Hi all,

I'm freaking out. Just got my real certificate from VeriSign and I'm not
able to load the certificate. I'm not sure if this is an issue with VeriSign
or the IdSSLOpenSSL component, just wanted to see if anyone else has run
into this problem.

I'm using Delphi 5, with today's Indy code on a W2K platform, with a 128bit
Signed certificate from VeriSign.

In the TIdSSLContext.InitContext procedure, I get to the line that loads the
certificate and because LoadCert returns 0, the exception is raised. I can't
figure out what is happening in IdSslCtxUseCertificateFile (dll stuff, I
assume).

Please help. I've got to ship to the customer in a few days.

Thanks!

Tania

"Tania Jones" <tjo...@discoverysoft.com> wrote in news:3b86b669_1@dnews:

You have to convert it. Verisign delivers in one format, and OpenSSL uses
another. There are details on Gregors SSL forum.

--
Chad Z. Hower (Kudzu) - http://www.pbe.com/Kudzu/
Current Location: St. Petersburg, Russia
      "Programming is an art form that fights back"

If the certificate isn't in PEM format you have to convert it. OpenSSL uses
PEM format. You need to do this using the openssl.exe.

Did you configure to load the Verisign's CA certificate too?

You should.

Regards,
Gregor

Did you configure to load the Verisign's CA certificate too?

You should.

Regards,
Gregor

It's in PEM format, or at least that is what we've requested...

"Hadi Hariri - Team Indy" <hadi...@pbe.com> wrote in message
news:3b87538d_2@dnews...

Yep. Got it as well...

news:3b875bda_1@dnews...

So it works or not?

Regards,
Gregor

No luck :-(

We're trying out a different certificate type. I'll let you know if it works
(just waiting for it to arrive)... I just wanted to see if anyone had
already gone through the same thing before, so I didn't re-invent the wheel.

Details to come...

news:3b893364_2@dnews...

Are you waiting for Hadi?

Regards,
Gregor

Nope. Waiting for VeriSign...
news:3b89556c_1@dnews...

Hi All,

Found out that the certificates VeriSign sent weren't actually in PEM format
:-(

Good news: didn't need the $895US certificates, the $575 ones work better
(global option wasn't necessary).

The confusion happened because we specified the format with VeriSign. Their
standard worked fine (I think it's called x509 something...)

Tania

news:3b894770$1_2@dnews...

The X.509v3 format of certificates specifies how the attributes (name,
country, ...) are formated in the certificate.

PEM format is the certificate in X.509v3 format, base64 encoded.
So it is the same thing.

If you export the certificate from Internet Explorer you should specify Ber
(base64) encoded format and it will work ok.

Also check the article on www.intelicom.si (using client certificate
authentication) cause there are detailed instruction how to do it.

Regards,
Gregor

Gregor,

Where are the detailed instructions on the Intellicom web site?  I have been
trying to find anything on the site, and it only displays limitted amounts
of information at the top of the browser.  I can't get any detail what so
ever.  Is my browser missing something?

Thanks,

--
Glenn Hancock
SofTek Software Int'l Inc.
www.softeksoftware.com
ghanc...@softeksoftware.com
770-490-7899

http://www.intelicom.si/article.php?sid=14

news:3b8eaedd_2@dnews...