1

I'm using OpenSSL in C++ under Windows to implement an SSL client. So my goal is to use a certificate installed in the certificate store to do the handshake with the server.

Now, the problem is that as the private key is non-exportable I can't use it directly in a call like SSL_CTX_use_PrivateKey.

So far I tried to use the CAPI engine to do the handhshake, but I haven't figured out how to set the private key in the SSL context.

Thanks

Jose Peiro Pardo
  • 21
  • 7
  • In the simplest case, you don't need any keys or certificates to act as SSL/TLS-client. – Lorinczy Zsigmond Mar 11 '19 at 11:59
  • I know, but in this case the server only allows to connect if the client has an authorized certificate – Jose Peiro Pardo Mar 11 '19 at 18:32
  • When a private key is non-exportable you can't export the private key, you can only use it with the windows crypto api. So there is no way to import the private key into openssl. So to use a windows cert store private key into openssl you have to export the private key then import it into openssl. – Shane Powell Mar 13 '19 at 16:01
  • 1
    My answer here may help: https://stackoverflow.com/a/55148179/23235 – Shane Powell Mar 14 '19 at 16:33

0 Answers0