To improve handling and reporting of PEM SSL certificates, there is a new component class TX509Ex derived from TX509Base adding properties for most common certificate entries including extensions, there are the properties reported for my code signing certificate, as reported by the updated OverbyteIcsPemTool tool:
------------------------------------------- ISSUED TO (Subject) Common Name (CN):Magenta Systems Ltd Alt Name (DNS): Alt Name (IP): Organisation (O): Magenta Systems Ltd Organisational Unit (OU): SECURE APPLICATION DEVELOPMENT Country (C): GB State/Province(ST): England Locality (L): Croydon Serial Number: Title (T): Initials (I): Given Name (G): Surname (S): Description (D): Email (Email): ISSUED BY Common Name (CN):Thawte Code Signing CA - G2 Organisation (O): Thawte, Inc. Organisational Unit (OU): Country (C): GB State/Province(ST): England Locality (L): Croydon Email (Email): GENERAL Serial Number: -1 Issued on:12/10/2013 Expires on:16/10/2014 Key Usage: Extended Key Usage: Code Signing, Microsoft Commercial Code Signing Basic Constraints: CA=FALSE Authority Info Access: OCSP - URI=http://ocsp.thawte.com ------------------------------------------- A certificate authority certificate is reported similarly to the following, which is reported as self signed, by a CA: ------------------------------------------- ISSUED TO (Subject) Common Name (CN):thawte Primary Root CA Alt Name (DNS): Alt Name (IP): Organisation (O): thawte, Inc. Organisational Unit (OU): Certification Services Division, (c) 2006 thawte, Inc. - For authorized use only Country (C): US State/Province(ST): Locality (L): Serial Number: Title (T): Initials (I): Given Name (G): Surname (S): Description (D): Email (Email): SELF SIGNED GENERAL Serial Number: -1 Issued on:17/11/2006 Expires on:16/07/2036 Key Usage: Certificate Sign, CRL Sign Extended Key Usage: Basic Constraints: CA=TRUE Authority Info Access: ------------------------------------------- The OverbyteIcsPemTool listview now reports the common name, issued to and issuer, for each certificate it finds in the specific directory. When using OverbyteIcsPemTool to create self signed certificates, certificate requests, and creating PEMs from the Windows Certificate Store, optionally clear text comments can be added before the base64 blocks to easily identify different certificates (which otherwise all look much alike), ie: ------------------------------------------- # X509 SSL Certificate # Subject Common Name: RapidSSL CA # Subject Alt Names: # Subject Organisation: GeoTrust, Inc. # Issuer: GeoTrust Global CA # Expires: 18/02/2020 -----BEGIN CERTIFICATE----- ------------------------------------------- When creating a certificate requests and self signed certificates, the private key and certificate may now be optionally saved to separate files, since you certainly don't want to distribute your private key anywhere. Note these changes are in OverbyteIcsSslX509Utils.pas which is currently in the Samples/Delphi/SslInternet directory, it may be more convenient to copy it to the main source directory. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
