Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Probs with client certificates

From: Georg Horn <horn_at_koblenz-net.de>
Date: Mon, 13 Oct 2003 15:11:10 +0200

Hi,

i have a problem with a webserver that requires a client certificate:

    $ curl -k -v https://www1.postbank-banking.de/xmlapi/OB
    * About to connect() to www1.postbank-banking.de:443
    * Connected to www1.postbank-banking.de (213.61.167.194) port 443
    * SSL connection using DHE-RSA-AES256-SHA
    * Server certificate:
    * subject: /C=DE/ST=NRW/L=Bonn/O=Deutsche Postbank AG/OU=Postbank Electronic Banking/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www1.postbank-banking.de
    * start date: 2003-01-16 00:00:00 GMT
    * expire date: 2004-01-16 23:59:59 GMT
    * common name: www1.postbank-banking.de (matched)
    * issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> GET /xmlapi/OB HTTP/1.1
    User-Agent: curl/7.10.7 (i686-pc-linux-gnu) libcurl/7.10.7 OpenSSL/0.9.7c zlib/1.1.4
    Host: www1.postbank-banking.de
    Pragma: no-cache
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

    < HTTP/1.1 401 Authorization Required
    < Date: Mon, 13 Oct 2003 13:05:14 GMT
    < Server: Apache/1.3.27 (Unix) mod_ssl/2.8.14 OpenSSL/0.9.7b mod_jk
    * Authentication problem. Ignoring this.
    < WWW-Authenticate: Basic realm="Requires valid Client-Certificate"
    [...]

But when i use the client certificate, i get an SSL error:

> curl -k -v --cert /tmp/mgb2003.pem https://www1.postbank-banking.de/xmlapi/OB
    * About to connect() to www1.postbank-banking.de:443
    * Connected to www1.postbank-banking.de (213.61.167.194) port 443
    Enter PEM pass phrase:
    * SSL connection using DHE-RSA-AES256-SHA
    * Server certificate:
    * subject: /C=DE/ST=NRW/L=Bonn/O=Deutsche Postbank AG/OU=Postbank Electronic Banking/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www1.postbank-banking.de
    * start date: 2003-01-16 00:00:00 GMT
    * expire date: 2004-01-16 23:59:59 GMT
    * common name: www1.postbank-banking.de (matched)
    * issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
> GET /xmlapi/OB HTTP/1.1
    User-Agent: curl/7.10.7 (i686-pc-linux-gnu) libcurl/7.10.7 OpenSSL/0.9.7c zlib/1.1.4
    Host: www1.postbank-banking.de
    Pragma: no-cache
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

    * SSL read error: 1
    * Connection #0 left intact
    curl: (56) SSL read error: 1
    * Closing connection #0

Any idea, how i could debug this more closely? I tried to call that URL in
mozilla, i converted the certificate into pkcs12 and imported it into
mozilla but failed till now to tell mozilla to use that certificate on
that url. Can anyone tell me how to do this?

Thanks,
Georg

-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
Received on 2003-10-13