Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Examine SSL/TLS Server Certificate

See more Socket/SSL/TLS Examples

Demonstrates how an application can examine and check a server's SSL/TLS certificate.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Cert,
  Chilkat.Socket;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  socket: TSocket;
  useTls: Boolean;
  maxWaitMs: Integer;
  cert: TCert;

begin
  success := False;

  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  socket := TSocket.Create;

  //  Connect to a server.
  useTls := True;
  maxWaitMs := 2000;
  success := socket.Connect('www.intel.com',443,useTls,maxWaitMs);
  if (success = False) then
    begin
      WriteLn(socket.LastErrorText);
      Exit;
    end;

  //  If we get here, the TLS connection ws made..
  //  In any SSL/TLS handshake, the server sends its certificate in a TLS handshake message.
  //  Chilkat will keep it cached within the object that made the connection.
  //  Get the server's cert and examine a few things.
  cert := TCert.Create;
  socket.GetServerCert(cert);

  WriteLn('Distinguished Name: ' + cert.SubjectDN);
  WriteLn('Common Name: ' + cert.SubjectCN);
  WriteLn('Issuer Distinguished Name: ' + cert.IssuerDN);
  WriteLn('Issuer Common Name: ' + cert.IssuerCN);

  WriteLn('Expired: ' + cert.Expired);
  WriteLn('Revoked: ' + cert.Revoked);
  WriteLn('Signature Verified: ' + cert.SignatureVerified);
  WriteLn('Trusted Root: ' + cert.TrustedRoot);

  //  Sample output:

  //  Distinguished Name: C=US, ST=California, O=Intel Corporation, CN=*.intel.com
  //  Common Name: *.intel.com
  //  Issuer Distinguished Name: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
  //  Issuer Common Name: Sectigo RSA Organization Validation Secure Server CA
  //  Expired: False
  //  Revoked: False
  //  Signature Verified: True
  //  Trusted Root: True


  socket.Free;
  cert.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.