The certificate can be an ASN1 or PEM format file.  To use a certificate,
you must also have a private key file (also in PEM or ASN1 format).  The
certificate must be the public key for the private key file.  Both of these
files can be created using the openssl utility.

Example:
Generate a 1024 bit private key file, encoded with 3DES password found in
the file 3des.key and output the private key to rsa.prv:

openssl genrsa -rand random.file -des3 -passout file:3des.key -out rsa.prv
1024

Generate a certificate request based on the private key and output the
certificate request to cert.req (note my.config is a config file based on
the format in the documentation):

openssl req -new -config my.config -key rsa.prv -passin file:3des.key -out
cert.req

If you have a CA (Entrust, etc.) send the the cert.req file to get the
certificate.  For testing you can use the openssl's CA utility:

openssl ca -config testCA.config -in cert.req -out cert.cert

For the client code to actually utilize the rsa.prv file and the cert.cert
file (from the above example) check out the API:
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file

This should be enough to get you in trouble.  If any of this is wrong,
sorry!

Jon
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Randall Ward
> Sent: Wednesday, August 09, 2000 1:28 PM
> To: '[EMAIL PROTECTED]'
> Subject: please help with understanding client authentication
>
>
> I've been building a small https client & everything has gone quite well.
> Now I've been told that I need to include support for client
> authentication
> using a standard x.509 certificate & I am stumped.
>
> Is the certificate just going to be a file?

>Do I just have to set
> a path to
> it, or is there some sort of installation that I need to do?
>
> As you can tell, I'm at a real basic level with this one. I've
> looked at the
> command line tool documentation, but I don't know what I'm looking for.
>
> Any help at all would be most useful.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to