Thanks Daniel for the reply.

I got this resolved by generating the combined key & cert file using
following command.

openssl pkcs12 -in client.p12 -out test1.pem -clcerts

Thanks,
Pavan

On Mon, Sep 26, 2011 at 7:36 PM, Pa1 <paonethestar_at_gmail.com> wrote:

> Hi,
>
>
> I'm using libcurl - 7.15.1 & OpenSSL - 0.9.7 on Win32 machine trying for
> client two way authentication.
>
> I'm using the below snipped for setting the certificate and key for client
> authentication.
>
> curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem");
>
> curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit");
>
> curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
>
> curl_easy_setopt(curl,CURLOPT_SSLKEY,"privateKey.pem");
>
> curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"changeit");
>
> curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
>
>
> certificate doesn't have password, still I'm giving same private key passwd
> to that.
>
> I keep getting following error persistantly ...
>
> *err unable to set private key file: 'C:\privateKey.pem' type PEM*
>
> -------------
> I've generated these client Certificate & private key file using following
> commands.
>
> openssl.exe pkcs12 -in client.p12 -nocerts -out privateKey.pem
>
> with PEM passwd.
>
> openssl.exe pkcs12 -in client.p12 -nokeys -out clientCert.pem
>
> That client.p12 works well with the browser.
> -------
> And verified both these cert & pvt key files with following commands.
>
> openssl x509 -noout -modulus -in clientCert.pem | openssl md5
>
> d7207cf82b771251471672dd54c59927
>
> openssl rsa -noout -modulus -in privateKey.pem | openssl md5
>
> Enter pass phrase for privateKey.pem:
>
> d7207cf82b771251471672dd54c59927
>
> Both these match and that confirms that there is no issue with these client
> cert & pvt key file.
> --------------
>
> Then I tried with command line with following command,
>
> $ curl --version
> curl 7.19.6 (i686-pc-cygwin) libcurl/7.19.6 OpenSSL/0.9.8n zlib/1.2.3
> libidn/1.18 libssh2/1.2
>
> $ curl --data-binary @"C:\myrequest.xml" --header "SOAPAction: " --header
> "Content-Type: text/xml" --cert c:\clientCert.pem --cert-type PEM --key
> c:\privkey.pem --key-type PEM --cacert c:\ca-bundle.crt
> https://mydomain.myco.com:443/soap -v
>
> It prompts for PEM passwd and then following error.
>
> * About to connect() to mydomain.myco.com port 443 (#0)
> * Trying 69.181.219.20... connected
> * Connected to mydomain.myco.com (69.181.219.20) port 443 (#0)
> Enter PEM pass phrase:
> * unable to set private key file: 'privateKey.pem' type PEM
> * Closing connection #0
> *curl: (58) unable to set private key file: 'privateKey.pem' type PEM*
>
> And then I tried appending both private key along with cert in a single
> file and tried following.
>
> $ curl --cert testCert.pem --Verbose -H "Content-Type: text/xml"
> https://mydomain.myco.com:443/soap
> * About to connect() to mydomain.myco.com port 443 (#0)
> * Trying 69.181.219.20... connected
> * Connected to mydomain.myco.com (69.181.219.20) port 443 (#0)
> Enter PEM pass phrase:
> * unable to set private key file: 'testCert.pem' type PEM
> * Closing connection #0
> *curl: (58) unable to set private key file: 'testCert.pem' type PEM*
>
> I don't have a clue what might be the issue. Is this libCurl bug or my
> setup ? Is there any know bug related this ?
>
> I've been trying this past one week, Please help me out. Any pointers would
> be greatly appreciated.
>
> Thanks,
> Pavan
>
>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-09-30