I have an app running on a Windows machine which acts like a simple server listening on a specific port and providing some data for clients.
Currently I'm trying to make this connection protected by TLS encryption using the OpenSSL library.
I was able to do it using a manually generated key pair and server certificate (.pem files).
Now I want to purchace a 'real' TLS/SSL certificate from a global provider, for example from DigiCert, and use it.
My understanding is that I can add purchased certificates to Windows' certificate store and then load it somehow into OpenSSL from there.
I found this link describing how to enumerate all certificates from Windows' certificate store and add them to OpenSSL's trust store. As I understand, it solves the problem of using Windoes certificates only from the client side.
From the server side, I need to load a particular certificate and private key using, for example:
SSL_CTX_use_certificate_file()
and
SSL_CTX_use_PrivateKey_file()
To extract the certificate and private key from Windows' certificate store, I can use the CryptoAPI (not sure, never used it). But during googling, I realized that some certificates don't allow to extract their private key (correct me if I'm wrong).
So, I would like to know if I'm on the right track to implement data encryption for my server?
And, is there some common scenario to use OpenSSL with Windows' certificate store on the server side?
