cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: creating a PEM file

From: Johnny Vergeer <jvergeer_at_shoprite.co.za>
Date: Fri, 14 Feb 2003 14:37:38 +0200

Hi Ralph & Daniel

Thanx for the feedback so far.

Ralph, do I then somehow have to add the REMOTE Secure WebSite's
Certificate to this "ca-bundle.crt" file? If yes, how?

Daniel, I'm fairly certain that I'm saving the REMOTE site's Certificate
(and not my OWN). Using MS IE6, at the secure Web page, I double click
on the "lock icon". This brings up the "Certificate details dialog" box.
Under the Details Tab, I can see that information listed, are those for
the REMOTE site.

From the Details Tab, I use the "Copy to File" button, and this brought
up the "Certificate Export Wizard" as described in my original posting.

I'm sure once we have this figured out, it will all seem real simple,
but for now I'm still in the dark.

Best Regards
Johnny

-----Original Message-----
From: Ralph Mitchell [mailto:rmitchell_at_eds.com]
Sent: 14 February 2003 01:54 PM
To: curl-users_at_lists.sourceforge.net
Subject: Re: creating a PEM file

It's related to the ca-cert-bundle.crt either not being installed or not
being
found where curl expects it to be... I've got a Win98 laptop here with
c:\curl-7.10.2-win32 and the cert file is stashed away under
c:\curl-7.10.2-win32\lib. So, do a search for the ca-bundle.crt file
and
change your config file to match.

On my laptop, this worked for me:

    --cacert c:\curl-7.10.2-win32\lib\ca-bundle.crt

Your milage will vary due to the different release of curl you're using.

Ralph Mitchell

Daniel Stenberg wrote:

> On Thu, 13 Feb 2003, Johnny Vergeer wrote:
>
> > Sorry if this has been covered before - I could not find details in
the
> > FAQ.
>
> Ah, no it isn't really clarified there and if you have any clever
ideas of
> how to do this after my reply, feel free to suggest!
>
> > I need to create a PEM file to "Ensure the identity of a remote
computer"
> > ...
>
> Not just "a PEM file". PEM is just a file format to use for
certificates.
> There are different certificates, and if YOU want to insure that the
REMOTE
> server is who it tells you it is, you need a CA cert to verify the
server's
> cert against.
>
> > Using MS IE 6.0, I used the "Certificate Export Wizard" to create a
PKCS#7
> > file from the Certificate in question. (Also tried the DER and
Base-64
> > X.509 types)
>
> This is YOUR private certificate that you use in connections, and the
server
> will use this to check that YOU are who you say you are. This cannot
be used
> to verify the server with.
>
> > * SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed
>
> ... and that's why the connection fails, because your certficiate
could not
> be used to verify the server's.
>
> > Using the -k option allows me to connect to the site without any
problem -
> > but I guess that does defeat the object somewhat :-)
>
> Right, it makes you accept the connection to the server, unregarding
of what
> kind of man-in-the-middle attack that is going on.
>
> You need to get a CA cert for the server. I don't know how to proceed
to do
> this.
>
> (I'm not a SSL wizard, this is all information as I have perceived it,
I may
> be wrong in details or in general, but I don't think I am.)
>
> --
> Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
>
> -------------------------------------------------------
> This SF.NET email is sponsored by: FREE SSL Guide from Thawte
> are you planning your Web Server Security? Click here to get a FREE
> Thawte SSL guide and find the answers to all your SSL security
issues.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Received on 2003-02-14