Re: Https Upload/Download need

danny heijl wrote:
Whenever SSL is involved I use WinInet (or WinHttp on a server) instead of Indy. It allows me to use client certificates and smartcards and generally do anything that a browser can.

You can use client certificates and smartcards with Indy + StreamSec Tools 2.1 as well, and there are two reason why you might prefer that combination over WinInet:

The first reason is that WinInet prompts you for which client certificate you want to use. With StreamSec Tools you can automate that, which makes it more suitable for background processes.

The second reason is that WinInet will also prompt you if you are connecting to a site that is authenticated by a server certificate issued by an authority that is not (directly or indirectly) recognized as a root authority by Windows. This becomes an issue e.g. if you decide to use an exclusive in-house CA for your internal servers as a primary method for authentication. That is, since your servers are the only servers that use server certificates issued by your CA, you know a server is indeed your server if it authenticates itself to the SSL client using a certificate issued by your CA. If, for various reasons, you don't want to install that certificate with Windows on each client computer, it is usually better to use StreamSec Tools 2.1 than WinInet.

OTOH WinInet is fine if you use a server certificate issued by a major commercial CA and the client runs interactive with the desktop and you don't mind letting the client user select which client certificate to use.
.

Relevant Pages

  • Re: Cannot request computer certificate.
    ... >problem since you can not request a certificate while logged onto the CA. ... Verify that you can ping it by name and IP address from the client ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.security)
  • Re: The message must contain a wsa:To header
    ... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: L2TP/IPSec from XP client to Windows 2003 Server
    ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... I would verify that the certificate services service is running and set to ... Verify that you can ping it by name and IP address from the client ... > Kerberos, or dns. ... > List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.security)
  • SNA 3270 to IP TN3270 Conversion =?ISO-8859-1?Q?=96?= Data Stream Encryption
    ... asked them on their thoughts regarding data stream encryption, ... which means that all data is encrypted before it is sent to the client. ... certificate and the keys from three different places: ... SSL client authentication provides additional authentication and access ...
    (bit.listserv.ibm-main)