On 09/01/2010 09:02 PM, Michal Trojnara wrote:
I think this request should rather be addressed to the OpenSSL team. AFAIK Windows Certificate Store was specifically designed to prevent non-Microsoft SSL implementations from using it directly, i.e. without manual key export.
Hi Mike
You should look again - lots of non-M$ products use this API. e.g openvpn for Windows allows you to use the personal cert that other M$ components like MSIE uses - see " cryptoapicert"
--cryptoapicert select-string Load the certificate and private key from the Windows Certifi- cate System Store (Windows Only).
Use this option instead of --cert and --key.
This makes it possible to use any smart card, supported by Win- dows, but also any kind of certificate, residing in the Cert Store, where you have access to the private key. This option has been tested with a couple of different smart cards (GemSAFE, Cryptoflex, and Swedish Post Office eID) on the client side, and also an imported PKCS12 software certificate on the server side.