Hello Hallian,

hallian hallian wrote:
> I have being playing around with openssl and curl and have tried to use
> curl with "https." This is what I have done. I have created a CA and
> then server certs.
>
> [root_at_localhost ssl.key]# curl -k --cipher DHE-RSA-AES256-SHA --cert
> /home/test/newcert.pem --cacert /usr/share/ssl/misc/demoCA/cacert.pem
> https://24.221.29.41:1443/index.html
>
> curl: (58) unable to set certificate file (wrong password?)

What is in in /home/test/newcert.pem ?

Calling curl this way it must contain the certificate used to do
client authentication and the private key that belongs to it.

It is better to have the private key in a seperate file and accessing
it with
curl -k --cipher DHE-RSA-AES256-SHA --cert /home/test/newcert.pem \
  --key /home/test/newkey.pem --cacert /usr/share/ssl/misc/demoCA/cacert.pem

Since curl didn't ask you for the pass phrase for the key,
I assume that /home/test/newcert.pem contains no private key
(or the order cert, key is wrong...)
The reported error is a little bit confusing here.
Perhaps we should have changed it to something like
"failed to set private key (wrong psss phrase or key not found)"

Bye

Goetz

-- 
Goetz Babin-Ebell, software designer,
TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany
Office: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126
www.trustcenter.de www.betrusted.com