On Wed, 15 Oct 2003, Georg Horn wrote:

I'm far from an expert on this, but I'll give it a shot.

> $ curl-7.10.7/src/curl -debug -v --cert mgb2003.pem --cacert \
> postbank-komplett.pem -k https://www2.postbank-banking.de/xmlapi/OB

You should --cacert OR -k, as they kind of defeat each others purposes. But I
believe -k is ignored in this case.

If you want to skip the CA problems to start with, then use -k while you setup
your client cert to get accepted.

> * About to connect() to www2.postbank-banking.de:443
> * Connected to www2.postbank-banking.de (62.180.72.66) port 443
> Enter PEM pass phrase:
> * SSL certificate problem, verify that the CA cert is OK
> * Closing connection #0
> curl: (60) SSL certificate problem, verify that the CA cert is OK
> [...]
>
> I would really appreciate some help at this point, even if someone could
> point me to some documentation that further explains this ssl-stuff to an
> ssl-newbie.

This looks as if your CA cert isn't good enough, but perhaps the error message
is misleading/wrong.

I believe your client cert needs to be your certificate and key concatenated,
unless you also provide a --key option.

-- 
 Daniel Stenberg -- curl: been grokking URLs since 1998
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php