<div dir="ltr"><div>Thank you Michal, </div><div>But in this case it does not get the certificate (for some reason). <br></div><div><br></div><div>#Working configuration (based on certificate-file) : <br></div><div><div>debug = 7</div><div>cert = c:\test1.pem<br></div><div>CAfile = c:\cacert.pem<br></div><div>verify = 2</div><div>options = NO_TLSv1.1</div><div>[test]<br></div><div>engineId = capi</div><div>client = yes</div><div>accept = <a href="http://0.0.0.0:9001">0.0.0.0:9001</a></div><div>connect = <a href="http://1.2.3.4:9000">1.2.3.4:9000</a></div></div><div><br></div><div>#Not-Working configuration (based on CAPI; c:\test1.pem is imported under Personal\Certificates):</div><div><div>debug = 7</div><div>engine = capi<br></div><div>engineCtrl = debug_level:2</div><div>engineCtrl = debug_file:c:\keys\capi.txt</div><div>engineCtrl = store_name:Personal</div><div>CAfile = c:\cacert.pem<br></div><div>verify = 2</div><div>options = NO_TLSv1.1</div><div>[test]<br></div><div>engineId = capi</div><div>client = yes</div><div>accept = <a href="http://0.0.0.0:9001">0.0.0.0:9001</a></div><div>connect = <a href="http://1.2.3.4:9000">1.2.3.4:9000</a></div></div><div><br></div><div>#Content of capi.txt</div><div><div>Setting debug file to c:\keys\capi.txt</div><div>Setting store name to Personal</div><div>Opening certificate store MY</div></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 18, 2016 at 11:38 AM, Michal Trojnara <span dir="ltr"><<a href="mailto:Michal.Trojnara@stunnel.org" target="_blank">Michal.Trojnara@stunnel.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<span class=""><br>
On 18.02.2016 10:26, Shay Cohen wrote:<br>
> I am trying to configure one of my clients to use 'engine = capi',<br>
> but cannot find a way to define which Key to actually use.<br>
<br>
</span>With the CAPI engine you don't need to manually select the client key<br>
to use.  The client key is automatically selected based on the list of<br>
CAs trusted by the server.<br>
<br>
Best regards,<br>
        Mike<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQIcBAEBCAAGBQJWxZEOAAoJEC78f/DUFuAUJ7YP/A7fzgmI8dKdKlb0jm2olbjS<br>
PxtUaPSwog6M8uNMXV88dyvJAaDn+KrxHPXXWzw6z+0bca+Cj4ddrn32mc5eJIfC<br>
0QCXR/0uId5C6xLgOgq/3fW/MFkLRCLrHqVgm/Wzp3CRLUAB1D3HWOyFK3JezegN<br>
nAbULf03UFaBJjj3xI9YHBJonJu+emwQI00sNvmTVc26lq1hVwAISlvDAEvWwyPy<br>
zhT+j2ao0d2+jYln93Klxl85PbF+ybacewODRsZVdrnJN6YoxRrhRmhMTnzHBUCo<br>
u5oAGfyg77sBsivBS4M6NLik62off+Lkvlj0TzkjnDewHBcm67nigOdiVa3Lx6c6<br>
Nzhdk2fFiqf4mGN50gsITOoyqPNkfWSdjFeyWAOFU1DMILFn0Um8FVg2fd05LqPN<br>
XBg7UVj8Jt4r8dCZvVQCNMAhEb7xfHlDdo63J7qzQF9bq6hpMvsDWx1dUyGA1Nvb<br>
49ii4ScLNlHQ0Lh6e/4Lc2z+XuOr1gZyuRYfAfpkcd3g3mjPWblAYhqAkTUpqPT3<br>
qiDM6ub9qhFNzoebuXPVi7zjPHibnRM5SHJDJAR5zMyyOv4IdvroUY5Z8TY1MAp6<br>
lIuD8dHzkI7prTRTNiFxPdmWtBUGWLsO1fceHGxvEeRo5kVGZ2HL24g8yNefslXX<br>
CCXEp0B0O5wFFldy2gYk<br>
=fcHM<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" rel="noreferrer" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</blockquote></div><br></div>