Sample code for 30+ languages & platforms
DataFlex

Socket TLS Mutual Authentication (Client-Side Certificate)

See more Socket/SSL/TLS Examples

This example demonstrates how to provide a client-side certificate, also known as "two-way authentication" or "mutual authentication" for servers that require a client certificate.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoSock
    Boolean iBTls
    Integer iPort
    Integer iMaxWaitMs
    String sTemp1
    Integer iTemp1

    Move False To iSuccess

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatSocket)) To hoSock
    If (Not(IsComObjectCreated(hoSock))) Begin
        Send CreateComObject of hoSock
    End

    // Set the certificate to be used for mutual TLS authentication
    // (i.e. sets the client-side certificate for two-way TLS authentication)
    Get ComSetSslClientCertPfx Of hoSock "/home/bob/pfxFiles/myClientSideCertWithPrivateKey.pfx" "pfxPassword" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoSock To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Note: The certificate used for the client-side of TLS mutual authentication
    // must have the associated private key available. (.pfx/.p12 files typically store both
    // the certificate and associated private key.)

    // Establish the connection using the socket object (with client certificate authentication).
    Move True To iBTls
    Move 443 To iPort
    Move 5000 To iMaxWaitMs
    Get ComConnect Of hoSock "www.example.com" iPort iBTls iMaxWaitMs To iSuccess
    If (iSuccess <> True) Begin
        Get ComConnectFailReason Of hoSock To iTemp1
        Showln "Connect Failure Error Code: " iTemp1
        Get ComLastErrorText Of hoSock To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // At this point, the Socket object is connected and authenticated using the client-side cert

    // ...
    // ..


End_Procedure