Daniel,

I just wanted to drop a line to let you know that we resolved our
certificate issue. I believe we were provided a bad certificate from the
bank for the test system. I converted the production certificate to pem and
tried to upload to the production machine and was successful.

Thanks very much for your help!

On 12/29/06, Randall Williams <randall.williams_at_gmail.com> wrote:
>
> Hi Daniel,
>
> I very much appreciate your time and help.
>
> > We were provided a certificate in .cer format. We used OPENSSL to
> convert
> > the certificate to .PEM. As you can see above, we are using the --cacert
>
> > command to point to the .pem certificate we created.
>
> >>And the cert you got truly is a CA cert?
>
> It's a cert provided by the bank we are connecting to from Verisign, so
> I'm assuming that it's a CACERT. Perhaps I shouldn't assume. How can I tell
> if it's a CA cert?
>
> > The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> > routines:ASN1_CHECK_TLEN:wrong tag.
>
> >>To me, it sounds like OpenSSL doesn't like the certificate file.
>
> You may be correct. I just spoke to our contact at the bank, who tells me
> he tried the cert I was using to connect to the test system with no luck.
> I'm going to try again using the production address and cert per his advice.
>
>
> In your experience, if cURL is using a certificate in .pem format, should
> there be a matching certificate also in .pem format on the recipient's end,
> or does it matter? The certs e got from the bank were in .cer format before
> we converted using openssl.
>
> Thanks so much for your reply. I very much appreciate it.
>
> Randall
>
>
>
>
> On 12/29/06, Daniel Stenberg <daniel_at_haxx.se> wrote:
> >
> > On Thu, 28 Dec 2006, Randall Williams wrote:
> >
> > > Our issue seems to be related to the certificate, as if we send using
> > FTP
> > > without SSL, the transmission goes fine.
> >
> > You could also try with -k to skip the ca cert stuff, just to see if it
> > works
> > without it.
> >
> > > We were provided a certificate in .cer format. We used OPENSSL to
> > convert
> > > the certificate to .PEM. As you can see above, we are using the
> > --cacert
> > > command to point to the .pem certificate we created.
> >
> > And the cert you got truly is a CA cert?
> >
> > > The error we are receiving is curl (35) error:0D0680A8:asn1 encoding
> > > routines:ASN1_CHECK_TLEN:wrong tag.
> >
> > To me, it sounds like OpenSSL doesn't like the certificate file.
> >
> > --
> > Commercial curl and libcurl Technical Support:
> > http://haxx.se/curl.html
> >
>
>
Received on 2006-12-29