[stunnel-users] Individual user certs for each person who uses Windows PC

Jason Haar Jason.Haar at trimble.co.nz
Mon Sep 6 05:31:16 CEST 2010


 On 09/01/2010 09:02 PM, Michal Trojnara wrote:
> I think this request should rather be addressed to the OpenSSL team.
> AFAIK Windows Certificate Store was specifically designed to prevent
> non-Microsoft SSL implementations from using it directly, i.e. without
> manual key export.
Hi Mike

You should look again - lots of non-M$ products use this API. e.g
openvpn for Windows allows you to use the personal cert that other M$
components like MSIE uses - see " cryptoapicert"

--cryptoapicert select-string
              Load  the  certificate and private key from the Windows
Certifi-
              cate System Store (Windows Only).

              Use this option instead of --cert and --key.

              This makes it possible to use any smart card, supported
by  Win-
              dows,  but  also  any  kind of certificate, residing in
the Cert
              Store, where you have access to the private  key.   This 
option
              has been tested with a couple of different smart cards
(GemSAFE,
              Cryptoflex, and Swedish Post Office eID) on the client
side, and
              also an imported PKCS12 software certificate on the server
side.



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the stunnel-users mailing list