cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Using Client Certificates with Curl

From: Michael Naef <nah_at_payserv.telekurs.com>
Date: Thu, 16 Mar 2000 13:18:15 +0100

Daniel.Stenberg_at_haxx.nu wrote:
>
> On Thu, 16 Mar 2000, Michael Naef wrote:
>
> > Hence, I can enter the password to my private key but still get the error
> > message that Curl (or OpenSSL?) can't use my certificate.
>
> Just a note here, have you concatenated the private key and the private
> certificate?

I solved the problem now. This is what my PEM file looks like:

---snip---
Bag Attributes
    friendlyName: Michael Naef
    localKeyID: 34 67 E0 E7 43 F6 2E FE 23 1E 45 27 32 87 5F 98 2E 49 DA
A8
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
Bag Attributes
    friendlyName: Swisskey Corporate ID CA 1024 - Swisskey AG
subject=/C=CH/O=Swisskey AG/OU=008510000000500000596/OU=Public CA
Services/L=Zuerich/CN=Swisske
y Corporate ID CA 1024
issuer= /C=CH/O=Swisskey AG/OU=008510000000500000192/OU=Public CA
Services/L=Zuerich/CN=Swisske
y Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Swisskey Root CA
subject=/C=CH/O=Swisskey AG/OU=008510000000500000192/OU=Public CA
Services/L=Zuerich/CN=Swisske
y Root CA
issuer= /C=CH/O=Swisskey AG/OU=008510000000500000192/OU=Public CA
Services/L=Zuerich/CN=Swisske
y Root CA
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Michael Naef
    localKeyID: 34 67 E0 E7 43 F6 2E FE 23 1E 45 27 32 87 5F 98 2E 49 DA
A8
subject=/O=Payserv
AG/OU=008510000281100001817/2.5.4.17=8021/L=Zuerich/C=CH/CN=Michael
Naef/Ema
il=nah_at_payserv.telekurs.com
issuer= /C=CH/O=Swisskey AG/OU=008510000000500000596/OU=Public CA
Services/L=Zuerich/CN=Swisske
y Corporate ID CA 1024
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
---snip---

Clearly, my private key is included in the file. But there's also the
CA's root certificates in addition to my personal cetrificate. It seems
that Curl/OpenSSL can't figure out which certificate to use. So I just
deleted the two superfluous certificates. Curl works fine now.

Thanks anyway!

myke.

--------------------------------------------------
Michael Naef, Security Services, Payserv AG
Hardturmstr. 201, Postfach, CH-8021 Zurich
phone: +41 1 279 27 36, e-mail: nah_at_payserv.ch
Received on 2000-03-16