SChannel Certificates

PFX Certificate 

PFX Certificate is a file that contains the certificate and private key, sometimes you have a certificate in PEM format, so before use it, you must convert to PFX.

Use the following openssl command to converte a PEM certificate to PFX

openssl pkcs12 -inkey certificate-pem.key -in certificate-pem.crt -export -out certificate.pfx

Once the certificate has PFX format, you only need to deploy the certificate and set in the TLSOptions.Certificate property the path to it.

TLSOptions.IOHandler := iohSChannel;
TLSOptions.CertFile := '<certificate path>';
TLSOptions.Password := '<certificate optional password>'; 

Hash Thumbprint

If the certificate is already installed in the windows certificate store, you only need to know the certificate thumbprint and set in the TLSOptions.SChannel_Options property.

Finding the hash of a certificate is as easy in powershell as running a dir command on the certificates container.

dir cert:\localmachine\my

The hash is the hexadecimal Thumbprint value.

Directory: Microsoft.PowerShell.Security\Certificate::localmachine\my
Thumbprint Subject
---------- -------
C12A8FC8AE668F866B48F23E753C93D357E9BE10 CN=*.mydomain.com

Once you have the Thumbprint value, you must to set in the TLSOptions.SChannel_Options property the hash and where is located the certificate.

TLSOptions.IOHandler := iohSChannel;
TLSOptions.SChannel_Options.CertHash := '<certificate thumbprint>';
TLSOptions.SChannel_Options.CertStoreName := '<certificate store name>';
TLSOptions.SChannel_Options.CertStorePath := '<certificate store path>';
TLSOptions.Password := '<certificate optional password>';