Get certifacte from https-connection

[Carsten Eider 0]

Hi,

 

I am connecting to a server vis https on using TSslHttpCli.

This works fine, communication is possible.

 

But I have to verify the X509-certificate with another tool.

So how can I get the used X509-certificate, sound to me like the public key of the server?

 

Any ideas?

 

Tia Carsten

[Angus Robertson 626]

PeerCert is a parameter passed in the onSslHandshakeDone event, as illustrated in dozens of samples and components, such as OverbyteIcsHttpsTst1.pas.

 

Angus

 

[Carsten Eider 0]

Hi Angus,

 

thx for your hint. My idea was to do the checks after the request have been done. That's why  i tried to get the information from SSLContext.

 

Working with " onSslHandshakeDone" but failed for me to.

PeerCert looks empty for me, not being a cryptoexpert.

 

In detail I need to get something called "C.FD.TLS-S" , which is meant to be a X509-stuff, as a Base64 string.

 

[Angus Robertson 626]

All the HTTPS samples show the certificate for the connection, try one of them and see what you get?  

 

PeerCerrt will be blank unless you also set SslVerifyPeer true in the context.  

 

No idea what  "C.FD.TLS-S" means, TX509 has lots of properties for the numerous parts of the certificate, none of which are base64, you'll have to search.  

 

Angus

 

[Carsten Eider 0]

Hi Angus,

 

thank you for your very helpful hints.

Using the mentioned examples I was able to solve 2 of 4 of my tasks!!!! Great

 

Now I have to verify to normal TLS-Certificates. I tried to use the code for OCSP, but obviously I did not use it corretly.

Any further hints on this issue?

 

Tia Carsten

[Angus Robertson 626]

Again, look at numerous samples and components that verify certificates in different ways, OpenSSL actually does it for you, provided a root bundle is loaded, which is automatic with recent ICS versions.  

 

You should be using the TSslHttpRest which means this is all automatic, see the OverbyteIcsHttpRestTst sample.

 

Angus