curl-library
Re: Re: HTTPS certificates
Date: Thu, 2 Jan 2003 19:34:35 +0000
On Sun, 29 Dec 2002, Daniel Stenberg wrote:
>> I'm a novice programmer and SSL user however wish to write an app that uses
>> the SSL feature in libcURL. I have the SimpleSSL.c and have compiled it and
>> got it up and running, however at the moment i'm getting
>> CURLE_SSL_CERTPROBLEM,/* 58 - problem with the local certificate */ .
>> returned from the easy_perform. All the other functions of libcURL work
>> fine so i know its just down to my lack of SSL knowledge. So if anyone
>> could help me understand/direct how to generate:-
Ok I'm only getting the CURLE_SSL_CERTPROBLEM when i use the crypto engine. When i don't
and i use my own key i get an exception thrown (5, access denied).
>> 1) pCertFile
>The times I've needed client certificates I've converted one from my browser.
>Export a certificate. Then use openssl to convert it to PEM format.
I have successfully used openssl to create my pem file, using switch:-
openssl pkcs12 -in henry.pfx -out henry.pem
This created me a pem file, with a rsa private key and a certificate inside it.
>> 2) pCACertFile
>There's a CA cert bundle included with curl releases. That should do for most
>signed server certificates. If the server uses a self-signed certificate you
>need to get a CA cert from that somehow. I don't know how to do that.
Took your advice here and am using the ca-bundle.crt file.
>> 3) pKeyName
>You can get that the same way you get the client certificate.
Set this to be the same as pCertFile. So "Henry.pem"
>> 4) pKeyType
>You most likely use PEM as that's an open and frequently used format when you
>play with OpenSSL.
Set this to be "PEM"
I'm just trying to connect to any SSL server at the mo and trying to connect to
https://www.ebank.hsbc.co.uk
just as a test. When i browse to this site with IE it doesn't ask me to Ok any
certs so i presume that the ca-bundle will work in cURLs case.
cheers
Henry
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-01-02