Hi Daniel,
Believe it or not, I have just got this working and was about to email you.

Yes, you're correct, the original p12 file apparently includes a CA cert
plus a client cert. I sort of figured this, but could not hit on the
right combination to save my life. Also, I was not even sure that
splitting them would not make matters worse, that possibly openssl would
be smart enough to figure these things out..

    openssl pkcs12 -in cert.p12 -out ca.pem -cacert -nokeys (for the ca
cert)
    openssl pkcs12 -in cert.p12 -out client.pem -clcert (for the client
cert, must enter pass phrase)
and then...
    curl --cacert ca.pem --cert client.pem:password bla, bla, bla...

As it turned out, the solution was very easy, but *finding* the solution
is a different matter, especially when you're new to ssl and don't even
really know what you're working with (the certificate was emailed to
me), and don't even know what questions to ask. Although I think it's
ashamed it has to be this way, I absolutely do appreciate all of you
help... you were the only one that responded and I know you were trying
your best help.

Hal Williams
Williams Data Services

Daniel Stenberg wrote:

> On Sat, 21 May 2005, Hal Williams wrote:
>
>> So, I suppose the specified pem certificate is doing *something* right?
>
>
> Possibly you have a ca cert, a client cert and the private key in that
> single PEM file.
>
Received on 2005-05-23