Sample code for 30+ languages & platforms
SQL Server

Use Installed Cert on Windows for TLS Client Authentication

See more HTTP Examples

Demonstrates how to use a certificate that has already been installed on a Windows PC for TLS client authentication.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- On Windows, a pre-installed certificate can be loaded in a number of different ways.
    -- This example loads by the common name:
    DECLARE @cert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadByCommonName', @success OUT, 'My ECA Medium Assurance Identity Certificate'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Make sure this certificate has a private key available.  
    -- It should be a private key such that when the certificate was installed, it was marked as "exportable"
    -- so that authorized programs are able to access the private key.
    EXEC sp_OAMethod @cert, 'HasPrivateKey', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN

        PRINT 'A private key is needed for TLS client authentication.'

        PRINT 'This certificate has no private key.'
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Set the certificate to be used for mutual TLS authentication
    -- (i.e. sets the client-side certificate for two-way TLS authentication)
    EXEC sp_OAMethod @http, 'SetSslClientCert', @success OUT, @cert
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
    -- connection will automatically use it if the server demands a client-side cert.

    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @cert


END
GO