W dniu 23.05.2018 o 11:16, Brian Ipsen pisze:
I am trying to use the Microsoft certificate store/API for client
validation of Windows hosts towards an F5.
Everything works, when we use file-based certificates - but for security
purposes I would prefer to use the windows certificate store, and set
the private key on the client as non-exportable...
engineId = capi
[F5CertAdmin]
client=yes
accept = 127.0.0.1:1679
connect = w.x.y.z:443
delay = yes
sni = ssl79admpki.xxxx.com
CApath = C:\Program Files (x86)\stunnel\config\certs
CAFile = C:\Program Files
(x86)\stunnel\config\certs\GlobalSign-Cert-Chain.pem
verify = 2
engineId = capi
key = BaaSClientCertificateCP
cert = BaaSClientCertificateCP
Hello Brian,
With the CAPI engine you don't need to manually select the client key to
use. Don't use key and cert options. The client key is automatically
selected based on the list of CAs trusted by the server.
Regards,
Małgorzata
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
