[stunnel-users] stunnel and CAPI on Windows

• Next message (by thread): [stunnel-users] Windows 2016 Server: [!] bind: Address already in use (WSAEADDRINUSE) (10048)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

W dniu 23.05.2018 o 11:16, Brian Ipsen pisze:
>   I am trying to use the Microsoft certificate store/API for client 
> validation of Windows hosts towards an F5.
> 
> Everything works, when we use file-based certificates - but for security 
> purposes I would prefer to use the windows certificate store, and set 
> the private key on the client as non-exportable...
> 
> engineId = capi

> [F5CertAdmin]
> client=yes
> accept = 127.0.0.1:1679
> connect = w.x.y.z:443
> delay = yes
> sni = ssl79admpki.xxxx.com
> CApath = C:\Program Files (x86)\stunnel\config\certs
> CAFile = C:\Program Files 
> (x86)\stunnel\config\certs\GlobalSign-Cert-Chain.pem
> verify = 2
> engineId = capi
> key = BaaSClientCertificateCP
> cert = BaaSClientCertificateCP
> 

Hello Brian,
With the CAPI engine you don't need to manually select the client key to 
use. Don't use key and cert options. The client key is automatically 
selected based on the list of CAs trusted by the server.

Regards,
Małgorzata

• Next message (by thread): [stunnel-users] Windows 2016 Server: [!] bind: Address already in use (WSAEADDRINUSE) (10048)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]