[openssl-users] General approach for keeping a client cert from openssl

Andy Green andy at warmcat.com
Mon Dec 19 11:22:15 UTC 2016

Hi -

I have a situation coming up that is similar to a client cert being
held on a secure key store, like a key vault.

We need to be able to perform TLS communication with a remote server
using the key, but without giving the key to OpenSSL.

The "other side" of the "key vault" is smart, and we can run code
there, and communicate with it.  So we need to basically proxy OpenSSL
operations on the "other side".

I guess this is nothing new under the sun... what's the general
approach to integrating this to OpenSSL?

Thanks for any advice.


More information about the openssl-users mailing list