Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Help with SSL certificates for FTP please...

From: Randall Williams <randall.williams_at_gmail.com>
Date: Fri, 29 Dec 2006 09:09:42 -0500

Hi Daniel,

I very much appreciate your time and help.

> We were provided a certificate in .cer format. We used OPENSSL to convert
> the certificate to .PEM. As you can see above, we are using the --cacert
> command to point to the .pem certificate we created.

>>And the cert you got truly is a CA cert?

It's a cert provided by the bank we are connecting to from Verisign, so I'm
assuming that it's a CACERT. Perhaps I shouldn't assume. How can I tell if
it's a CA cert?

> The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag.

>>To me, it sounds like OpenSSL doesn't like the certificate file.

You may be correct. I just spoke to our contact at the bank, who tells me he
tried the cert I was using to connect to the test system with no luck. I'm
going to try again using the production address and cert per his advice.

In your experience, if cURL is using a certificate in .pem format, should
there be a matching certificate also in .pem format on the recipient's end,
or does it matter? The certs e got from the bank were in .cer format before
we converted using openssl.

Thanks so much for your reply. I very much appreciate it.

Randall

On 12/29/06, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> On Thu, 28 Dec 2006, Randall Williams wrote:
>
> > Our issue seems to be related to the certificate, as if we send using
> FTP
> > without SSL, the transmission goes fine.
>
> You could also try with -k to skip the ca cert stuff, just to see if it
> works
> without it.
>
> > We were provided a certificate in .cer format. We used OPENSSL to
> convert
> > the certificate to .PEM. As you can see above, we are using the --cacert
> > command to point to the .pem certificate we created.
>
> And the cert you got truly is a CA cert?
>
> > The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> > routines:ASN1_CHECK_TLEN:wrong tag.
>
> To me, it sounds like OpenSSL doesn't like the certificate file.
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2006-12-29