Thanks for you fast response, Daniel, I really appreciate it.
curl --cert cert.pem is a variation I've tried. I get 'curl: (58)
unable to set private key file: 'cert.pem' type PEM'.

I'm so stupid about this, I don't even know if the certificate 'p12' I
received via email is supposed to be a CA certificate, client
certificate, or both... remember it includes 4 different sections?

Do you see anything wrong with the way I converted it, using the -nodes
option? Should I provide a Pass Phrase when converting from p12 to
pem? Should I provide for curl, or be prompted by curl for a password?
When I successfully access the test web site via browsers, I am *not*
prompted for a user name or password.

What about the fact that I *do* get the 'SSL certificate verify ok'
message in the curl trace file? It comes right before the POST
command. And then, after all content is sent, I get the 403 error. Is
this common? Is the 'SSL certificate verify ok' message before the POST
just half of the equation? Is it possible that the certification part
that has anything to do with the pem file is doing just fine, and that
something totally unrelated is causing the 403 error message? Is there
supposed to be enough information in the trace file to deduce such things?

As you can see, I'm pretty stupid about all this. Do you need anymore
info about the certificate? Can you think of anything else for me to
try? I'd sure like to know what the browsers are doing right, as
opposed to me and/or curl.

Thanks again for you help,
Hal Williams

Daniel Stenberg wrote:

> On Sat, 21 May 2005, Hal Williams wrote:
>
>> openssl pkcs12 -in cert.12 -out cert.pem -nodes (tried many
>> variations of this)
>> curl --trace-ascii tracefile --cacert cert.pem (tried many variations
>> of this)
>
>
> ...
>
>> fiiendlyName: TUNA Test Client Certificate
>
>
> Look! It says "Client Certificate", and you use it as a CA cert!
>
> --cert might thus be the better option for you.
>
Received on 2005-05-21