8 Jan 2009 15:53
RE: Error code 58: unable to set private key file?
Dan Brown <danb <at> zu.com>
2009-01-08 14:53:22 GMT
2009-01-08 14:53:22 GMT
On Thurs, Jan 8 2009, Daniel Stenberg wrote: > On Wed, 7 Jan 2009, Dan Brown wrote: > > > curl_setopt($ch, CURLOPT_SSLCERT, getcwd() .'/site-dev.crt'); > > > > I do realize of course it is asking for a private key, so is there a way to > > get it to use the public key instead? > > No. When you use a client certificate, you always also provide a > private key (and the associated passphrase for it). There's no escape from that. Well that is what I had thought as well. I am dealing with a third party which requires HTTPS with client authentication. I provided my public key, as well as a PKCS12 digital id generated from the private and public keys since the public key itself wont import into a browser or any other app whereas a PKCS12 will. They provided us with only public keys. I am guessing they have their end setup something like what is described here: http://msdn.microsoft.com/en-us/library/aa302412.aspx Maybe I should simply be connecting and posting their public certificate immediately as a part of the headers? Eg. Client Certificate --------BEGIN CERTIFICATE----------- .... --------END CERTIFICATE----------- When I attempt a connection (using curl from the command line or openssl) I usually get a response like: verify error:num=20:unable to get local issuer certificate verify return:1 verify error:num=27:certificate not trusted verify return:1 verify error:num=21:unable to verify the first certificate verify return:1 te8949:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42 8949:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: Which tells me it's either not liking their client certificate I present, or is not getting the certificate at all. ___________________________________________________ Dan Brown zu.com communications Design - Development - Programming ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 324 Duchess Street Saskatoon, SK S7K 0R1 tel.1.306.653.4747 fax.1.306.653.4774 http://www.zu.com zu.com - now on your mobile device! _______________________________________________ http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php