TLS with Client Authentication using private key from Windows store
Ferenc Gerlits
fgerlits at cloudera.com
Mon Nov 23 12:03:55 UTC 2020
Hi,
I am trying to use openssl to implement a client-side TLS connection with
Client Authentication on Windows, using a non-exportable private key stored
in the Windows Certificate Store. Currently, our code can use a private
key stored in a local file, and if the key in the Windows store was
exportable, I could export it and use it in the existing code. But the key
is non-exportable, which is a problem.
Does anyone know how to do this?
So far, I have found suggestions to use the CAPI engine (eg.
https://groups.google.com/g/mailing.openssl.users/c/_rdJLc7emAY?pli=1), but
no examples of how to do that, and also some tickets (eg.
https://github.com/openssl/openssl/issues/12859) which say that the CAPI
engine does not work with TLS >= 1.2 on openssl 1.1.1, so that doesn't look
like a good solution.
Any help would be appreciated!
Thank you,
Ferenc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201123/a1d3cdcb/attachment.html>
More information about the openssl-users
mailing list