[stunnel-users] Individual user certs for each person who uses Windows PC
Jason Haar
Jason.Haar at trimble.co.nz
Mon Sep 6 05:35:35 CEST 2010
On 09/01/2010 09:02 PM, Michal Trojnara wrote:
> I think this request should rather be addressed to the OpenSSL team.
> AFAIK Windows Certificate Store was specifically designed to prevent
> non-Microsoft SSL implementations from using it directly, i.e. without
> manual key export.
Hi Mike
You should look again - lots of non-M$ products use this API. e.g
openvpn for Windows allows you to use the personal cert that other M$
components like MSIE uses - see " cryptoapicert"
--cryptoapicert select-string
Load the certificate and private key from the Windows
Certifi-
cate System Store (Windows Only).
Use this option instead of --cert and --key.
This makes it possible to use any smart card, supported
by Win-
dows, but also any kind of certificate, residing in
the Cert
Store, where you have access to the private key. This
option
has been tested with a couple of different smart cards
(GemSAFE,
Cryptoflex, and Swedish Post Office eID) on the client
side, and
also an imported PKCS12 software certificate on the server
side.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the stunnel-users
mailing list