(SQL Server) Use HTTPS Client Certificate from .cer and .key Files

Demonstrates how to load a cert + private key from .cer and .key (base64) files and use it for mutual TLS authentication (client-side certificate).

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @http int
    -- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @cert int
    -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    DECLARE @privKey int
    -- Use "Chilkat_9_5_0.PrivateKey" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT

    -- Load any type of certificate (.cer, .p7b, .pem, etc.) by calling LoadFromFile.
    DECLARE @success int
    EXEC sp_OAMethod @cert, 'LoadFromFile', @success OUT, 'qa_data/certs/sample_cert_a.cer'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    -- Load the private key.
    DECLARE @bd int
    -- Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bd OUT

    EXEC sp_OAMethod @bd, 'LoadFile', @success OUT, 'qa_data/certs/sample_key_a.key'
    EXEC sp_OAMethod @privKey, 'LoadAnyFormat', @success OUT, @bd, 'privateKeyPasswordIfNecessary'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @bd
        RETURN
      END

    -- Associate the private key with the cert.
    EXEC sp_OAMethod @cert, 'SetPrivateKey', @success OUT, @privKey
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @bd
        RETURN
      END

    -- Set the certificate to be used for mutual TLS authentication
    -- (i.e. sets the client-side certificate for two-way TLS authentication)
    EXEC sp_OAMethod @http, 'SetSslClientCert', @success OUT, @cert
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @bd
        RETURN
      END

    -- At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
    -- connection will automatically use it if the server demands a client-side cert.

    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @privKey
    EXEC @hr = sp_OADestroy @bd


END
GO