[openssl-users] Using Windows system certficate store for server authentication

Viktor Dukhovni openssl-users at dukhovni.org
Sat Sep 8 18:00:24 UTC 2018

On Sat, Sep 08, 2018 at 01:44:50PM +0000, Salz, Rich via openssl-users wrote:

> OpenSSL does not use *any* certificate store, on any platform, it is up to the applications to do what they need.

More precisely, OpenSSL does not bundle any trusted certificates
with the upstream source.  OpenSSL does use $OPENSSLDIR/cert.pem
and $OPENSSL/certs/ as the default CAfile and CApath respectively
via the:


function.  These can also be specified via the SSL_CERT_FILE and
SSL_CERT_DIR environment variables.  Applications can specify
additional or alternative CAfile or CApath locations.

IIRC the upstream OpenSSL code does not include an interface to the
Windows Active Directory certificate store.  This may be available
from third parties.


More information about the openssl-users mailing list