Use storage to store server and client certificates when setting the TLS/SSL client. Server certificate is used for the authentication of a TLS/SSL server. Client certificates can be used for the client authentication. In this case the certificate must contain the private key.
Storage setup
• | Specify the path to be used to store information about certificates in the CertStoreName / Path / KeyPath property (depending on the the storage component type). |
• | Add server and client certificates to the storage: |
1. | Open the editor of the storage component by double click on it, and select the Certificates tab. |
2. | Add a new certificate by pressing the New button. |
3. | Type the certificate name. |
4. | Import information from a file that contains a certificate by using the "Import from..." button. |
SSL/TLS client setup
• | In the HostName property specify the name of the host on which the TLS/SSL server is located. |
• | In the Port property specify the port number for TCP/IP connection with the TLS/SSL server. |
• | Select already created storage object in the Storage property. |
• | Specify the server certificate in the CACertName property. |
• | If necessary, specify the client certificate in the CertName property. |
• | Establish connection to the server setting the Connected property to True. |
• | To make the connection secure, turn the IsSecure property to True. |
Random numbers generating
When establishing connection to an TLS/SSL server, random numbers for creating session keys are generated. These keys will be used in the data encryption algorithms. For getting random numbers, pseudo random number generators are used. Before using the pseudo random number generator, you should initialize it, by setting a start seed value. This seed value can be obtained in different ways: using processor step counter, sound card noise, information of random mouse movements, or pressure of keyboard keys. However, the first two ways is not reliable.
One of such ways is implemented in the SSHClient demo.
When using the SecureBridge component library, you should pass a sequence of the random values to the Randomize method of the global Random object.