Getting Started

3.CA (Certificate Authority) or root certificates. These are used to authenticate the other two types. The client will need to store these locally.

Storage of Certificates

TeemTalk stores its certificates in the Registry as binary values. The following keys are used:

HKEY_CURRENT_USER\Software\Neoware\Security\SSL\CA Certificates HKEY_CURRENT_USER\Software\Neoware\Security\SSL\Client Certificates

CA (root) Certificates are stored unencrypted. The value name in the registry is in the form HHHHHHHH.UU where HHHHHHHH is the hash of the certificate's internal name and UU is a unique number. The UU section is to allow different certificates which happen to have the same hash value co-exist. This follows the convention used by openSSL file based system. TeemTalk will automatically discard any duplicate certificates.

Client Certificates are stored encrypted. The value name may be any valid string of characters.

Acquiring New Certificates

There are two ways a client may acquire new certificates. They may be added directly to the registry keys detailed above or they may be installed on the file system and imported manually by TeemTalk.

Adding to the Registry

New CA (root) Certificates should be added to the CA Certificates key with a value name in the form NEWXXXXXXXX where XXXXXXXX is a unique number. Whenever it uses its certificate's, TeemTalk first scans the registry for any value name NEW*. If it finds one it checks that it is not a duplicate and then renames it with the correct hash.unique name.

New Client certificates should be added to the Client Certificate key. They may be given any value name. Obviously if a value already exists with the same name it will be overwritten. TeemTalk uses this value name to identify the certificate to the user and to link particular certificates to particular sessions.

Importing from the File System

The SSL Connection dialog box allows users to add both CA and Client certificates by picking files from the file system. These files should be in PEM certificate format and the Client file should include both the certificate and the encrypted private key.

An imported client certificate’s registry name will be the original filename minus any path or extension.

2-20