Sample code for 30+ languages & platforms
PowerBuilder

HTTPS Client Certificate using Smartcard or Token

See more HTTP Examples

Explains how to use a client certificate for HTTP TLS mutual authentication where the certificate and private key exists on an HSM (Smartcard or USB Token).

Chilkat PowerBuilder Downloads

PowerBuilder
integer li_rc
integer li_Success
oleobject loo_Http
oleobject loo_Cert

li_Success = 0

loo_Http = create oleobject
li_rc = loo_Http.ConnectToNewObject("Chilkat.Http")
if li_rc < 0 then
    destroy loo_Http
    MessageBox("Error","Connecting to COM object failed")
    return
end if

// To do HTTPS mutual authentication where the certificate and private key are stored
// on a smartcard or token, first load the Chilkat certificate object from the smartcard/token,
// and then pass the certificate object to the Http object's SetSslClientCert method.

// Doing HTTP mutual authentication is the same regardless of the source of the cert + private key.
// The steps are to first load the certificate from the source, then pass the cert object to the HTTP object.
// Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens,
// .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats.
loo_Cert = create oleobject
li_rc = loo_Cert.ConnectToNewObject("Chilkat.Cert")

// The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with 
// an empty string argument.  Chilkat will detect the HSM and will choose the most appropriate
// underlying means for accessing and loading the default certificate + key from the HSM.
// The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it
// supports.

// For example:
// If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token.
loo_Cert.SmartCardPin = "12345678"

// To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard.
// When testing in this way, it's best to have only a single smartcard or token connected to the system.
li_Success = loo_Cert.LoadFromSmartcard("")
if li_Success = 0 then
    Write-Debug loo_Cert.LastErrorText
    Write-Debug "Certificate not loaded."
    destroy loo_Http
    destroy loo_Cert
    return
end if

// If there are multiple certificates stored on the smartcard/token, then 
// you can be more specific.  See these examples:

// Load a Certificate from an HSM by Common Name
// Load a Certificate from an HSM by Serial Number

// It may be that you need to code at a lower level with a specific
// supported interface, such as PKCS11.
// See these examples:

// Use PKCS11 to Find a Specific Certificate
// Use PKCS11 to Find a Certificate with a Specified Key Usage

// Once you have the desired certificate, pass it to SetSslClientCert.
// Set the certificate to be used for mutual TLS authentication
// (i.e. sets the client-side certificate for two-way TLS authentication)
li_Success = loo_Http.SetSslClientCert(loo_Cert)
if li_Success <> 1 then
    Write-Debug loo_Http.LastErrorText
    destroy loo_Http
    destroy loo_Cert
    return
end if

// At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
// connection will automatically use it if the server demands a client-side cert.


destroy loo_Http
destroy loo_Cert