On Sat June 26 2010, Mohan Radhakrishnan wrote: > Hi, > Please ignore if this question belongs else where but it looks > like the OP is storing and retrieving SSL certificate from a Windows > store. I have been looking for ways to use the Windows store to secure > SSL certificates and keys and SFTP keys. > > Is windows or any other method recommended for storage of keys and > certificates not created by Windows ? We just cut a CD with the keys > and hand it over to the custodian as recommended by PCI but we want a > storage server. I know that RedHat has a PKI server but we already > have windows and the number of keys is less. >
A good, widely used, general storage for sensitive information is TrueCrypt: http://www.truecrypt.org/ Available for the most common operating systems. Mike > Thanks, > Mohan > > On Thu, Jun 24, 2010 at 9:45 PM, Harshvir Sidhu <hvssi...@gmail.com> wrote: > > Hey thanks all for the reply. > > Stephen: > > Yes i have to do client authentication, Is there some sample available > > that demonstrates how can i use capi engine for the same? Thanks. > > > > // Harshvir > > > > On Thu, Jun 24, 2010 at 7:29 AM, Dr. Stephen Henson <st...@openssl.org> > > wrote: > >> > >> On Wed, Jun 23, 2010, Harshvir Sidhu wrote: > >> > >> > Hi All, > >> > I am trying to read Certificates and Private Key from Windows > >> > Certificate Store and then using them in OpenSSL. I am able to read > >> > Certificates but i am having trouble with reading Private Key. Have > >> > anyone > >> > done this before, any pointers will be great. Thanks. > >> > > >> > >> Depends on what you want to do with the key. If you want to use it for > >> SSL/TLS > >> client authentication then you can use the CryptoAPI ENGINE to pick an > >> appropriate certficate and key and use them directly. You just have to set > >> the > >> SSL client authentication ENGINE to "capi". > >> > >> For other purposes you can load the private key from the capi ENGINE using > >> ENGINE_load_private_key(). The string you pass by default is a substring > >> of the > >> certificate name e.g. if it has CN=steve then "steve" will do. > >> > >> Steve. > >> -- > >> Dr Stephen N. Henson. OpenSSL project core developer. > >> Commercial tech support now available see: http://www.openssl.org > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-us...@openssl.org > >> Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
