Attempting to use the -E.

1) Have gotten the openssl and tried to convert certs, but keep getting
error code 35 from curl command line when use.

Does curl just pass through the certs or must they be in the pkcs12 format,
as referred to in the man/tutorial page:

> Run the 'openssl' application to convert the certificate. If
you cd to the openssl installation, you can do it like:
> #. /apps/openssl pkcs12 -in [file you saved] -clcerts -out
[PEMfile]

The -clcerts option is not valid with pkcs7 or x509, at least that I been
able to make useful.

2) pkcs12 format is hard achieve because:

a) Netscape stores the certificate I need in the Web Site Certificate area,
not the Yours area, and thus cannot export into the pkcs12 format. Does
curl support a Web Site Certificate?
b) IE 5.5 has a pkcs12 export option, but it is greyed out and I have not
figured (nor is it posted on MS support site) of how to enable. IE does let
me export it to pkcs7 and x509. In both cases, I converted them to PEM
format successfully, however still get 35 error.

Here is curl invocation I'm using:

$ curl -v -i -E test.cert.pem -b 'tst.ck1' -D 'tst.ck2' --url
'https://localhost:9443/web/exp/{j_security_check,simpleJSP}' -d
'j_username=ptest&j_password=ppwd&action=Submit Logon'

Need to use the 2 url trick, as I have a servlet that does authentication,
then I can hit the page. Here are the error messages I get:

(from both URLs)
* Your connection is using a weak random seed!
* Closing live connection (#0)
curl: (35) couldn't use certificate!

All my other tests, both secure, unscure, and via https work. Just the
certificate based one here does not. All secure http reqests use the 2 url
model, and work ok.

Perry Dykes
Received on 2001-08-07