MMSoft 0 Posted 8 hours ago (edited) I am working with a "NetHTTPClient" and have a .pem Certificate. This Certificate starts with the line: -----BEGIN CERTIFICATE----- And ends with the line: -----END CERTIFICATE----- If I use the "NetHTTPClient" without this Certificate by doing this: //-------------------------------------------------------------------------------------------- procedure TForm1.NetHTTPClient1ValidateServerCertificate(const Sender: TObject; const ARequest: TURLRequest; const Certificate: TCertificate; var Accepted: Boolean); begin Accepted := True; //Er is nu geen Certificaat nodig ! end; //------------------------------------------------------------------------------ Then that works, but I have been trying for days to use the Certificate and have found and tried everything on the internet, but unfortunately I can't get it to work. How can I get this to work? Edit: Delphi 12.1, Android Edited 7 hours ago by MMSoft Share this post Link to post
Kas Ob. 135 Posted 7 hours ago 45 minutes ago, MMSoft said: How can I get this to work? First you missing few details about the problem at hand, 1) You are using Client and the client doesn't need a certificate, to be more accurate the default usage for validation on the client side is to check and validate the path of certificate(s) from the server against trusted root or trusted CA. 2) What certificate is on the server, is it valid ? not revoked ? not expired ?.... 3) What is this certificate you mentioned, is it the root or the CA or the end point that server has used to establish the connection ? Now, what you can do or what you should do 1) By default like any TLS connection, the client must have a trusted root store, to resolve the server certificate to, this include any CA in-between them (i mean the end point one aka server and its root), generally either you have a store (punch of certificates) included with in (shipped) your own application, or depend on the OS provided store. 2) Your client doesn't have a store, then it is OK, you can have one root and resolve the path to like above. 3) You are binning the certificate, meaning you will included one certificate, no store, no validation, not best practice at all !, yet it is OK, will work , and fail later ! , but should work (highly not recommended as it is bad and fragile and can render you communication useless any time when the server lose its private key or the certificate leak and you have to replace it...etc), in this exact case and if this is what you are trying to do , then just compare the server certificate against the one in the pem Hope that help, ps: though you had searched the internet, so i will assume you are loading the pem right and you know to validate or compare, but in case you still missing the point and how it should done, then i recommend to use ICS demos, even if you are not going to use that library, but you can study and understand how to validate a certificate ( or try to shoot your self in the foot by comparing against end point only, against all recommendations ) Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
