[stunnel-users] Using CAPI Engine for client authentication

• Previous message (by thread): [stunnel-users] Using CAPI Engine for client authentication
• Next message (by thread): [stunnel-users] Using CAPI Engine for client authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you Michal,
But in this case it does not get the certificate (for some reason).

#Working configuration (based on certificate-file) :
debug = 7
cert = c:\test1.pem
CAfile = c:\cacert.pem
verify = 2
options = NO_TLSv1.1
[test]
engineId = capi
client = yes
accept = 0.0.0.0:9001
connect = 1.2.3.4:9000

#Not-Working configuration (based on CAPI; c:\test1.pem is imported under
Personal\Certificates):
debug = 7
engine = capi
engineCtrl = debug_level:2
engineCtrl = debug_file:c:\keys\capi.txt
engineCtrl = store_name:Personal
CAfile = c:\cacert.pem
verify = 2
options = NO_TLSv1.1
[test]
engineId = capi
client = yes
accept = 0.0.0.0:9001
connect = 1.2.3.4:9000

#Content of capi.txt
Setting debug file to c:\keys\capi.txt
Setting store name to Personal
Opening certificate store MY



On Thu, Feb 18, 2016 at 11:38 AM, Michal Trojnara <
Michal.Trojnara at stunnel.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 18.02.2016 10:26, Shay Cohen wrote:
> > I am trying to configure one of my clients to use 'engine = capi',
> > but cannot find a way to define which Key to actually use.
>
> With the CAPI engine you don't need to manually select the client key
> to use.  The client key is automatically selected based on the list of
> CAs trusted by the server.
>
> Best regards,
>         Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWxZEOAAoJEC78f/DUFuAUJ7YP/A7fzgmI8dKdKlb0jm2olbjS
> PxtUaPSwog6M8uNMXV88dyvJAaDn+KrxHPXXWzw6z+0bca+Cj4ddrn32mc5eJIfC
> 0QCXR/0uId5C6xLgOgq/3fW/MFkLRCLrHqVgm/Wzp3CRLUAB1D3HWOyFK3JezegN
> nAbULf03UFaBJjj3xI9YHBJonJu+emwQI00sNvmTVc26lq1hVwAISlvDAEvWwyPy
> zhT+j2ao0d2+jYln93Klxl85PbF+ybacewODRsZVdrnJN6YoxRrhRmhMTnzHBUCo
> u5oAGfyg77sBsivBS4M6NLik62off+Lkvlj0TzkjnDewHBcm67nigOdiVa3Lx6c6
> Nzhdk2fFiqf4mGN50gsITOoyqPNkfWSdjFeyWAOFU1DMILFn0Um8FVg2fd05LqPN
> XBg7UVj8Jt4r8dCZvVQCNMAhEb7xfHlDdo63J7qzQF9bq6hpMvsDWx1dUyGA1Nvb
> 49ii4ScLNlHQ0Lh6e/4Lc2z+XuOr1gZyuRYfAfpkcd3g3mjPWblAYhqAkTUpqPT3
> qiDM6ub9qhFNzoebuXPVi7zjPHibnRM5SHJDJAR5zMyyOv4IdvroUY5Z8TY1MAp6
> lIuD8dHzkI7prTRTNiFxPdmWtBUGWLsO1fceHGxvEeRo5kVGZ2HL24g8yNefslXX
> CCXEp0B0O5wFFldy2gYk
> =fcHM
> -----END PGP SIGNATURE-----
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160218/a39619c7/attachment.html>

• Previous message (by thread): [stunnel-users] Using CAPI Engine for client authentication
• Next message (by thread): [stunnel-users] Using CAPI Engine for client authentication
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]