On 09/01/2010 09:02 PM, Michal Trojnara wrote:
I think this request should rather be addressed to the OpenSSL team. AFAIK Windows Certificate Store was specifically designed to prevent non-Microsoft SSL implementations from using it directly, i.e. without manual key export. Hi Mike
You should look again - lots of non-M$ products use this API. e.g openvpn for Windows allows you to use the personal cert that other M$ components like MSIE uses - see " cryptoapicert" --cryptoapicert select-string Load the certificate and private key from the Windows Certifi- cate System Store (Windows Only). Use this option instead of --cert and --key. This makes it possible to use any smart card, supported by Win- dows, but also any kind of certificate, residing in the Cert Store, where you have access to the private key. This option has been tested with a couple of different smart cards (GemSAFE, Cryptoflex, and Swedish Post Office eID) on the client side, and also an imported PKCS12 software certificate on the server side. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1