cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-users Mailing List Archives

Re: Help with SSL certificates for FTP please...

From: Randall Williams <randall.williams_at_gmail.com>
Date: Fri, 29 Dec 2006 09:09:42 -0500

Hi Daniel,

I very much appreciate your time and help.

> We were provided a certificate in .cer format. We used OPENSSL to convert
> the certificate to .PEM. As you can see above, we are using the --cacert
> command to point to the .pem certificate we created.

>>And the cert you got truly is a CA cert?

It's a cert provided by the bank we are connecting to from Verisign, so I'm
assuming that it's a CACERT. Perhaps I shouldn't assume. How can I tell if
it's a CA cert?

> The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag.

>>To me, it sounds like OpenSSL doesn't like the certificate file.

You may be correct. I just spoke to our contact at the bank, who tells me he
tried the cert I was using to connect to the test system with no luck. I'm
going to try again using the production address and cert per his advice.

In your experience, if cURL is using a certificate in .pem format, should
there be a matching certificate also in .pem format on the recipient's end,
or does it matter? The certs e got from the bank were in .cer format before
we converted using openssl.

Thanks so much for your reply. I very much appreciate it.

Randall

On 12/29/06, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> On Thu, 28 Dec 2006, Randall Williams wrote:
>
> > Our issue seems to be related to the certificate, as if we send using
> FTP
> > without SSL, the transmission goes fine.
>
> You could also try with -k to skip the ca cert stuff, just to see if it
> works
> without it.
>
> > We were provided a certificate in .cer format. We used OPENSSL to
> convert
> > the certificate to .PEM. As you can see above, we are using the --cacert
> > command to point to the .pem certificate we created.
>
> And the cert you got truly is a CA cert?
>
> > The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> > routines:ASN1_CHECK_TLEN:wrong tag.
>
> To me, it sounds like OpenSSL doesn't like the certificate file.
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2006-12-29

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET