cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: creating a PEM file

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 14 Feb 2003 11:00:28 +0100 (CET)

On Thu, 13 Feb 2003, Johnny Vergeer wrote:

> Sorry if this has been covered before - I could not find details in the
> FAQ.

Ah, no it isn't really clarified there and if you have any clever ideas of
how to do this after my reply, feel free to suggest!

> I need to create a PEM file to "Ensure the identity of a remote computer"
> ...

Not just "a PEM file". PEM is just a file format to use for certificates.
There are different certificates, and if YOU want to insure that the REMOTE
server is who it tells you it is, you need a CA cert to verify the server's
cert against.

> Using MS IE 6.0, I used the "Certificate Export Wizard" to create a PKCS#7
> file from the Certificate in question. (Also tried the DER and Base-64
> X.509 types)

This is YOUR private certificate that you use in connections, and the server
will use this to check that YOU are who you say you are. This cannot be used
to verify the server with.

> * SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed

... and that's why the connection fails, because your certficiate could not
be used to verify the server's.

> Using the -k option allows me to connect to the site without any problem -
> but I guess that does defeat the object somewhat :-)

Right, it makes you accept the connection to the server, unregarding of what
kind of man-in-the-middle attack that is going on.

You need to get a CA cert for the server. I don't know how to proceed to do
this.

(I'm not a SSL wizard, this is all information as I have perceived it, I may
be wrong in details or in general, but I don't think I am.)

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Received on 2003-02-14