(Tcl) Use Installed Cert on Windows for TLS Client Authentication

Demonstrates how to use a certificate that has already been installed on a Windows PC for TLS client authentication.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set http [new_CkHttp]

# On Windows, a pre-installed certificate can be loaded in a number of different ways.
# This example loads by the common name:
set cert [new_CkCert]

set success [CkCert_LoadByCommonName $cert "My ECA Medium Assurance Identity Certificate"]
if {$success != 1} then {
    puts [CkCert_lastErrorText $cert]
    delete_CkHttp $http
    delete_CkCert $cert
    exit
}

# Make sure this certificate has a private key available.  
# It should be a private key such that when the certificate was installed, it was marked as "exportable"
# so that authorized programs are able to access the private key.
if {[CkCert_HasPrivateKey $cert] != 1} then {
    puts "A private key is needed for TLS client authentication."
    puts "This certificate has no private key."
    delete_CkHttp $http
    delete_CkCert $cert
    exit
}

# Set the certificate to be used for mutual TLS authentication
# (i.e. sets the client-side certificate for two-way TLS authentication)
set success [CkHttp_SetSslClientCert $http $cert]
if {$success != 1} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkHttp $http
    delete_CkCert $cert
    exit
}

# At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
# connection will automatically use it if the server demands a client-side cert.

delete_CkHttp $http
delete_CkCert $cert