gRPC and Windows Certificate Store certificates for HTTPS (keys not exportable)

[lah...@fajne.com]

Hi,

Does gRPC supports Windows Credentials Management Store certificates for HTTPS?

What is the story around this if person would like to use the certs in Windows Credentials Management Store (with keys marked as non-exportable) and maintain FIPS compliance (so cannot export keys from windows secret store)?

Does gRPC supports calling into Windows APIs to sign?

I noticed gRPC underneath uses boringssl (apparently similarly as Google Chrome?). Do I assume correctly that Google Chrome can use the certs from Windows Credentials Store? and in this case boringssl in gRPC will be able to use this as well?

What is the story to use Windows Credentials Store certs with non-exportable keys?

Best regards,

Michal Zygmunt

[jian...@google.com]

gRPC currently does not support Windows credential store as root certificate. 

gRPC ships with its own root certificate (from mozilla). Of course, user can provide his/her own root certificates.

For Linux, gRPC will uses system root store. We don't have such support for MacOS and Windows.