Babineau, Denis wrote:
I need to implement a client side certificate model for SSL, specifically, the client side (the server side is developped by another party of which I won't have access to until the end of the implementation). The Key exchange algo. used will be RSA and the encryption used will be 3-DES.
I assume you want to: Use SSL communication with: Server uses RSA key to authenticate. Client uses some key to authenticate.
Can someone explain to me how this would be accomplished and which peer would need what? (am I correct to assume that the server will only need the public key and the client will only need the matching digital certificate?)
You need: Server: * own private key * own certificate * CA certificates that issue client certificates * optional, but good: own CA certificate chain Client: * own private key * own certificate * CA cerificate that issued server certificate
Client side: If you only only have this key / certificate, you can set it with: SSL_CTX_use_PrivateKey...() SSL_CTX_use_certificate...()
You set the CA file to verify the peer with: SSL_CTX_load_verify_locations()
Do the SSL and be happy...
Bye
Goetz
-- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
smime.p7s
Description: S/MIME Cryptographic Signature