Using Windows certificate trust store

kasteren · April 29, 2020, 6:49am

Hi,

Do you have sample projects using the Windows Trust Store?

Thanks

Mies

EvgenyK · April 29, 2020, 8:50am

Hi,

No, we haven’t

kasteren · April 29, 2020, 12:06pm

Okay,

Do you have a best practice working with certificates then?

EvgenyK · April 29, 2020, 12:13pm

Hi,

Can you specify what channels you are using?

for Indy channels, you can specify .pem file. it is managed via OpenSSL 1.0.2
for socket channels, you can use autogenerated certificate or also specify .pem file. it is also managed via OpenSSL 1.1.1
for WinHTTPServer, you can specify certhash. correspondent certificate will be taken from Windows Trust Store.

see more at the SSL/TLS (Delphi) article.

kasteren · April 29, 2020, 12:28pm

Yes, we are using Indy now that’s why I’m asking because I don’t see Indy supporting OpenSSL 1.1.x in the near future.

Thank for your information.

EvgenyK · April 29, 2020, 1:00pm

Hi,

you can use socket version of server’s channels. they are available on all platforms and support OpenSSL 1.1.1