coredns-https icon indicating copy to clipboard operation
coredns-https copied to clipboard
verified publisher icon v-byte-cpu

Add support for client certificate from Windows cert store

Open ZetaTwo opened this issue 1 year ago • 0 comments

This PR adds support for using mTLS with client certificates from the Windows certificate store.

It adds a new config directive tls_certstore which allows you to specify which store and cert to use. The format is

tls_certstore user|system software|platform store issuer intermediate_issuer

for example

https . 1.2.3.4/dns-query {
    tls
    tls_certstore "user" "software" "My" "Company Internal Authority" ""
}

or:

https . 1.2.3.4/dns-query {
    tls
    tls_certstore "system" "platform" "My" "Company Intermediate Authority" "Company Root Authority"
}

This feature is only built on Windows and behaviour on other platforms are unchanged.

ZetaTwo avatar Dec 03 '24 18:12 ZetaTwo