Re: cURL / SSL problem
Date: Thu, 03 Jan 2002 18:15:50 +0100
Tom Reader wrote:
> > > However, when using the SSL-enabled site, I use:
> > >
> > > curl --data-binary @data-file https://www.whatever.com:nnn/receive.pl
> > >
> > > I receive the error:
> > >
> > > curl: (35) SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> > > certificate
> > >
> > > <snip>
> > > Can anyone give me any other ideas on how to move forward with this
> > > problem? Any help would be very much appreciated.
> >I think it looks like the server requires you to pass on a certificate so
> >that it can verify that you are who you say you are, but your command line
> >doesn't specify any certificate!
> Dan, thanks for your help. It's appreciated.
> That has moved me onto a different problem, which still concerns the keys /
> I am now using the command line:
> curl --data-binary @send.txt https://xxx.xxx.xxx.xxx:nnnn/receive.sh -v -E cert
> where the file 'cert' contains my certificate. This is a server
> certificate issued by verisign - maybe the problem is caused by the fact
> that it's a server certificate?
A server sends a list of accepted issuer certificates.
If your cert was issued by one of these certificates,
But normally client certificates and server certificates
are signed with different keys and have different issuer certificates...
> Anyway, I am receiving the error:
> * Closing connection #0
> curl: (35) unable to set public key file
> I can confirm that the certificate file in question ('cert') is recognised
> by openssl's 'x509' program as being a PEM certificate. However, this is
> my *public* certificate, which as I understand SSL, is what I should be
> sending to the remote. The documentation mentions private certificates,
> which is a concept I don't understand - I thought there was only a public
> certificate, which is linked to the private key. Can you confirm which I
> should be using, and whether it matters where the files are located, etc?
That is the reason in a later version of cURL
cou can set the certificate / private key / passphrase for private key
with seperate parameters (and you can use a private key in in
a crypto device...)
-- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature