cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

RE: Error code 58: unable to set private key file?

From: Dan Brown <danb_at_zu.com>
Date: Thu, 8 Jan 2009 08:53:22 -0600

On Thurs, Jan 8 2009, Daniel Stenberg wrote:
> On Wed, 7 Jan 2009, Dan Brown wrote:
>
> > curl_setopt($ch, CURLOPT_SSLCERT, getcwd() .'/site-dev.crt');
> >
> > I do realize of course it is asking for a private key, so is there a way
to
> > get it to use the public key instead?
>
> No. When you use a client certificate, you always also provide a
> private key (and the associated passphrase for it). There's no escape from
that.

Well that is what I had thought as well. I am dealing with a third party
which requires HTTPS with client authentication. I provided my public key,
as well as a PKCS12 digital id generated from the private and public keys
since the public key itself wont import into a browser or any other app
whereas a PKCS12 will. They provided us with only public keys. I am
guessing they have their end setup something like what is described here:

http://msdn.microsoft.com/en-us/library/aa302412.aspx

Maybe I should simply be connecting and posting their public certificate
immediately as a part of the headers?

Eg.
Client Certificate
--------BEGIN CERTIFICATE-----------
....
--------END CERTIFICATE-----------

When I attempt a connection (using curl from the command line or openssl) I
usually get a response like:

verify error:num=20:unable to get local issuer certificate
verify return:1
verify error:num=27:certificate not trusted
verify return:1
verify error:num=21:unable to verify the first certificate
verify return:1
te8949:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1052:SSL alert number 42
8949:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:

Which tells me it's either not liking their client certificate I present, or
is not getting the certificate at all.

___________________________________________________
Dan Brown
zu.com communications
Design - Development - Programming
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
324 Duchess Street Saskatoon, SK S7K 0R1
tel.1.306.653.4747 fax.1.306.653.4774
http://www.zu.com

zu.com - now on your mobile device!

_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2009-01-08

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: Error code 58: unable to set private key file?"
Previous message: Daniel Stenberg: "Re: Error code 58: unable to set private key file?"
In reply to: Daniel Stenberg: "Re: Error code 58: unable to set private key file?"
Next in thread: Daniel Stenberg: "RE: Error code 58: unable to set private key file?"
Reply: Daniel Stenberg: "RE: Error code 58: unable to set private key file?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]