Selecting certificates from a key ring file

It is possible to have more than one personal certificate stored in the same key ring file or cryptographic hardware token. The SSLClientSite* properties can be used on the client side to select the certificate to be sent to the server for authentication and the SSLServerSite* properties can be used on the server side to select the certificate to be sent to the client for authentication.

Use these properties, a certificate can be selected based on its Distinguished Name (DN). Alternatively, the certificate label can be used to select a certificate using the SSLServerSiteLabel and SSLClientSiteLabel properties.

To select the server certificate used by the TLS command port, use the SSLCommandPortSiteLabel property to specify the label name of the certificate.