Using Windows certificate trust store


Do you have sample projects using the Windows Trust Store?




No, we haven’t


Do you have a best practice working with certificates then?


Can you specify what channels you are using?

  • for Indy channels, you can specify .pem file. it is managed via OpenSSL 1.0.2
  • for socket channels, you can use autogenerated certificate or also specify .pem file. it is also managed via OpenSSL 1.1.1
  • for WinHTTPServer, you can specify certhash. correspondent certificate will be taken from Windows Trust Store.

see more at the SSL/TLS (Delphi) article.

Yes, we are using Indy now that’s why I’m asking because I don’t see Indy supporting OpenSSL 1.1.x in the near future.

Thank for your information.


you can use socket version of server’s channels. they are available on all platforms and support OpenSSL 1.1.1