cURL / Mailing Lists / curl-library / Single Mail


Re: Connecting using client certificates

From: Ben Noordhuis <>
Date: Mon, 21 Mar 2011 17:20:31 +0100

On Mon, Mar 21, 2011 at 17:07, plot.lost <> wrote:
> I am trying to connect to a systems (https) that requires client
> certificates, using the curl_easy interface.
> I think I've set the required options (CURLOPT_SSLCERT and CURLOPT_SSLKEY)
> but the connection gets rejected.
> According to the system I am connecting to, it's because the client
> certificate "does not have the chaining setup. The Root and CA should be
> trusted"
> Now, I thought that the server held these and uses them to verify the client
> certificate. If that is not the case, does anyone have any clues as to what
> I need to do? I've tried adding the CA and Root certificates into the same
> file that holds the client certificate, that made no difference. Is there an
> additional curl_easy_setopt that needs to be done to add this "chaining
> setup"?
> I can confirm that the client certificate has been signed by the correct CA,
> but for some reason the system rejects the connection and this is the reason
> they give.

You can point libcurl to the CA or CAs with CURLOPT_CAINFO and
CURLOPT_CAPATH. The first option takes a filename, the second one the
name of a directory containing certificates (e.g. "/etc/ssl/certs/").
List admin:
Received on 2011-03-21