correct, responding key would automatically be picked on the client side? In the sample code the name of the certificate must be known i.e. used as a parameter. Is there some way in which when going through the certificate-list the correct certificate would automatically be picked? Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
