SChannel Certificates

From sgcWebSockets 4.4.7 the use of Certificates using SChannel as crypto library is supported.

The SChannel implementation supports 2 types of certificate authentication:

1. Using a PFX certificate

2. Setting the Hash Thumbprint of an already installed certificate in the windows system.

PFX Certificate 

PFX Certificate is a file that contains the certificate and private key, sometimes you have a certificate in PEM format, so before use it, you must convert to PFX.

Use the following openssl command to converte a PEM certificate to PFX

openssl pkcs12 -inkey certificate-pem.key -in certificate-pem.crt -export -out certificate.pfx

Once the certificate has PFX format, you only need to deploy the certificate and set in the TLSOptions.Certificate property the path to it.


TLSOptions.IOHandler := iohSChannel;
TLSOptions.CertFile := '<certificate path>';
TLSOptions.Password := '<certificate optional password>'; 

Hash Thumbprint

If the certificate is already installed in the windows certificate store, you only need to know the certificate thumbprint and set in the TLSOptions.SChannel_Options property.

Finding the hash of a certificate is as easy in powershell as running a dir command on the certificates container.

dir cert:\localmachine\my

The hash is the hexadecimal Thumbprint value.

Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my
Thumbprint Subject
---------- -------
C12A8FC8AE668F866B48F23E753C93D357E9BE10 CN=*

Once you have the Thumbprint value, you must to set in the TLSOptions.SChannel_Options property the hash and where is located the certificate.

TLSOptions.IOHandler := iohSChannel;
TLSOptions.SChannel_Options.CertHash := '<certificate thumbprint>';
TLSOptions.SChannel_Options.CertStoreName := '<certificate store name>';
TLSOptions.SChannel_Options.CertStorePath := '<certificate store path>';
TLSOptions.Password := '<certificate optional password>'; 
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

sgcWebSockets 4.4.7
Socket.IO 3 API support

Related Posts