cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: How and what should be used when doing a SSL-request with client cert?

From: Jonny Andersson <curl-user_at_jonand.se>
Date: Fri, 03 Sep 2010 11:22:49 +0200

Thanks for your information, I really appreciate that! I have also
asked for help with this at another forum and have now begin to
understand more about what I have to supply to the cURL-request to get
this to work. One thing is that the test-cert I have got seems to be in
an another format (not readable as normal text when opened in a text
editor) that maybe not is supported, I transformed it to PEM (something
readable in a text editor) with this command in yesterday:

openssl x509 -inform DES -in ClientCert.crt -out ClientCert.cer -text

Due to a lot of meetings and a short day because of travel will I
unfortunately not have time to look much at this today but I will follow
up this as help for others when I have got it to work and in case of
need ask more questions in the beginning of the next week.

A lot of thanks for your help so far!

/Jonny

On 2010-09-02 23:35, Daniel Stenberg wrote:
> On Thu, 2 Sep 2010, Jonny Andersson wrote:
>
>> I am trying to make a request to a web service with SSL and client
>> cert authentication. I am unfortunately not quite familiar of using a
>> client certificate from other applications either. Anyway, I have
>> added the param --cert and the path to a certificate file to the
>> command line for cURL but I get a
>
> The man page for --cert explains:
>
> Note that this option assumes a "certificate" file that is the
> private key
> and the private certificate concatenated!
>
>> curl: (58) unable to use client certificate (no key found or wrong
>> pass phrase?)
>
> It is actually the private key that needs the pass phrase.
>
>> Also, is it expected to have a certain encoding(DER, PEM, ..)?
>
> It assumes PEM by default, you can switch with --cert-type.
>
>> I have tried this with an ordinary certificate file that at my
>> Windows-computer has the extension .cer and which is a certificate
>> signed of a CA-certificate. But this seems to be wrong.
>
> That does indeed sound wrong.
>
>> Also, the only password connected to that cert in some way I know
>> about is the password used for the private key for the CA certificate
>
> Why do you have a private key for the CA certificate? I don't understand.
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-09-03

This message: [ Message body ]
Next message: Roland M�sl: "Re: Desperate about the deadline 16th August"
Previous message: Daniel Stenberg: "Re: How and what should be used when doing a SSL-request with client cert?"
In reply to: Daniel Stenberg: "Re: How and what should be used when doing a SSL-request with client cert?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]