TLS with Client Authentication using private key from Windows store
fgerlits at cloudera.com
Mon Nov 23 12:03:55 UTC 2020
I am trying to use openssl to implement a client-side TLS connection with
Client Authentication on Windows, using a non-exportable private key stored
in the Windows Certificate Store. Currently, our code can use a private
key stored in a local file, and if the key in the Windows store was
exportable, I could export it and use it in the existing code. But the key
is non-exportable, which is a problem.
Does anyone know how to do this?
So far, I have found suggestions to use the CAPI engine (eg.
no examples of how to do that, and also some tickets (eg.
https://github.com/openssl/openssl/issues/12859) which say that the CAPI
engine does not work with TLS >= 1.2 on openssl 1.1.1, so that doesn't look
like a good solution.
Any help would be appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users