cURL / Mailing Lists / curl-users / Single Mail

curl-users

Using curl to have CA server sign CSR

From: Scott Taylor <sstaylor21671_at_gmail.com>
Date: Wed, 31 Mar 2010 12:06:24 -0400

Hi curl users! I am looking for help with an error I'm receiving when using
curl to have a locally generated CSR signed by remote CA servers (MS Server
2008). The process being used is as follows:

1. Obtain the server CA certificate (manually retrieved and stored locally)

2. Generate a local Certificate Signing Request
openssl req -new -newkey rsa:2048 -nodes -out servername_csr.csr \
  -keyout servername_key.key \
  -subj "/C=US/ST=MyState/L=MyCity/O=DBACompany/OU=SYSTEM/CN=my.server.com"

3. Check the Certificate Signing Request (CSR)
openssl req -text -noout -verify -in <filename>.csr

4. Check the site certificate
openssl x509 -in certificate.crt -text -noout

5. Since curl usage requires the PEM format, convert the local CA
certificate to a PEM format
openssl x509 -inform DES -in mysite_cert.cer -out mysite_cert.pem -text

Now all of the above works well until I get to the commands to push the CSR
and pull the newly signed certificate.:

6. curl --cacert mysite_cert.pem --data CertRequest=servername_csr.csr \

  -d Mode=newreq -d TargetStoreFlags=0 -d SaveCert=yes \

  --data-urlencode CertAttrib=\r\n \

  https://my.server.com/certsrv/certfnsh.asp

I receive an HTML response from the server indicating the file is probably
corrupt. I have confirmed there are no spaces or garbage after the last line
of the CSR file.

Does the CSR file have to be converted to a PEM format also first? Any
ideas? Thanks.

-- 
Brgds,
Scott
"Do or do not, there is no try!"
-Yoda, Jedi Master

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-31