1. The problem I’m having:
I want to use Caddy as a reverse proxy but use a private key that is stored in the Windows Cert Store instead of having one on the filesystem. Further, I don’t want the key to be exportable so that there’s no chance that bad actors can obtain the key.
A response to this post seems to indicate that it isn’t supported out of the box but that there might either be an existing plugin or possibility of writing a new plugin to support it.
This post shows someone’s attempt at such a plugin, but exposing the private key through an http server (even when privately-facing) seems like a bad idea for security.
I’m hoping that a plugin exists that works like Tomcat’s integration with the Cert Store using Microsoft’s Cryptography API (MSCAPI).
2. Error messages and/or full log output:
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
a. System environment:
Windows, any version
b. Command:
caddy -config proxy.json
c. Service/unit/compose file:
d. My complete Caddy config:
Don’t have any configuration remotely working.