[stunnel-users] Individual user certs for each person who uses Windows PC

Jason Haar Jason.Haar at trimble.co.nz
Mon Sep 6 05:31:16 CEST 2010

 On 09/01/2010 09:02 PM, Michal Trojnara wrote:
> I think this request should rather be addressed to the OpenSSL team.
> AFAIK Windows Certificate Store was specifically designed to prevent
> non-Microsoft SSL implementations from using it directly, i.e. without
> manual key export.
Hi Mike

You should look again - lots of non-M$ products use this API. e.g
openvpn for Windows allows you to use the personal cert that other M$
components like MSIE uses - see " cryptoapicert"

--cryptoapicert select-string
              Load  the  certificate and private key from the Windows
              cate System Store (Windows Only).

              Use this option instead of --cert and --key.

              This makes it possible to use any smart card, supported
by  Win-
              dows,  but  also  any  kind of certificate, residing in
the Cert
              Store, where you have access to the private  key.   This 
              has been tested with a couple of different smart cards
              Cryptoflex, and Swedish Post Office eID) on the client
side, and
              also an imported PKCS12 software certificate on the server


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the stunnel-users mailing list