cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: newbie https certificate questions

From: Götz Babin-Ebell <babin-ebell_at_trustcenter.de>
Date: Thu, 09 Oct 2003 17:27:09 +0200

Helol Justin,

Justin Worrall wrote:

> Thank you taking the time to explain (is there a good online resource which
> covers this stuff?)

Beauty is in the eye of the beholder...

Try http://www.trustcenter.de/infocenter/home_en.htm
And perhaps you find the HOWTOs on www.openssl.org usable...

> So now it sounds to me as if I need
>
> 1) a series of certificates, issued by 'well-known' Certification
> Authorities, which enable me to determine whether a received public key does
> in fact belong to the entity to whom I wish to talk
> 2) A client certificate, in case the server asks me to identify myself
>
> so:
>
> 1) who are the 'well-known' Certification Authorities, and how do I get their
> certificates ?

That depends on your definition of the term 'well-known'... ;-)

You find a list of Certificate Authorities in your browser.
And curl comes with a file (ca-bundle.crt) that contains
certificates...

> 2) how do I generate a client certificate

For client authentication you need a certificate issued
by a CA that the server trusts.

You can request a certificate by one of te public CAs
(www.trustcenter.de still has low grade client certificates for free...)

> (are they downloadable from the browser, and useable once I convert the
> format?)

You can export your client certificate from your Netscape 4.76:
"Security" -> Certifiocates -> Yours
There select the certificate and click the "Export" button.

You will be asked for your pass phrase and a new pass phrase
for the generated file.
Save the file to your disk,
Now you have to convert the generatad PKCS#12 file to the used PEM
files:

openssl pkcs12 -in savedfile.p12 -out yourcert.pem -clcerts
(asking for the export pass phrase you used in Netscape)
openssl pkcs12 -in savedfile.p12 -out yourkey.pem -nocerts
(asking for the export pass phrase you used in Netscape
  and (2 times) the new pass phrase that will protect the private key)

Now your client certificate should be in yourcert.pem
and your private key should be in yourkey.pem.

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

Received on 2003-10-09