cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Problem with cert

From: Peter Sylvester <Peter.Sylvester_at_edelweb.fr>
Date: Tue, 06 Sep 2005 11:53:07 +0200

The --cert option asks for a client "certificate", not for a server
certificate.
That's not your parameter. :-)

You need to use the --cacert parameter, and well, AFAIR, you
cannot use in general a server with a self signed cert in this case:
Create your own ca (this is just as simple as a self signed server cert),
and then create a server cert signed by this ca, and use the
--cacert together with the self signed certificate of the CA.

I put "certificate" in quotes because of the common misuse
of the language. For a client cert, it contains what in French is
called "bi-clef", i.e. both a (may be certified) public key, and
a private key. Or, in other words, for the CA in question,
only give the self signed .crt file (pem or der), not the private
key of the ca to the curl user.

Philippe de Rochambeau wrote:

> Hello,
>
> I am trying to connect to a secure server using curl.
>
> I have generated a Self-signed certificate using openssl and used that
> as curl's certificate parameter
>
> curl --cert self_signed.cert https://my.secure.server
>
> but to no avail because I get this message:
>
> curl: (35) unable to set private key file
>
> I wonder if this .cert should somehow be converted to pem format.
>
> Any help would be much appreciated.
>
> Cheers,
>
> Philippe
>
>
>
>

-- 
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité; 
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch. 

Received on 2005-09-06