Hi All

Sorry if this has been covered before - I could not find details in the
FAQ.

I need to create a PEM file to "Ensure the identity of a remote
computer" ...

Using MS IE 6.0, I used the "Certificate Export Wizard" to create a
PKCS#7 file from the Certificate in question. (Also tried the DER and
Base-64 X.509 types)

I then used OpenSSL to create the pem file.
-------
C:\cURL\cURL7.10.3>openssl version
OpenSSL 0.9.6g 9 Aug 2002

C:\cURL\cURL7.10.3>openssl pkcs7 -inform DER -in iTouch.p7b -outform PEM
-out iTouch.pem -print_certs -text

-----------
However, issuing the cURL command results in the following error

C:\cURL\cURL7.10.3>curl --config curl.conf
https://securesms.co.za/postftp.php
* About to connect() to proxy.shoprite.co.za:3128
* Connected to cache1.shoprite.co.za (172.20.1.80) port 3128
* Establish HTTP proxy tunnel to securesms.co.za:443
* Proxy replied to CONNECT request
* SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verif
y failed
* Closing connection #0
curl: (35) SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certific
ate verify failed
--------------

The curl.conf file looks like this:
-----------------
-x proxy.shoprite.co.za:3128
--cacert iTouch.pem
<app stuff deleted>
-------------------

I also tried using the PEM file generated from Konqueror under RedHat
Linux , but no luck!

Using the -k option allows me to connect to the site without any problem
- but I guess that does defeat the object somewhat :-)

Any pointers would be much appreciated!!

Regards
Johnny Vergeer

-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Received on 2003-02-13