Tcl
Tcl
Use Installed Cert on Windows for TLS Client Authentication
See more HTTP Examples
Demonstrates how to use a certificate that has already been installed on a Windows PC for TLS client authentication.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set http [new_CkHttp]
# On Windows, a pre-installed certificate can be loaded in a number of different ways.
# This example loads by the common name:
set cert [new_CkCert]
set success [CkCert_LoadByCommonName $cert "My ECA Medium Assurance Identity Certificate"]
if {$success != 1} then {
puts [CkCert_lastErrorText $cert]
delete_CkHttp $http
delete_CkCert $cert
exit
}
# Make sure this certificate has a private key available.
# It should be a private key such that when the certificate was installed, it was marked as "exportable"
# so that authorized programs are able to access the private key.
if {[CkCert_HasPrivateKey $cert] != 1} then {
puts "A private key is needed for TLS client authentication."
puts "This certificate has no private key."
delete_CkHttp $http
delete_CkCert $cert
exit
}
# Set the certificate to be used for mutual TLS authentication
# (i.e. sets the client-side certificate for two-way TLS authentication)
set success [CkHttp_SetSslClientCert $http $cert]
if {$success != 1} then {
puts [CkHttp_lastErrorText $http]
delete_CkHttp $http
delete_CkCert $cert
exit
}
# At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
# connection will automatically use it if the server demands a client-side cert.
delete_CkHttp $http
delete_CkCert $cert