Sample code for 30+ languages & platforms
PureBasic

Use Installed Cert on Windows for TLS Client Authentication

See more HTTP Examples

Demonstrates how to use a certificate that has already been installed on a Windows PC for TLS client authentication.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkHttp.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    http.i = CkHttp::ckCreate()
    If http.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; On Windows, a pre-installed certificate can be loaded in a number of different ways.
    ; This example loads by the common name:
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadByCommonName(cert,"My ECA Medium Assurance Identity Certificate")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkHttp::ckDispose(http)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Make sure this certificate has a private key available.  
    ; It should be a private key such that when the certificate was installed, it was marked as "exportable"
    ; so that authorized programs are able to access the private key.
    If CkCert::ckHasPrivateKey(cert) <> 1
        Debug "A private key is needed for TLS client authentication."
        Debug "This certificate has no private key."
        CkHttp::ckDispose(http)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Set the certificate to be used for mutual TLS authentication
    ; (i.e. sets the client-side certificate for two-way TLS authentication)
    success = CkHttp::ckSetSslClientCert(http,cert)
    If success <> 1
        Debug CkHttp::ckLastErrorText(http)
        CkHttp::ckDispose(http)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
    ; connection will automatically use it if the server demands a client-side cert.


    CkHttp::ckDispose(http)
    CkCert::ckDispose(cert)


    ProcedureReturn
EndProcedure