I'm facing the same result with the command line curl when I tried with the client certificate and private key concatenated:
curl --cert concatenatedCert.pem --cert-type PEM --cacert cabundle.crt https://inaveo:8775/DataIntegrationService/WebService/WS_test/ Enter PEM pass phrase: curl: (58) unable to set private key file: 'concatenatedCert.pem' type PEM From: [email protected] [mailto:[email protected]] On Behalf Of Jayaprakasam, Kannan Sent: 25 May 2011 20:26 To: libcurl development Subject: RE: Unable to use libcurl to a site requiring client authentication Here is proof that the private key and the certificate correspond to each other: [debugbld@nagara ~/curlm]$ openssl x509 -noout -modulus -in clientCert.pem | openssl md5 d7207cf82b771251471672dd54c59927 [debugbld@nagara ~/curlm]$ openssl rsa -noout -modulus -in privateKey.pem | openssl md5 Enter pass phrase for privateKey.pem: d7207cf82b771251471672dd54c59927 So why can't it work? From: [email protected] [mailto:[email protected]] On Behalf Of Jayaprakasam, Kannan Sent: 25 May 2011 17:36 To: [email protected] Subject: Unable to use libcurl to a site requiring client authentication Importance: High I'm using the below snipped for setting the certificate and key for client authentication. curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem"); curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit"); curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); curl_easy_setopt(curl,CURLOPT_SSLKEY,"privateKey.pem"); curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"changeit"); curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM"); The certificate doesn't have a password, I don't know why on earth the option SSLCERTPASSWD exists, I just provided a dummy value. When I run the program on Linux I get an error code of 58 and an error message unable to set private key file: 'privateKey.pem' type PEM On Windows however I get unable to use client certificate (no key found or wrong pass phrase?) It seems to suggest the certificate and the key don't match but I don't know how. I have extracted both the cert and the key from a p12 file using openssl commands. I'm attaching the p12 file, certificate and the key, in case you want to verify the contents. The command I used to extract the key is openssl.exe pkcs12 -in client.p12 -nocerts -out privateKey.pem and the command used to extract the cert is openssl.exe pkcs12 -in client.p12 -nokeys -out clientCert.pem The p12 file has been successfully used in a browser to access the client authentication url. Please help before I shoot myself. Thanks kannan
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
