Sample code for 30+ languages & platforms
DataFlex

HTTPS Client Certificate using Smartcard or Token

See more HTTP Examples

Explains how to use a client certificate for HTTP TLS mutual authentication where the certificate and private key exists on an HSM (Smartcard or USB Token).

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoHttp
    Variant vCert
    Handle hoCert
    String sTemp1

    Move False To iSuccess

    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    // To do HTTPS mutual authentication where the certificate and private key are stored
    // on a smartcard or token, first load the Chilkat certificate object from the smartcard/token,
    // and then pass the certificate object to the Http object's SetSslClientCert method.

    // Doing HTTP mutual authentication is the same regardless of the source of the cert + private key.
    // The steps are to first load the certificate from the source, then pass the cert object to the HTTP object.
    // Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens,
    // .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats.
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with 
    // an empty string argument.  Chilkat will detect the HSM and will choose the most appropriate
    // underlying means for accessing and loading the default certificate + key from the HSM.
    // The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it
    // supports.

    // For example:
    // If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token.
    Set ComSmartCardPin Of hoCert To "12345678"

    // To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard.
    // When testing in this way, it's best to have only a single smartcard or token connected to the system.
    Get ComLoadFromSmartcard Of hoCert "" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Showln "Certificate not loaded."
        Procedure_Return
    End

    // If there are multiple certificates stored on the smartcard/token, then 
    // you can be more specific.  See these examples:

    // Load a Certificate from an HSM by Common Name
    // Load a Certificate from an HSM by Serial Number

    // It may be that you need to code at a lower level with a specific
    // supported interface, such as PKCS11.
    // See these examples:

    // Use PKCS11 to Find a Specific Certificate
    // Use PKCS11 to Find a Certificate with a Specified Key Usage

    // Once you have the desired certificate, pass it to SetSslClientCert.
    // Set the certificate to be used for mutual TLS authentication
    // (i.e. sets the client-side certificate for two-way TLS authentication)
    Get pvComObject of hoCert to vCert
    Get ComSetSslClientCert Of hoHttp vCert To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
    // connection will automatically use it if the server demands a client-side cert.


End_Procedure