views:

8

answers:

1

Hi, I have a native C++ library which uses OpenSSL for TLS. It reads the private key using SSL_CTX_use_PrivateKey_file and everything is fine,

Then I created a C# wrapper which reads the certificates from Windows certificate store according to certain OIDs and the subject name. And here is the problem - I might get more than one certificate. How can I deal with that? Try all of them?

Is it possible to hold more than one private key in a PEM file?

Thank you very much.

A: 

You can only present one certificate to the client (well, you can present an entire certificate chain, but that's a different thing - there's still only one server certificate in the end). So you'll have to figure out a way to choose just one - perhaps choosing the one with the latest expiry date makes sense?

caf
That was what I thought. Thank you!
IUnknownPointer