Hi, I'm a newbie to SSL and OPenSSL. I use a apache server with mod_ssl which accept client certificates. With my browser where I installed a client certificate, I can connect with my Apache server. In the goal of making perf tests, I want to use s_client instead of my Web Browser. So I exported my certificate as a pkcs12 file, and used the openssl pkcs12 command to get my certificate and my private key. openssl pkcs12 -in my_cert.pkcs12 -clcerts -out my_cert_key In my_cert_key, there is two parts : the certificate and the private key : ----BEGIN RSA PRIVATE KEY ------- brvgiehqg ..... ----END RSA PRIVATE KEY--------- ----BEGIN CERTIFICATE ----------- fjdgiubrtls..... ----END CERTIFICATE ------------- then I executed the s_client command. openssl s_client -connect <ip-address>:port -CAFile filename -cert my_cert_key And then I got an error message : 24983:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:956:SSL alert number 42 24983:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216: in my apache error log I got : 05/Sep/2000 11:19:47 23512] [error] Certificate Verification: Error (20): unable to get local issuer certificate [05/Sep/2000 11:19:47 23512] [error] SSL handshake failed (server poum1.pim.fr:443, client 164.7.70.225) (OpenSSL library error follows) [05/Sep/2000 11:19:47 23512] [error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned What is the problem? Why does it work with my browser and not with s_client while they use the same certificate? Thank for any help Arnaud ____________________________________________ Arnaud Megret ([EMAIL PROTECTED]) Cegetel ____________________________________________ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
