I'm trying to configure HTTPS connection for my web service from Inno Setup installer. Previously, I was doing next things:
makecert
certmgr
GetSHA1OfFile
method of Inno Setup.netsh http add sslcert
commandBut now I'm switching from makecert
to OpenSSL, and also introducing CA certificate, which is previously generated, and works as issuer for my server certificate. What am I doing now:
certmgr
CertUtil
Now, the issue is, when generating certificate with OpenSSL, it seems, that its sha1 hash is different from its thumbprint, so I can't use GetSHA1OfFile
for this purpose anymore.
So, question is - how can I programmatically get certificate hash in Inno Setup, to assign it to port, if GetSHA1OfFile
can't be used for this purpose?
Use the certutil.exe -dump
command and read its output.
I'm not sure, which of the fingerprints you are after, but I assume it's the one labelled Cert Hash(sha1)
.
var
Key: string;
I: Integer;
TempFile: string;
Lines: TArrayOfString;
Hash: string;
ResultCode: Integer;
PfxFile: string;
Cmd, Params: string;
begin
PfxFile := '...\my.pfx';
TempFile := ExpandConstant('{tmp}\certdump.txt');
Cmd := 'cmd.exe';
Params := '/c certutil.exe -dump "' + PfxFile + '" > "' + TempFile + '"';
if not Exec(Cmd, Params, '', SW_HIDE, ewWaitUntilTerminated, ResultCode) then
begin
Log('Failed to run certificate dump');
end
else
if not LoadStringsFromFile(TempFile, Lines) then
begin
Log('Failed to read certificate dump');
end
else
begin
Key := 'Cert Hash(sha1):';
Hash := '';
for I := 0 to GetArrayLength(Lines) - 1 do
begin
if CompareText(Copy(Lines[I], 1, Length(Key)), Key) = 0 then
begin
Hash := Copy(Lines[I], Length(Key) + 1, Length(Lines[I]) - Length(Key));
Hash := Trim(Hash);
StringChange(Hash, ' ', '');
end;
end;
DeleteFile(TempFile);
if Hash = '' then
begin
Log('Hash not found in certificate dump');
end
else
begin
Log('Certificate hash: ' + Hash);
end;
end;
end;