Discuss this help topic in SecureBlackbox Forum

Setup server certificates

The SSL/TLS server must have the X.509 certificate in order to correctly implement SSL/TLS protocols. The certificate is what identifies the server on the client side, and what prevents man-in-the-middle attacks.

To specify the certificates, which identify the server, put the certificates to the instance of TElMemoryCertStorage class, and assign the reference to this instance to CertStorage property of the corresponding SSL/TLS server class. You can put the whole certificate chain contents to the storage, if you want the chain or its part to be sent to the client. To send the whole chain set ForceCertificateChain property of the SSL/TLS server class to true.

Remember, that the certificates are used not just for authentication, but also during encryption. So the RSA certificate can be used only with RSA-based cipher suites (see the corresponding how-to article for descripiton of the cipher suites). DSA certificate can be used only with DSA-based cipher suites.

How To articles about SSL/TLS server setup

Discuss this help topic in SecureBlackbox Forum