From sgcWebSockets 4.4.7 the use of Certificates using SChannel as crypto library is supported.
The SChannel implementation supports 2 types of certificate authentication:
1. Using a PFX certificate
2. Setting the Hash Thumbprint of an already installed certificate in the windows system.
PFX Certificate
PFX Certificate is a file that contains the certificate and private key, sometimes you have a certificate in PEM format, so before use it, you must convert to PFX.
Use the following openssl command to converte a PEM certificate to PFX
openssl pkcs12 -inkey certificate-pem.key -in certificate-pem.crt -export -out certificate.pfx
Once the certificate has PFX format, you only need to deploy the certificate and set in the TLSOptions.Certificate property the path to it.
Hash Thumbprint
If the certificate is already installed in the windows certificate store, you only need to know the certificate thumbprint and set in the TLSOptions.SChannel_Options property.
Finding the hash of a certificate is as easy in powershell as running a dir command on the certificates container.
dir cert:\localmachine\my
The hash is the hexadecimal Thumbprint value.
Directory: Microsoft.PowerShell.Security\Certificate::localmachine\myThumbprint Subject---------- -------
C12A8FC8AE668F866B48F23E753C93D357E9BE10 CN=*.mydomain.com
Once you have the Thumbprint value, you must to set in the TLSOptions.SChannel_Options property the hash and where is located the certificate.