OpenSSL SSL_CTX_use_PrivateKey_file with Windows certificate store

I have a native C++ library which uses OpenSSL for TLS. It reads the private key using SSL_CTX_use_PrivateKey_file and everything is fine,

Then I created a C# wrapper which reads the certificates from Windows certificate sto开发者_如何学运维re according to certain OIDs and the subject name. And here is the problem - I might get more than one certificate. How can I deal with that? Try all of them?

Is it possible to hold more than one private key in a PEM file?

Thank you very much.

You can only present one certificate to the client (well, you can present an entire certificate chain, but that's a different thing - there's still only one server certificate in the end). So you'll have to figure out a way to choose just one - perhaps choosing the one with the latest expiry date makes sense?