VBScript
VBScript
HTTPS Client Certificate using Smartcard or Token
See more HTTP Examples
Explains how to use a client certificate for HTTP TLS mutual authentication where the certificate and private key exists on an HSM (Smartcard or USB Token).Chilkat VBScript Downloads
Dim fso, outFile
Set fso = CreateObject("Scripting.FileSystemObject")
'Create a Unicode (utf-16) output text file.
Set outFile = fso.CreateTextFile("output.txt", True, True)
success = 0
set http = CreateObject("Chilkat.Http")
' To do HTTPS mutual authentication where the certificate and private key are stored
' on a smartcard or token, first load the Chilkat certificate object from the smartcard/token,
' and then pass the certificate object to the Http object's SetSslClientCert method.
' Doing HTTP mutual authentication is the same regardless of the source of the cert + private key.
' The steps are to first load the certificate from the source, then pass the cert object to the HTTP object.
' Chilkat provides methods for loading the certificate from a variety of sources, such as smartcards, tokens,
' .pfx/.p12 files, Windows registry-based certificate stores, PEM files, or other file formats.
set cert = CreateObject("Chilkat.Cert")
' The easiest way to load a certificate from an HSM is to call cert.LoadFromSmartcard with
' an empty string argument. Chilkat will detect the HSM and will choose the most appropriate
' underlying means for accessing and loading the default certificate + key from the HSM.
' The underlying means could be PKCS11, ScMinidriver, or MSCNG, depending on the HSM what it
' supports.
' For example:
' If you know the smart card PIN, it's good to set it prior to loading from the smartcard/USB token.
cert.SmartCardPin = "12345678"
' To let Chilkat discover what smartcard or token is connected, pass an empty string to LoadFromSmartcard.
' When testing in this way, it's best to have only a single smartcard or token connected to the system.
success = cert.LoadFromSmartcard("")
If (success = 0) Then
outFile.WriteLine(cert.LastErrorText)
outFile.WriteLine("Certificate not loaded.")
WScript.Quit
End If
' If there are multiple certificates stored on the smartcard/token, then
' you can be more specific. See these examples:
' Load a Certificate from an HSM by Common Name
' Load a Certificate from an HSM by Serial Number
' It may be that you need to code at a lower level with a specific
' supported interface, such as PKCS11.
' See these examples:
' Use PKCS11 to Find a Specific Certificate
' Use PKCS11 to Find a Certificate with a Specified Key Usage
' Once you have the desired certificate, pass it to SetSslClientCert.
' Set the certificate to be used for mutual TLS authentication
' (i.e. sets the client-side certificate for two-way TLS authentication)
success = http.SetSslClientCert(cert)
If (success <> 1) Then
outFile.WriteLine(http.LastErrorText)
WScript.Quit
End If
' At this point, the HTTP object instance is setup with the client-side cert, and any SSL/TLS
' connection will automatically use it if the server demands a client-side cert.
outFile.Close